154100x8000000000000000398788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:27.229{ec2b6afe-aea3-61c1-68c4-9ab58b550000}9753/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 534500x8000000000000000398789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:27.240{ec2b6afe-aea3-61c1-68c4-9ab58b550000}9753/bin/psroot 11241100x8000000000000000398790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:27.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa461d97df9994aa2021-12-21 10:38:27.692root 11241100x8000000000000000398791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489b902c8ac343822021-12-21 10:38:27.693root 354300x8000000000000000398792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:28.037{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47390-false10.0.1.12-8000- 11241100x8000000000000000398793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:28.038{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18596c2540c1cef32021-12-21 10:38:28.038root 11241100x8000000000000000398794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:28.038{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11aaadfe01997e502021-12-21 10:38:28.038root 11241100x8000000000000000398795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:28.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.469b75378df4b0242021-12-21 10:38:28.442root 11241100x8000000000000000398796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3494d7da29f5240c2021-12-21 10:38:28.443root 11241100x8000000000000000398797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.924873ac51e2434c2021-12-21 10:38:28.443root 11241100x8000000000000000398798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:28.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c42b53dddb6e72c2021-12-21 10:38:28.942root 11241100x8000000000000000398799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce6bd1fa32eab872021-12-21 10:38:28.943root 11241100x8000000000000000398800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1665c9a498dbf8fe2021-12-21 10:38:28.943root 11241100x8000000000000000398801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:29.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d61a03912421b6cf2021-12-21 10:38:29.442root 11241100x8000000000000000398802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c7aa3aeba78d5982021-12-21 10:38:29.443root 11241100x8000000000000000398803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aef1dbf369400f22021-12-21 10:38:29.443root 11241100x8000000000000000398804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:29.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ef0ed8758a48562021-12-21 10:38:29.942root 11241100x8000000000000000398805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fe88f6353f80f562021-12-21 10:38:29.943root 11241100x8000000000000000398806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc52516318cab0bf2021-12-21 10:38:29.943root 11241100x8000000000000000398807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:30.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76aebda7a80449842021-12-21 10:38:30.442root 11241100x8000000000000000398808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c2464ba961d01dd2021-12-21 10:38:30.443root 11241100x8000000000000000398809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a0248ed64b2f712021-12-21 10:38:30.443root 11241100x8000000000000000398810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:30.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebb497c5e30bf2702021-12-21 10:38:30.942root 11241100x8000000000000000398811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7fca10c7efd07ae2021-12-21 10:38:30.943root 11241100x8000000000000000398812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26611ae80838176f2021-12-21 10:38:30.943root 11241100x8000000000000000398813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:31.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97111fb677ebbfd22021-12-21 10:38:31.442root 11241100x8000000000000000398814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ef37ba6db3638b2021-12-21 10:38:31.443root 11241100x8000000000000000398815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eefb1b96fe2cfe742021-12-21 10:38:31.443root 11241100x8000000000000000398816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:31.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e529cea8e380fd2d2021-12-21 10:38:31.942root 11241100x8000000000000000398817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.730f038fe147e9382021-12-21 10:38:31.943root 11241100x8000000000000000398818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ad7727da760e912021-12-21 10:38:31.943root 11241100x8000000000000000398819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:32.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374df72f834764d02021-12-21 10:38:32.442root 11241100x8000000000000000398820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9bee4161120f76c2021-12-21 10:38:32.443root 11241100x8000000000000000398821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a9b64e83c101dff2021-12-21 10:38:32.443root 11241100x8000000000000000398822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:32.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.210ec009aed1e84b2021-12-21 10:38:32.942root 11241100x8000000000000000398823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5047dfc02e09ac462021-12-21 10:38:32.943root 11241100x8000000000000000398824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d7fa29eb356e5c2021-12-21 10:38:32.943root 354300x8000000000000000398825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:33.166{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47392-false10.0.1.12-8000- 11241100x8000000000000000398826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:33.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9899154d82b678742021-12-21 10:38:33.442root 11241100x8000000000000000398827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9cf9bcf426fcf72021-12-21 10:38:33.443root 11241100x8000000000000000398828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1044b4719bb6eb4e2021-12-21 10:38:33.443root 11241100x8000000000000000398829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.127e37c218fd68e32021-12-21 10:38:33.443root 11241100x8000000000000000398830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:33.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ace92dc10e958602021-12-21 10:38:33.942root 11241100x8000000000000000398831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bab19fe202e110c2021-12-21 10:38:33.943root 11241100x8000000000000000398832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58cc0347195408c22021-12-21 10:38:33.943root 11241100x8000000000000000398833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1232812727acc83f2021-12-21 10:38:33.943root 11241100x8000000000000000398834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:34.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a8d15756e6d9932021-12-21 10:38:34.442root 11241100x8000000000000000398835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c22489d79191964f2021-12-21 10:38:34.443root 11241100x8000000000000000398836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.998000bd57d31cb52021-12-21 10:38:34.443root 11241100x8000000000000000398837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93003d3d90607bd62021-12-21 10:38:34.443root 11241100x8000000000000000398838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:34.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c33517915d16f3f2021-12-21 10:38:34.942root 11241100x8000000000000000398839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a57fd02773567272021-12-21 10:38:34.943root 11241100x8000000000000000398840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b61a89a69f057d02021-12-21 10:38:34.943root 11241100x8000000000000000398841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b37e5d8f232c237b2021-12-21 10:38:34.943root 11241100x8000000000000000398842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:35.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f810a1f4dd2f5a102021-12-21 10:38:35.442root 11241100x8000000000000000398843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69baf157afa156522021-12-21 10:38:35.443root 11241100x8000000000000000398844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e027245378829ed32021-12-21 10:38:35.443root 11241100x8000000000000000398845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f9f4ce141e6d6c2021-12-21 10:38:35.443root 11241100x8000000000000000398846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:35.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d69d2eeacbcc7a232021-12-21 10:38:35.942root 11241100x8000000000000000398847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bb4504d5b431f212021-12-21 10:38:35.943root 11241100x8000000000000000398848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00fb45b05d2e9a3f2021-12-21 10:38:35.943root 11241100x8000000000000000398849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f63079731dcdcd112021-12-21 10:38:35.943root 11241100x8000000000000000398850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:36.345{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 10:38:36.345root 11241100x8000000000000000398851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:36.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e246dabe12eb16a52021-12-21 10:38:36.346root 11241100x8000000000000000398852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:36.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ed64a848fad59b2021-12-21 10:38:36.346root 11241100x8000000000000000398853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:36.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48404715e6b81b632021-12-21 10:38:36.346root 11241100x8000000000000000398854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:36.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a39cfebfd4344a0e2021-12-21 10:38:36.346root 11241100x8000000000000000398855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:36.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c582570b334b2f02021-12-21 10:38:36.346root 11241100x8000000000000000398856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888bfa4ee52916ae2021-12-21 10:38:36.693root 11241100x8000000000000000398857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4dc4bb72208daae2021-12-21 10:38:36.693root 11241100x8000000000000000398858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8464dcadb2c44ab42021-12-21 10:38:36.693root 11241100x8000000000000000398859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fe44f5f63dde1562021-12-21 10:38:36.693root 11241100x8000000000000000398860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efaf1b8198e0a29e2021-12-21 10:38:36.693root 11241100x8000000000000000398861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5362fe87ea222de82021-12-21 10:38:37.193root 11241100x8000000000000000398862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c71a131beb1fde22021-12-21 10:38:37.193root 11241100x8000000000000000398863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ffe77916c36ae02021-12-21 10:38:37.193root 11241100x8000000000000000398864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.287ad4cf93cd362e2021-12-21 10:38:37.193root 11241100x8000000000000000398865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58063184f4e21c522021-12-21 10:38:37.193root 11241100x8000000000000000398866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.790a78a9982df3522021-12-21 10:38:37.693root 11241100x8000000000000000398867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd933daaff08b4b72021-12-21 10:38:37.693root 11241100x8000000000000000398868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cef4b6f34081afa2021-12-21 10:38:37.693root 11241100x8000000000000000398869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd6301d8fae711252021-12-21 10:38:37.693root 11241100x8000000000000000398870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac17a949b56c0172021-12-21 10:38:37.693root 11241100x8000000000000000398871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.938c204bd26bc8362021-12-21 10:38:38.193root 11241100x8000000000000000398872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c8c98854c05957e2021-12-21 10:38:38.193root 11241100x8000000000000000398873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c88af9ee8751f5402021-12-21 10:38:38.193root 11241100x8000000000000000398874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c080ee4b723e8f2f2021-12-21 10:38:38.193root 11241100x8000000000000000398875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dafc8474f46764bb2021-12-21 10:38:38.193root 11241100x8000000000000000398876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aedd09799a92658d2021-12-21 10:38:38.693root 11241100x8000000000000000398877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ef6a1d1307a8f12021-12-21 10:38:38.693root 11241100x8000000000000000398878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc3e7584eb17ac2d2021-12-21 10:38:38.693root 11241100x8000000000000000398879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9445d79d8fc094dd2021-12-21 10:38:38.693root 11241100x8000000000000000398880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d30c97c6a9983e4d2021-12-21 10:38:38.693root 354300x8000000000000000398881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:39.098{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47394-false10.0.1.12-8000- 11241100x8000000000000000398882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:39.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3481e36678474c642021-12-21 10:38:39.099root 11241100x8000000000000000398883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:39.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f55d5752609076f2021-12-21 10:38:39.099root 11241100x8000000000000000398884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:39.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5972f7eaafe1f52a2021-12-21 10:38:39.099root 11241100x8000000000000000398885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:39.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecb6bd13eb80a7012021-12-21 10:38:39.099root 11241100x8000000000000000398886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:39.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e8cd757dd626b52021-12-21 10:38:39.099root 11241100x8000000000000000398887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:39.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab645f99107ed97d2021-12-21 10:38:39.099root 23542300x8000000000000000398888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:39.347{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000398889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f3151b2a977de0d2021-12-21 10:38:39.443root 11241100x8000000000000000398890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c2432440fa4b1e62021-12-21 10:38:39.443root 11241100x8000000000000000398891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.529978efc4f6d4a42021-12-21 10:38:39.443root 11241100x8000000000000000398892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ce80941c5ac5c0a2021-12-21 10:38:39.443root 11241100x8000000000000000398893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b68a78a59ea04372021-12-21 10:38:39.443root 11241100x8000000000000000398894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deed6697930ac1a42021-12-21 10:38:39.443root 11241100x8000000000000000398895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3936f4bcbe6193662021-12-21 10:38:39.443root 11241100x8000000000000000398896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce5ffe40bd69795e2021-12-21 10:38:39.943root 11241100x8000000000000000398897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34fe6e515b54e3622021-12-21 10:38:39.943root 11241100x8000000000000000398898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e01e95d73893562021-12-21 10:38:39.943root 11241100x8000000000000000398899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a66b3831b2292bdf2021-12-21 10:38:39.943root 11241100x8000000000000000398900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda74b80dadb6e202021-12-21 10:38:39.943root 11241100x8000000000000000398901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b113a2477215d6c2021-12-21 10:38:39.943root 11241100x8000000000000000398902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51187a303a1ba7052021-12-21 10:38:39.943root 11241100x8000000000000000398903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f21aa476a7e979d42021-12-21 10:38:40.443root 11241100x8000000000000000398904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a1956ce4d700e72021-12-21 10:38:40.443root 11241100x8000000000000000398905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9da2ee865f7e8d102021-12-21 10:38:40.443root 11241100x8000000000000000398906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.553a28eceb7d759c2021-12-21 10:38:40.443root 11241100x8000000000000000398907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d5f46718ca908b2021-12-21 10:38:40.443root 11241100x8000000000000000398908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e465a5a1221d0f2021-12-21 10:38:40.443root 11241100x8000000000000000398909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05cf018de18250bf2021-12-21 10:38:40.443root 11241100x8000000000000000398910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4552d8f5f8f90e812021-12-21 10:38:40.943root 11241100x8000000000000000398911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb0a01da7cbe9d522021-12-21 10:38:40.943root 11241100x8000000000000000398912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51a0af393253ff452021-12-21 10:38:40.943root 11241100x8000000000000000398913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a98499547d1a362021-12-21 10:38:40.943root 11241100x8000000000000000398914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec29b78a753511b2021-12-21 10:38:40.943root 11241100x8000000000000000398915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb84f0e760a24c72021-12-21 10:38:40.943root 11241100x8000000000000000398916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ae603f4169fdc72021-12-21 10:38:40.943root 11241100x8000000000000000398917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a56180473f8d3d7e2021-12-21 10:38:41.443root 11241100x8000000000000000398918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.259d115964b58e1f2021-12-21 10:38:41.443root 11241100x8000000000000000398919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa6c84202c3f8edb2021-12-21 10:38:41.443root 11241100x8000000000000000398920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8be0a86631504c82021-12-21 10:38:41.443root 11241100x8000000000000000398921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ae4bef244fbaa92021-12-21 10:38:41.443root 11241100x8000000000000000398922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b32037c115461272021-12-21 10:38:41.443root 11241100x8000000000000000398923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d3f6db8986e60d2021-12-21 10:38:41.443root 11241100x8000000000000000398924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07725ba3c45359e2021-12-21 10:38:41.943root 11241100x8000000000000000398925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4960e322ac73aac2021-12-21 10:38:41.943root 11241100x8000000000000000398926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e77058482ff7dca2021-12-21 10:38:41.943root 11241100x8000000000000000398927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a138d58531155c82021-12-21 10:38:41.943root 11241100x8000000000000000398928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c76b53b1dc2f888b2021-12-21 10:38:41.943root 11241100x8000000000000000398929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb084f03e3cc2d642021-12-21 10:38:41.943root 11241100x8000000000000000398930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49672a7650f16bbe2021-12-21 10:38:41.943root 11241100x8000000000000000398931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b46d3f77960336092021-12-21 10:38:42.443root 11241100x8000000000000000398932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d62ab77bb4a0aa892021-12-21 10:38:42.443root 11241100x8000000000000000398933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2217ffe784766722021-12-21 10:38:42.443root 11241100x8000000000000000398934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb37827aa671a4262021-12-21 10:38:42.443root 11241100x8000000000000000398935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.451c8f9de194a07a2021-12-21 10:38:42.443root 11241100x8000000000000000398936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0963823bacf81762021-12-21 10:38:42.443root 11241100x8000000000000000398937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adc6de24d1da18602021-12-21 10:38:42.443root 11241100x8000000000000000398938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e68dc95d58638852021-12-21 10:38:42.943root 11241100x8000000000000000398939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ad046b90bd49d492021-12-21 10:38:42.943root 11241100x8000000000000000398940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0bd688f8fe461072021-12-21 10:38:42.943root 11241100x8000000000000000398941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9c6a53a89dc0a82021-12-21 10:38:42.943root 11241100x8000000000000000398942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab7a3bafb345398c2021-12-21 10:38:42.943root 11241100x8000000000000000398943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f97f8b12bf398232021-12-21 10:38:42.943root 11241100x8000000000000000398944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9317002c6a5196152021-12-21 10:38:42.943root 11241100x8000000000000000398945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d2bcc0e7daaf932021-12-21 10:38:43.443root 11241100x8000000000000000398946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6830f7c7ca7b6ee2021-12-21 10:38:43.443root 11241100x8000000000000000398947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e1942a1f2a9bb882021-12-21 10:38:43.443root 11241100x8000000000000000398948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b94d432e8e9034872021-12-21 10:38:43.443root 11241100x8000000000000000398949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51e50e1490f50a132021-12-21 10:38:43.443root 11241100x8000000000000000398950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39a88ce54b9101092021-12-21 10:38:43.443root 11241100x8000000000000000398951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e9037925d92f552021-12-21 10:38:43.443root 11241100x8000000000000000398952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56ebf1afb217e7a22021-12-21 10:38:43.943root 11241100x8000000000000000398953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c1618a9c45e8262021-12-21 10:38:43.943root 11241100x8000000000000000398954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e05ed5bc3a668a072021-12-21 10:38:43.943root 11241100x8000000000000000398955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5890b591acae62af2021-12-21 10:38:43.943root 11241100x8000000000000000398956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92880461ab6f302d2021-12-21 10:38:43.943root 11241100x8000000000000000398957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f1a5165392c09ff2021-12-21 10:38:43.943root 11241100x8000000000000000398958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dda7bff3a83b7afc2021-12-21 10:38:43.943root 354300x8000000000000000398959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:44.214{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47396-false10.0.1.12-8000- 11241100x8000000000000000398960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:44.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65dbf8f5cc6a1d222021-12-21 10:38:44.215root 11241100x8000000000000000398961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:44.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ff7259abdaf48d2021-12-21 10:38:44.215root 11241100x8000000000000000398962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:44.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a3a32f369d74612021-12-21 10:38:44.216root 11241100x8000000000000000398963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:44.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c88c5b5efd24122021-12-21 10:38:44.216root 11241100x8000000000000000398964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:44.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53dcc66dace26a552021-12-21 10:38:44.216root 11241100x8000000000000000398965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:44.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96092cda232d82712021-12-21 10:38:44.216root 11241100x8000000000000000398966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:44.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a5eae8058872a32021-12-21 10:38:44.216root 11241100x8000000000000000398967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:44.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b9f436ca6fc2d182021-12-21 10:38:44.217root 11241100x8000000000000000398968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab1b45c8ddff399f2021-12-21 10:38:44.693root 11241100x8000000000000000398969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27554ef82ad358882021-12-21 10:38:44.693root 11241100x8000000000000000398970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f70375252aea232021-12-21 10:38:44.693root 11241100x8000000000000000398971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c8cd5a4287fc21c2021-12-21 10:38:44.693root 11241100x8000000000000000398972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6b5406eedae81a02021-12-21 10:38:44.693root 11241100x8000000000000000398973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bc593f8c1511f0c2021-12-21 10:38:44.693root 11241100x8000000000000000398974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.940eb0f670a371832021-12-21 10:38:44.693root 11241100x8000000000000000398975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7834110188fde8702021-12-21 10:38:44.694root 11241100x8000000000000000398976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4066de3c11f87d152021-12-21 10:38:45.193root 11241100x8000000000000000398977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b1b0ed4b4165312021-12-21 10:38:45.193root 11241100x8000000000000000398978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e1801da96ac7ea02021-12-21 10:38:45.193root 11241100x8000000000000000398979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c27305a37ab48572021-12-21 10:38:45.193root 11241100x8000000000000000398980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d48d95b9f8a87a52021-12-21 10:38:45.193root 11241100x8000000000000000398981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25e76b17457e2d72021-12-21 10:38:45.193root 11241100x8000000000000000398982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64bc379a28b148922021-12-21 10:38:45.193root 11241100x8000000000000000398983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5cf1d857d2718532021-12-21 10:38:45.193root 11241100x8000000000000000398984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8cd541c033ea5002021-12-21 10:38:45.693root 11241100x8000000000000000398985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deb03e563646f22a2021-12-21 10:38:45.693root 11241100x8000000000000000398986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7e43d2c1948e172021-12-21 10:38:45.693root 11241100x8000000000000000398987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d321a22346513d8e2021-12-21 10:38:45.693root 11241100x8000000000000000398988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecdd21c2a25dd1a52021-12-21 10:38:45.693root 11241100x8000000000000000398989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42de293aa7c56fee2021-12-21 10:38:45.693root 11241100x8000000000000000398990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fba8ee58b109f1022021-12-21 10:38:45.693root 11241100x8000000000000000398991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2000f6148a909b262021-12-21 10:38:45.693root 11241100x8000000000000000398992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61f7a3b712c8d7e62021-12-21 10:38:46.193root 11241100x8000000000000000398993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a722641d5007ed8a2021-12-21 10:38:46.193root 11241100x8000000000000000398994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f6dd955ff818282021-12-21 10:38:46.193root 11241100x8000000000000000398995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.060e3b15d5f2c3f62021-12-21 10:38:46.193root 11241100x8000000000000000398996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52cdbe340f8407562021-12-21 10:38:46.193root 11241100x8000000000000000398997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e2bceca05c75ea2021-12-21 10:38:46.193root 11241100x8000000000000000398998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4878b878fd211c2021-12-21 10:38:46.193root 11241100x8000000000000000398999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b2324b7ec9281182021-12-21 10:38:46.193root 11241100x8000000000000000399000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd45447bb45d65392021-12-21 10:38:46.693root 11241100x8000000000000000399001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56001b9800618dc62021-12-21 10:38:46.693root 11241100x8000000000000000399002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55c09f78181b94e2021-12-21 10:38:46.693root 11241100x8000000000000000399003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49d3203d857e40532021-12-21 10:38:46.693root 11241100x8000000000000000399004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a983cffdb09f2a942021-12-21 10:38:46.693root 11241100x8000000000000000399005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfe37e78929762d92021-12-21 10:38:46.693root 11241100x8000000000000000399006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a1606873a8e45172021-12-21 10:38:46.693root 11241100x8000000000000000399007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10b8b1b72b5a7602021-12-21 10:38:46.693root 11241100x8000000000000000399008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7bb28d04f2003cf2021-12-21 10:38:47.193root 11241100x8000000000000000399009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4e22448ca00da82021-12-21 10:38:47.193root 11241100x8000000000000000399010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfda6885ca70461e2021-12-21 10:38:47.193root 11241100x8000000000000000399011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b11465bb7c66aa2021-12-21 10:38:47.193root 11241100x8000000000000000399012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c24268f282a860a2021-12-21 10:38:47.193root 11241100x8000000000000000399013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df197c07376b422b2021-12-21 10:38:47.193root 11241100x8000000000000000399014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69f8885b2ff5608d2021-12-21 10:38:47.193root 11241100x8000000000000000399015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9aaa5bb2558fdb2021-12-21 10:38:47.193root 11241100x8000000000000000399016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9088fd5fed3d4b412021-12-21 10:38:47.693root 11241100x8000000000000000399017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d262aea18ecb7b4d2021-12-21 10:38:47.693root 11241100x8000000000000000399018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0173a1c30e8a79362021-12-21 10:38:47.693root 11241100x8000000000000000399019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.663fd12c46bf27942021-12-21 10:38:47.693root 11241100x8000000000000000399020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceca0c3628a324762021-12-21 10:38:47.693root 11241100x8000000000000000399021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e93e13ec35ea84a02021-12-21 10:38:47.693root 11241100x8000000000000000399022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c1e403cd812dfe2021-12-21 10:38:47.693root 11241100x8000000000000000399023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a89f01060c2de9b2021-12-21 10:38:47.693root 11241100x8000000000000000399024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b059e33e7988962021-12-21 10:38:48.193root 11241100x8000000000000000399025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d17e148a6031a62021-12-21 10:38:48.193root 11241100x8000000000000000399026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4313691b6deb1002021-12-21 10:38:48.193root 11241100x8000000000000000399027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c56c3430d30929b2021-12-21 10:38:48.193root 11241100x8000000000000000399028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82f7dd6d967630f22021-12-21 10:38:48.193root 11241100x8000000000000000399029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eaf372f608e38182021-12-21 10:38:48.193root 11241100x8000000000000000399030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda7811228ec5d7e2021-12-21 10:38:48.193root 11241100x8000000000000000399031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5cf48011e32b6622021-12-21 10:38:48.194root 11241100x8000000000000000399032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac6cd30904f224d22021-12-21 10:38:48.693root 11241100x8000000000000000399033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feef89198b8ca2aa2021-12-21 10:38:48.693root 11241100x8000000000000000399034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a78d42ac0a171bfb2021-12-21 10:38:48.693root 11241100x8000000000000000399035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6614fbf7b3c1db782021-12-21 10:38:48.693root 11241100x8000000000000000399036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e990cba2ac4d9a2021-12-21 10:38:48.693root 11241100x8000000000000000399037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd942fea8ec52a42021-12-21 10:38:48.693root 11241100x8000000000000000399038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c840bcb706074b822021-12-21 10:38:48.693root 11241100x8000000000000000399039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1278dcdcb0261d2a2021-12-21 10:38:48.693root 11241100x8000000000000000399040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1fd8a9b8f196bde2021-12-21 10:38:49.193root 11241100x8000000000000000399041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d81e37d592fbe42021-12-21 10:38:49.193root 11241100x8000000000000000399042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ec6f10d8677eba2021-12-21 10:38:49.193root 11241100x8000000000000000399043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b46f256e60ad1b2021-12-21 10:38:49.193root 11241100x8000000000000000399044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae8242d4d0f57182021-12-21 10:38:49.193root 11241100x8000000000000000399045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1fb68314127b7d92021-12-21 10:38:49.193root 11241100x8000000000000000399046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0211c6077b3f31902021-12-21 10:38:49.193root 11241100x8000000000000000399047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8679ac2ec2ee97042021-12-21 10:38:49.193root 11241100x8000000000000000399048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2de096fe3314492021-12-21 10:38:49.693root 11241100x8000000000000000399049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.687f9c29e915eb7b2021-12-21 10:38:49.693root 11241100x8000000000000000399050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a319b3565a2e702021-12-21 10:38:49.693root 11241100x8000000000000000399051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48cb671b053c724e2021-12-21 10:38:49.693root 11241100x8000000000000000399052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e375bfffd04824a42021-12-21 10:38:49.693root 11241100x8000000000000000399053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e68bd634023ab1482021-12-21 10:38:49.693root 11241100x8000000000000000399054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea650f5f775cb202021-12-21 10:38:49.693root 11241100x8000000000000000399055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06af1cd601c1f1282021-12-21 10:38:49.693root 354300x8000000000000000399056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:50.090{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47398-false10.0.1.12-8000- 11241100x8000000000000000399057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:50.090{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05df6c37104aea312021-12-21 10:38:50.090root 11241100x8000000000000000399058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:50.090{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d55576654c09612021-12-21 10:38:50.090root 11241100x8000000000000000399059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:50.090{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac46207f0f18a0e2021-12-21 10:38:50.090root 11241100x8000000000000000399060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:50.091{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb7d226cf67c61ec2021-12-21 10:38:50.091root 11241100x8000000000000000399061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:50.091{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b07b70fbb6fec8f2021-12-21 10:38:50.091root 11241100x8000000000000000399062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:50.091{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28972bc422d970f12021-12-21 10:38:50.091root 11241100x8000000000000000399063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:50.091{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233dd13f038ab22a2021-12-21 10:38:50.091root 11241100x8000000000000000399064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:50.091{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47468c742bd0b8b52021-12-21 10:38:50.091root 11241100x8000000000000000399065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:50.091{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d1a4c6b5e459cd2021-12-21 10:38:50.091root 11241100x8000000000000000399066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8f0fc19c083d1f32021-12-21 10:38:50.443root 11241100x8000000000000000399067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c521a341fc4bdff2021-12-21 10:38:50.443root 11241100x8000000000000000399068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e3a33e8c0bdd142021-12-21 10:38:50.443root 11241100x8000000000000000399069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fc22534e6bda2302021-12-21 10:38:50.443root 11241100x8000000000000000399070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fda89785c3ac3fb2021-12-21 10:38:50.443root 11241100x8000000000000000399071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6754812d0c54905b2021-12-21 10:38:50.443root 11241100x8000000000000000399072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb632005039ca8772021-12-21 10:38:50.443root 11241100x8000000000000000399073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a7df9dbaedf67702021-12-21 10:38:50.444root 11241100x8000000000000000399074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9717c22d06742c812021-12-21 10:38:50.444root 11241100x8000000000000000399075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7fb11f81fa4b86a2021-12-21 10:38:50.943root 11241100x8000000000000000399076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055c837f3e6220872021-12-21 10:38:50.943root 11241100x8000000000000000399077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ac3e53025ef14182021-12-21 10:38:50.943root 11241100x8000000000000000399078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a48f4b4fee51fcce2021-12-21 10:38:50.943root 11241100x8000000000000000399079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f65afccdcdd39a42021-12-21 10:38:50.943root 11241100x8000000000000000399080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.866d27552c3400b12021-12-21 10:38:50.943root 11241100x8000000000000000399081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f05e10141e57b42021-12-21 10:38:50.943root 11241100x8000000000000000399082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc13ae6f108bf3232021-12-21 10:38:50.943root 11241100x8000000000000000399083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db36c2c1c9b8e15b2021-12-21 10:38:50.943root 11241100x8000000000000000399084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b2cf2bd5adaca462021-12-21 10:38:51.443root 11241100x8000000000000000399085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe462027af02583e2021-12-21 10:38:51.443root 11241100x8000000000000000399086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e189b363b1884d962021-12-21 10:38:51.443root 11241100x8000000000000000399087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695c32449208cc732021-12-21 10:38:51.443root 11241100x8000000000000000399088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec0d95550c13ead2021-12-21 10:38:51.443root 11241100x8000000000000000399089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0a29eb9f75356d2021-12-21 10:38:51.443root 11241100x8000000000000000399090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f63a41d21ca93572021-12-21 10:38:51.443root 11241100x8000000000000000399091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.016c25fb33d81b532021-12-21 10:38:51.443root 11241100x8000000000000000399092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c00602344a375d62021-12-21 10:38:51.443root 11241100x8000000000000000399093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b0f9a964316ea22021-12-21 10:38:51.943root 11241100x8000000000000000399094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ee272475c9f0312021-12-21 10:38:51.943root 11241100x8000000000000000399095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e3a1e27dcb331c2021-12-21 10:38:51.943root 11241100x8000000000000000399096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200c2b10443762002021-12-21 10:38:51.943root 11241100x8000000000000000399097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec5bbe5c4bc9e672021-12-21 10:38:51.943root 11241100x8000000000000000399098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c0e13f1d96fa602021-12-21 10:38:51.943root 11241100x8000000000000000399099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b64289316e2a8f282021-12-21 10:38:51.943root 11241100x8000000000000000399100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.890f3f9f203c33c82021-12-21 10:38:51.943root 11241100x8000000000000000399101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fecd792d83823c82021-12-21 10:38:51.943root 11241100x8000000000000000399102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ad12c2da72c9aa2021-12-21 10:38:52.443root 11241100x8000000000000000399103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4861ddd62559fa42021-12-21 10:38:52.443root 11241100x8000000000000000399104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7099aaff231fe5002021-12-21 10:38:52.443root 11241100x8000000000000000399105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.217256869e3b07d22021-12-21 10:38:52.443root 11241100x8000000000000000399106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e63e923ab3946c2e2021-12-21 10:38:52.443root 11241100x8000000000000000399107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.434ed34d2b1a88bb2021-12-21 10:38:52.443root 11241100x8000000000000000399108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a68e7aeae86eba5d2021-12-21 10:38:52.443root 11241100x8000000000000000399109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b0af18d4c897552021-12-21 10:38:52.443root 11241100x8000000000000000399110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b63de4e4326758c2021-12-21 10:38:52.443root 11241100x8000000000000000399111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19362347ff67e1722021-12-21 10:38:52.943root 11241100x8000000000000000399112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcada7fd186c09952021-12-21 10:38:52.943root 11241100x8000000000000000399113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e8248e01ff7f6f2021-12-21 10:38:52.943root 11241100x8000000000000000399114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.399444fac5c7915f2021-12-21 10:38:52.943root 11241100x8000000000000000399115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc5154d7146532e2021-12-21 10:38:52.943root 11241100x8000000000000000399116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b0dd13456073aa2021-12-21 10:38:52.943root 11241100x8000000000000000399117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37866cb355e75c3e2021-12-21 10:38:52.943root 11241100x8000000000000000399118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc2acacc90954b512021-12-21 10:38:52.943root 11241100x8000000000000000399119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fdfbec907c672cc2021-12-21 10:38:52.943root 11241100x8000000000000000399120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec394e241a7f8c092021-12-21 10:38:53.443root 11241100x8000000000000000399121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e56836619906de42021-12-21 10:38:53.443root 11241100x8000000000000000399122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c07c862095927c2021-12-21 10:38:53.443root 11241100x8000000000000000399123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7eae7bb1d761b4b2021-12-21 10:38:53.443root 11241100x8000000000000000399124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f50b301a529efa2021-12-21 10:38:53.443root 11241100x8000000000000000399125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d6aa9c784d2bf5c2021-12-21 10:38:53.443root 11241100x8000000000000000399126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b029f54e0a4c52532021-12-21 10:38:53.443root 11241100x8000000000000000399127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398eee2a5b1869e42021-12-21 10:38:53.443root 11241100x8000000000000000399128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.451f9cae18254fff2021-12-21 10:38:53.444root 11241100x8000000000000000399129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d4b9ca15551e952021-12-21 10:38:53.943root 11241100x8000000000000000399130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f72d50a75f25b12021-12-21 10:38:53.944root 11241100x8000000000000000399131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ffd51d8c8d97372021-12-21 10:38:53.944root 11241100x8000000000000000399132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba59b7c46fc8b45c2021-12-21 10:38:53.944root 11241100x8000000000000000399133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7673e83b772b628e2021-12-21 10:38:53.944root 11241100x8000000000000000399134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77320e98179ce4fa2021-12-21 10:38:53.944root 11241100x8000000000000000399135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.743f8a5e140cd9532021-12-21 10:38:53.944root 11241100x8000000000000000399136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0388248ebf5527752021-12-21 10:38:53.944root 11241100x8000000000000000399137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc89ddc5f48059432021-12-21 10:38:53.944root 11241100x8000000000000000399138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f54faa45ad95252021-12-21 10:38:54.443root 11241100x8000000000000000399139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc0f6f6b71f69942021-12-21 10:38:54.443root 11241100x8000000000000000399140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fbfcae1c330d28c2021-12-21 10:38:54.443root 11241100x8000000000000000399141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.166123f9b7125dfd2021-12-21 10:38:54.443root 11241100x8000000000000000399142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0229b3a9abd07002021-12-21 10:38:54.443root 11241100x8000000000000000399143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53049e9d83b3d7362021-12-21 10:38:54.443root 11241100x8000000000000000399144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1792a7e4758e45672021-12-21 10:38:54.443root 11241100x8000000000000000399145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c2f97cc938a5bd2021-12-21 10:38:54.443root 11241100x8000000000000000399146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3add28a8dd3cf0d2021-12-21 10:38:54.444root 11241100x8000000000000000399147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.375d76a74eeac1c72021-12-21 10:38:54.943root 11241100x8000000000000000399148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a52b33dbbe6434c52021-12-21 10:38:54.943root 11241100x8000000000000000399149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f0ffe97fe76d152021-12-21 10:38:54.943root 11241100x8000000000000000399150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3369e345df852b712021-12-21 10:38:54.943root 11241100x8000000000000000399151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb2da8d461e80592021-12-21 10:38:54.943root 11241100x8000000000000000399152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb1a0a69a6d69632021-12-21 10:38:54.943root 11241100x8000000000000000399153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abbc6438cce03b1a2021-12-21 10:38:54.944root 11241100x8000000000000000399154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f7a8ab43a049e32021-12-21 10:38:54.944root 11241100x8000000000000000399155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f666dd87743e33f72021-12-21 10:38:54.944root 11241100x8000000000000000399156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d2222a433f0ad12021-12-21 10:38:55.443root 11241100x8000000000000000399157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f06a73c3e11db4a02021-12-21 10:38:55.443root 11241100x8000000000000000399158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffb64beaf8b5e9862021-12-21 10:38:55.443root 11241100x8000000000000000399159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.041c34f86affd5d42021-12-21 10:38:55.444root 11241100x8000000000000000399160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.045ec3c5763cd70d2021-12-21 10:38:55.444root 11241100x8000000000000000399161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.019c12c79097625f2021-12-21 10:38:55.444root 11241100x8000000000000000399162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6624ef8becc3065c2021-12-21 10:38:55.444root 11241100x8000000000000000399163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72e380676905c2c2021-12-21 10:38:55.444root 11241100x8000000000000000399164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b12f84851c576c462021-12-21 10:38:55.444root 11241100x8000000000000000399165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.873025708c0beb682021-12-21 10:38:55.943root 11241100x8000000000000000399166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc9c2b4a4faa460b2021-12-21 10:38:55.943root 11241100x8000000000000000399167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78fa7009179d65b12021-12-21 10:38:55.943root 11241100x8000000000000000399168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.842e23e426b97f122021-12-21 10:38:55.943root 11241100x8000000000000000399169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f192a406900745c02021-12-21 10:38:55.943root 11241100x8000000000000000399170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d0863a8c33f398b2021-12-21 10:38:55.943root 11241100x8000000000000000399171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afe5c971c30054c42021-12-21 10:38:55.943root 11241100x8000000000000000399172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1124cfc4590387912021-12-21 10:38:55.943root 11241100x8000000000000000399173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c8e49bfcf6610d22021-12-21 10:38:55.943root 11241100x8000000000000000399174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3505dd4fab03fce12021-12-21 10:38:56.443root 11241100x8000000000000000399175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91fa6c03e9b8f3402021-12-21 10:38:56.444root 11241100x8000000000000000399176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c03dee4d861b9e2021-12-21 10:38:56.444root 11241100x8000000000000000399177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff948f6ba911ba452021-12-21 10:38:56.444root 11241100x8000000000000000399178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78acf9e9985e026b2021-12-21 10:38:56.444root 11241100x8000000000000000399179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85fb3afb2d253d8a2021-12-21 10:38:56.444root 11241100x8000000000000000399180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a0bc55c328f7b132021-12-21 10:38:56.444root 11241100x8000000000000000399181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4681560f4b4320492021-12-21 10:38:56.444root 11241100x8000000000000000399182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed1cbe79964348402021-12-21 10:38:56.444root 11241100x8000000000000000399183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df14db6277fc4172021-12-21 10:38:56.943root 11241100x8000000000000000399184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69847798363eccc32021-12-21 10:38:56.943root 11241100x8000000000000000399185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d6c68dbe218c322021-12-21 10:38:56.943root 11241100x8000000000000000399186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0409f3baf9c656c2021-12-21 10:38:56.943root 11241100x8000000000000000399187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0268323aba3e9912021-12-21 10:38:56.943root 11241100x8000000000000000399188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4979ce445e81b1a2021-12-21 10:38:56.943root 11241100x8000000000000000399189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.012ccc5bc7dcaaab2021-12-21 10:38:56.943root 11241100x8000000000000000399190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b0541f02a315902021-12-21 10:38:56.943root 11241100x8000000000000000399191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.084546b46819e9462021-12-21 10:38:56.944root 11241100x8000000000000000399192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a734a5687655a6d2021-12-21 10:38:57.443root 11241100x8000000000000000399193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd6d21fb9672251a2021-12-21 10:38:57.443root 11241100x8000000000000000399194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3730f34747816bfb2021-12-21 10:38:57.443root 11241100x8000000000000000399195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c9dfe41e1e4b852021-12-21 10:38:57.443root 11241100x8000000000000000399196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a29feb1d90a13492021-12-21 10:38:57.443root 11241100x8000000000000000399197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.963860ed687314902021-12-21 10:38:57.443root 11241100x8000000000000000399198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84c06d1285eed0f42021-12-21 10:38:57.443root 11241100x8000000000000000399199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071f8509475d24542021-12-21 10:38:57.443root 11241100x8000000000000000399200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b6670f4c9467e342021-12-21 10:38:57.443root 11241100x8000000000000000399201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f253a8455ce5a1c22021-12-21 10:38:57.943root 11241100x8000000000000000399202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0716dd47fc024c62021-12-21 10:38:57.943root 11241100x8000000000000000399203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb07fee3680f01b2021-12-21 10:38:57.943root 11241100x8000000000000000399204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce8192e5c8856ee42021-12-21 10:38:57.943root 11241100x8000000000000000399205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa89bf838a4eef4b2021-12-21 10:38:57.943root 11241100x8000000000000000399206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c09d964f2b703812021-12-21 10:38:57.943root 11241100x8000000000000000399207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db69b15c2ef79ab02021-12-21 10:38:57.943root 11241100x8000000000000000399208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d88d3994e249aa3f2021-12-21 10:38:57.943root 11241100x8000000000000000399209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.810e69e0e2c9a3182021-12-21 10:38:57.944root 11241100x8000000000000000399210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e58b4f7e0a66562021-12-21 10:38:58.443root 11241100x8000000000000000399211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.196578262331c8712021-12-21 10:38:58.443root 11241100x8000000000000000399212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0859087f9c277e02021-12-21 10:38:58.443root 11241100x8000000000000000399213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34644b439f1f986c2021-12-21 10:38:58.443root 11241100x8000000000000000399214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6852dc39e3706c032021-12-21 10:38:58.443root 11241100x8000000000000000399215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99259ff697c677d32021-12-21 10:38:58.443root 11241100x8000000000000000399216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61063befbd907dba2021-12-21 10:38:58.443root 11241100x8000000000000000399217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64c96e6c50d3a13b2021-12-21 10:38:58.443root 11241100x8000000000000000399218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d683e481a406e42021-12-21 10:38:58.443root 11241100x8000000000000000399219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.918491f88799b5c32021-12-21 10:38:58.943root 11241100x8000000000000000399220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6308787be42602032021-12-21 10:38:58.943root 11241100x8000000000000000399221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad1bde7a1cbe1c522021-12-21 10:38:58.943root 11241100x8000000000000000399222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d16a41c0d53976d12021-12-21 10:38:58.943root 11241100x8000000000000000399223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d46eed51dff14ba82021-12-21 10:38:58.943root 11241100x8000000000000000399224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97cab4fc1e0377212021-12-21 10:38:58.943root 11241100x8000000000000000399225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b855b657b5e52772021-12-21 10:38:58.943root 11241100x8000000000000000399226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.275961429f5af6c02021-12-21 10:38:58.943root 11241100x8000000000000000399227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.417853b93f305cf82021-12-21 10:38:58.943root 11241100x8000000000000000399228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d340c142093745a2021-12-21 10:38:59.443root 11241100x8000000000000000399229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a730668df1d93c82021-12-21 10:38:59.443root 11241100x8000000000000000399230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.954942d2bc1814ac2021-12-21 10:38:59.443root 11241100x8000000000000000399231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e06f5a9c13a325c2021-12-21 10:38:59.443root 11241100x8000000000000000399232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d93c05f319e14a2021-12-21 10:38:59.443root 11241100x8000000000000000399233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fa85e3d3aef040f2021-12-21 10:38:59.443root 11241100x8000000000000000399234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1905f5681a1400332021-12-21 10:38:59.443root 11241100x8000000000000000399235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47847452dcd916c12021-12-21 10:38:59.443root 11241100x8000000000000000399236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e09444f0913340de2021-12-21 10:38:59.443root 11241100x8000000000000000399237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb26e1e84fef7d92021-12-21 10:38:59.943root 11241100x8000000000000000399238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaae9c798c6a60ca2021-12-21 10:38:59.943root 11241100x8000000000000000399239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c8e83e28bed5f62021-12-21 10:38:59.943root 11241100x8000000000000000399240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d3fc7dea5bdd0322021-12-21 10:38:59.943root 11241100x8000000000000000399241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af1dc2e478eb9452021-12-21 10:38:59.943root 11241100x8000000000000000399242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.937f0c75c26315fc2021-12-21 10:38:59.943root 11241100x8000000000000000399243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.567c9218e9dd4ff32021-12-21 10:38:59.943root 11241100x8000000000000000399244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ddda086f01e1ed22021-12-21 10:38:59.943root 11241100x8000000000000000399245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:38:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.231f31b4477710082021-12-21 10:38:59.943root 11241100x8000000000000000399246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9386f38e947ff9c32021-12-21 10:39:00.443root 11241100x8000000000000000399247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ef6e19679fe29482021-12-21 10:39:00.443root 11241100x8000000000000000399248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aacd28ff620d9d912021-12-21 10:39:00.443root 11241100x8000000000000000399249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d8a481ae582d1b12021-12-21 10:39:00.443root 11241100x8000000000000000399250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.060633d021d388da2021-12-21 10:39:00.443root 11241100x8000000000000000399251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca27da1b6b997902021-12-21 10:39:00.443root 11241100x8000000000000000399252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24741c453c5c5592021-12-21 10:39:00.443root 11241100x8000000000000000399253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.283a5325bdc832d42021-12-21 10:39:00.443root 11241100x8000000000000000399254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce28d6c4d1f0f1b02021-12-21 10:39:00.444root 11241100x8000000000000000399255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e13a4ecfc526abec2021-12-21 10:39:00.943root 11241100x8000000000000000399256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc935c81f4b375f2021-12-21 10:39:00.943root 11241100x8000000000000000399257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c5e990b183f03952021-12-21 10:39:00.943root 11241100x8000000000000000399258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce202783493763502021-12-21 10:39:00.943root 11241100x8000000000000000399259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e191c9910c3d67962021-12-21 10:39:00.943root 11241100x8000000000000000399260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76da5464e9b47682021-12-21 10:39:00.943root 11241100x8000000000000000399261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4cf1fd0c63042742021-12-21 10:39:00.943root 11241100x8000000000000000399262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.575d0570f621cad32021-12-21 10:39:00.943root 11241100x8000000000000000399263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.036bc14b88ccc8ad2021-12-21 10:39:00.943root 354300x8000000000000000399264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:01.043{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47402-false10.0.1.12-8000- 11241100x8000000000000000399265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5fed9db6087953e2021-12-21 10:39:01.443root 11241100x8000000000000000399266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1125c9755cbf7d62021-12-21 10:39:01.443root 11241100x8000000000000000399267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dcb2f4e135b75292021-12-21 10:39:01.443root 11241100x8000000000000000399268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d8d31638fb8c6e12021-12-21 10:39:01.443root 11241100x8000000000000000399269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d45c2cc3ef2c516d2021-12-21 10:39:01.443root 11241100x8000000000000000399270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9430347c3e76099b2021-12-21 10:39:01.443root 11241100x8000000000000000399271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d14c5d87078ca6062021-12-21 10:39:01.443root 11241100x8000000000000000399272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0902c9a85642efd22021-12-21 10:39:01.443root 11241100x8000000000000000399273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c9bea4494c35832021-12-21 10:39:01.443root 11241100x8000000000000000399274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad5f3e8a345ca7a42021-12-21 10:39:01.443root 11241100x8000000000000000399275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2713dec1b04476b2021-12-21 10:39:01.943root 11241100x8000000000000000399276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d6ec37aad5f7652021-12-21 10:39:01.943root 11241100x8000000000000000399277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a76c7cd9755093f92021-12-21 10:39:01.943root 11241100x8000000000000000399278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed623881436fad372021-12-21 10:39:01.943root 11241100x8000000000000000399279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3e7e5cfa8f87752021-12-21 10:39:01.943root 11241100x8000000000000000399280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa2d624037d94bce2021-12-21 10:39:01.943root 11241100x8000000000000000399281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.856123b4fb5582162021-12-21 10:39:01.943root 11241100x8000000000000000399282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d4e4d624fe45b02021-12-21 10:39:01.943root 11241100x8000000000000000399283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae27038f1d520652021-12-21 10:39:01.943root 11241100x8000000000000000399284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59214b4c7d7b60b12021-12-21 10:39:01.943root 11241100x8000000000000000399285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.897994dc5998feb02021-12-21 10:39:02.443root 11241100x8000000000000000399286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cc8fc173236e57a2021-12-21 10:39:02.443root 11241100x8000000000000000399287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d773e249e19c852021-12-21 10:39:02.443root 11241100x8000000000000000399288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e36d2c596ef1a922021-12-21 10:39:02.443root 11241100x8000000000000000399289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee6dfaab9414af7e2021-12-21 10:39:02.443root 11241100x8000000000000000399290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7bf3af7f783a0ed2021-12-21 10:39:02.443root 11241100x8000000000000000399291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea8c8428b5f0b922021-12-21 10:39:02.443root 11241100x8000000000000000399292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46ddccbc1d93cf832021-12-21 10:39:02.444root 11241100x8000000000000000399293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64eea82742c02a462021-12-21 10:39:02.444root 11241100x8000000000000000399294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931721b21d267b422021-12-21 10:39:02.444root 11241100x8000000000000000399295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3162c0e6bfbcd9442021-12-21 10:39:02.943root 11241100x8000000000000000399296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a89a70c9d2c4c2f2021-12-21 10:39:02.943root 11241100x8000000000000000399297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b17bd3aeaff54b02021-12-21 10:39:02.943root 11241100x8000000000000000399298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.869efb6feb5ad7d62021-12-21 10:39:02.943root 11241100x8000000000000000399299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6236f19b81b20712021-12-21 10:39:02.943root 11241100x8000000000000000399300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c178f3b6b242e3e12021-12-21 10:39:02.944root 11241100x8000000000000000399301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1739ca8c972cc0782021-12-21 10:39:02.944root 11241100x8000000000000000399302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42927f942b53a5bc2021-12-21 10:39:02.944root 11241100x8000000000000000399303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.426143a4e737763a2021-12-21 10:39:02.944root 11241100x8000000000000000399304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa8e5df74df652102021-12-21 10:39:02.944root 11241100x8000000000000000399305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20888799772ea2c42021-12-21 10:39:03.443root 11241100x8000000000000000399306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8e9dd37054f55c32021-12-21 10:39:03.443root 11241100x8000000000000000399307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22aeca09cebdfc352021-12-21 10:39:03.443root 11241100x8000000000000000399308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5922ac837c03715f2021-12-21 10:39:03.443root 11241100x8000000000000000399309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce5f3038d44066d22021-12-21 10:39:03.443root 11241100x8000000000000000399310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8123da0a9d91f5a2021-12-21 10:39:03.443root 11241100x8000000000000000399311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b33a37338d4fe202021-12-21 10:39:03.443root 11241100x8000000000000000399312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a491c07df9f0a7f22021-12-21 10:39:03.443root 11241100x8000000000000000399313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e24235baa81efc2021-12-21 10:39:03.443root 11241100x8000000000000000399314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d1a4467f054d182021-12-21 10:39:03.443root 11241100x8000000000000000399315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb70c33dd57b43bb2021-12-21 10:39:03.943root 11241100x8000000000000000399316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0ed0f31f77df5c2021-12-21 10:39:03.943root 11241100x8000000000000000399317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a2c066409aa6742021-12-21 10:39:03.943root 11241100x8000000000000000399318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd0c9428c78af2502021-12-21 10:39:03.943root 11241100x8000000000000000399319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d5adb8b63b629c32021-12-21 10:39:03.943root 11241100x8000000000000000399320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ff931b0b6741262021-12-21 10:39:03.943root 11241100x8000000000000000399321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62fb42f941aa585e2021-12-21 10:39:03.943root 11241100x8000000000000000399322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f93ce504fab6e20b2021-12-21 10:39:03.943root 11241100x8000000000000000399323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d04a4a6d017fc4472021-12-21 10:39:03.943root 11241100x8000000000000000399324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae9326175c7dacf2021-12-21 10:39:03.943root 11241100x8000000000000000399325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a0e718ec67cd3dd2021-12-21 10:39:04.443root 11241100x8000000000000000399326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68dc9760449c86b2021-12-21 10:39:04.443root 11241100x8000000000000000399327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b2f3d40547e41b2021-12-21 10:39:04.443root 11241100x8000000000000000399328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d67192076e3c71a2021-12-21 10:39:04.443root 11241100x8000000000000000399329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a3d6b27be20a992021-12-21 10:39:04.443root 11241100x8000000000000000399330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.585896a447b0a7c82021-12-21 10:39:04.443root 11241100x8000000000000000399331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7384b8fadd1e3cc92021-12-21 10:39:04.443root 11241100x8000000000000000399332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f943df8349e62d672021-12-21 10:39:04.444root 11241100x8000000000000000399333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a5e880c1d9317012021-12-21 10:39:04.444root 11241100x8000000000000000399334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9321e8096881f6b62021-12-21 10:39:04.444root 11241100x8000000000000000399335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5221c83781a9ba2021-12-21 10:39:04.943root 11241100x8000000000000000399336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60f179b3472085f82021-12-21 10:39:04.943root 11241100x8000000000000000399337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.689a303aa307527b2021-12-21 10:39:04.943root 11241100x8000000000000000399338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523aebeb718ee2822021-12-21 10:39:04.943root 11241100x8000000000000000399339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d72bf242af7f2fc82021-12-21 10:39:04.943root 11241100x8000000000000000399340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4c21979600355b2021-12-21 10:39:04.943root 11241100x8000000000000000399341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acc90035906a05e42021-12-21 10:39:04.943root 11241100x8000000000000000399342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66327ea4d2f592a52021-12-21 10:39:04.943root 11241100x8000000000000000399343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f8b253eb063e3572021-12-21 10:39:04.943root 11241100x8000000000000000399344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e8acb6899a1ca52021-12-21 10:39:04.944root 11241100x8000000000000000399345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cd6fcc04b9c22752021-12-21 10:39:05.443root 11241100x8000000000000000399346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ff92ee80f9cee82021-12-21 10:39:05.443root 11241100x8000000000000000399347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3dd088e3b5ea0942021-12-21 10:39:05.443root 11241100x8000000000000000399348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9800a13179116f32021-12-21 10:39:05.443root 11241100x8000000000000000399349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9415f3bb4df76a012021-12-21 10:39:05.443root 11241100x8000000000000000399350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973536855effd5862021-12-21 10:39:05.443root 11241100x8000000000000000399351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5516ed541989dbac2021-12-21 10:39:05.443root 11241100x8000000000000000399352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac97925129eeafc42021-12-21 10:39:05.443root 11241100x8000000000000000399353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba8dac08a11d57c2021-12-21 10:39:05.444root 11241100x8000000000000000399354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e068291063e5eacd2021-12-21 10:39:05.444root 11241100x8000000000000000399355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9220e261a9ca0d02021-12-21 10:39:05.943root 11241100x8000000000000000399356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a1221176c40ce62021-12-21 10:39:05.943root 11241100x8000000000000000399357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae3b6b1629a38bb2021-12-21 10:39:05.943root 11241100x8000000000000000399358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3707c00e8195c6a62021-12-21 10:39:05.943root 11241100x8000000000000000399359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a817fb273efcb7392021-12-21 10:39:05.943root 11241100x8000000000000000399360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec445b1babbf4932021-12-21 10:39:05.943root 11241100x8000000000000000399361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e0249296a1bca52021-12-21 10:39:05.943root 11241100x8000000000000000399362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a35eb091d3bdf002021-12-21 10:39:05.944root 11241100x8000000000000000399363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a9f63c29f8fffa02021-12-21 10:39:05.944root 11241100x8000000000000000399364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b4ca9a5d7c51672021-12-21 10:39:05.944root 354300x8000000000000000399365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:06.190{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47404-false10.0.1.12-8000- 11241100x8000000000000000399366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:06.345{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 10:39:06.345root 11241100x8000000000000000399367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:06.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab23d9914af22e732021-12-21 10:39:06.346root 11241100x8000000000000000399368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:06.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb9566a6a3a45d232021-12-21 10:39:06.346root 11241100x8000000000000000399369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:06.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.977ebca08b200b602021-12-21 10:39:06.346root 11241100x8000000000000000399370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:06.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d36b4db269e575a32021-12-21 10:39:06.346root 11241100x8000000000000000399371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:06.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d56643e73995c00a2021-12-21 10:39:06.346root 11241100x8000000000000000399372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:06.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8460954397b7c752021-12-21 10:39:06.346root 11241100x8000000000000000399373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:06.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d4d458eb82ae2d2021-12-21 10:39:06.346root 11241100x8000000000000000399374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:06.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06539310ed4d1c9c2021-12-21 10:39:06.346root 11241100x8000000000000000399375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:06.347{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8136a49d193c53532021-12-21 10:39:06.347root 11241100x8000000000000000399376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:06.347{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f15beb01e4fb312021-12-21 10:39:06.347root 11241100x8000000000000000399377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:06.347{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac9ee5bce3ad755d2021-12-21 10:39:06.347root 11241100x8000000000000000399378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:06.347{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f3d48cec445dfb2021-12-21 10:39:06.347root 11241100x8000000000000000399379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1cba80087277a9b2021-12-21 10:39:06.693root 11241100x8000000000000000399380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6232cb1fc8a8f8202021-12-21 10:39:06.693root 11241100x8000000000000000399381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9fcd54b956557802021-12-21 10:39:06.693root 11241100x8000000000000000399382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.597253b9b53cf2732021-12-21 10:39:06.693root 11241100x8000000000000000399383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.135e3a11e6acfc292021-12-21 10:39:06.693root 11241100x8000000000000000399384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca31730ed78afefe2021-12-21 10:39:06.693root 11241100x8000000000000000399385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8235534a7d112d42021-12-21 10:39:06.693root 11241100x8000000000000000399386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd6d1474e026b682021-12-21 10:39:06.694root 11241100x8000000000000000399387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f82d2581e8eee5e2021-12-21 10:39:06.694root 11241100x8000000000000000399388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.908d8615e00452152021-12-21 10:39:06.694root 11241100x8000000000000000399389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f148bf22fb3b8292021-12-21 10:39:06.694root 11241100x8000000000000000399390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.531b7370dbf83f2d2021-12-21 10:39:06.694root 11241100x8000000000000000399391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16eccce4bba697d52021-12-21 10:39:07.193root 11241100x8000000000000000399392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38bf64cd1c38d7772021-12-21 10:39:07.193root 11241100x8000000000000000399393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79f240d9238c0e232021-12-21 10:39:07.193root 11241100x8000000000000000399394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c508ecd77f3b9572021-12-21 10:39:07.193root 11241100x8000000000000000399395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc77503a02e9ef532021-12-21 10:39:07.193root 11241100x8000000000000000399396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e616846f42d9ea2021-12-21 10:39:07.193root 11241100x8000000000000000399397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc524217581360d62021-12-21 10:39:07.193root 11241100x8000000000000000399398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b6560248362e912021-12-21 10:39:07.194root 11241100x8000000000000000399399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1aae24db01e3fef2021-12-21 10:39:07.194root 11241100x8000000000000000399400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dcf3266793e4b072021-12-21 10:39:07.194root 11241100x8000000000000000399401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba10f0ecee19ef5d2021-12-21 10:39:07.194root 11241100x8000000000000000399402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21bec23f23cc85062021-12-21 10:39:07.194root 11241100x8000000000000000399403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dafded60f5c31632021-12-21 10:39:07.693root 11241100x8000000000000000399404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0062cf74f65d6412021-12-21 10:39:07.693root 11241100x8000000000000000399405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd7d828035747a62021-12-21 10:39:07.693root 11241100x8000000000000000399406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba9dd97e1948b25f2021-12-21 10:39:07.693root 11241100x8000000000000000399407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8adeee74842de6e92021-12-21 10:39:07.693root 11241100x8000000000000000399408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4ed587263990c12021-12-21 10:39:07.693root 11241100x8000000000000000399409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5088f7c930f30a422021-12-21 10:39:07.693root 11241100x8000000000000000399410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31cf9588d8f9274f2021-12-21 10:39:07.694root 11241100x8000000000000000399411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.540bcae090f184932021-12-21 10:39:07.694root 11241100x8000000000000000399412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b95fb4d0ee23e22f2021-12-21 10:39:07.694root 11241100x8000000000000000399413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e9208b2d0cf70582021-12-21 10:39:07.694root 11241100x8000000000000000399414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e626aef14ceb6502021-12-21 10:39:07.694root 11241100x8000000000000000399415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c53341a02f6738e42021-12-21 10:39:08.193root 11241100x8000000000000000399416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c84c4a4bacd70d2021-12-21 10:39:08.193root 11241100x8000000000000000399417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.708169cba1615b7d2021-12-21 10:39:08.193root 11241100x8000000000000000399418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e3677c51b1dba52021-12-21 10:39:08.193root 11241100x8000000000000000399419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a0725eb310ac9c2021-12-21 10:39:08.193root 11241100x8000000000000000399420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec524426e92e85272021-12-21 10:39:08.193root 11241100x8000000000000000399421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7db08a9d5430b222021-12-21 10:39:08.194root 11241100x8000000000000000399422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e73e67e6135bab682021-12-21 10:39:08.194root 11241100x8000000000000000399423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.502f0d295161f1172021-12-21 10:39:08.194root 11241100x8000000000000000399424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba2957194cce6e4a2021-12-21 10:39:08.194root 11241100x8000000000000000399425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a977eab9bcc3c82021-12-21 10:39:08.194root 11241100x8000000000000000399426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2287ead624fcc81a2021-12-21 10:39:08.194root 11241100x8000000000000000399427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa62a73811ac1d5e2021-12-21 10:39:08.693root 11241100x8000000000000000399428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01aa7d5c7177b79a2021-12-21 10:39:08.693root 11241100x8000000000000000399429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb70762d498948d2021-12-21 10:39:08.693root 11241100x8000000000000000399430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2307455feedf274b2021-12-21 10:39:08.693root 11241100x8000000000000000399431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d66c4afb6a312fc42021-12-21 10:39:08.694root 11241100x8000000000000000399432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.717e09c80c79e4682021-12-21 10:39:08.694root 11241100x8000000000000000399433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72b01590eea796592021-12-21 10:39:08.694root 11241100x8000000000000000399434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a95d7256a830d82021-12-21 10:39:08.694root 11241100x8000000000000000399435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5ea1e2fbcc36c232021-12-21 10:39:08.694root 11241100x8000000000000000399436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeb161cf667f0ea72021-12-21 10:39:08.694root 11241100x8000000000000000399437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ac7b2b3e84606ff2021-12-21 10:39:08.694root 11241100x8000000000000000399438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aca485cf0b35aba2021-12-21 10:39:08.694root 11241100x8000000000000000399439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.529a84dff658f8d42021-12-21 10:39:09.193root 11241100x8000000000000000399440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c51b8bb62ff150592021-12-21 10:39:09.193root 11241100x8000000000000000399441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec89108c38956c02021-12-21 10:39:09.193root 11241100x8000000000000000399442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc7a6af1c6c660e02021-12-21 10:39:09.193root 11241100x8000000000000000399443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04bdc506382407122021-12-21 10:39:09.193root 11241100x8000000000000000399444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1fa72a23a1ca8682021-12-21 10:39:09.193root 11241100x8000000000000000399445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79fc23c45b7ef3062021-12-21 10:39:09.193root 11241100x8000000000000000399446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb00d1f2608936a82021-12-21 10:39:09.194root 11241100x8000000000000000399447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9b5da210598ae02021-12-21 10:39:09.194root 11241100x8000000000000000399448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d32b498621ac3082021-12-21 10:39:09.194root 11241100x8000000000000000399449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d25ff0590b6caf142021-12-21 10:39:09.194root 11241100x8000000000000000399450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7cee6b078a8cd472021-12-21 10:39:09.194root 23542300x8000000000000000399451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:09.346{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000399452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e0dcb17de9e8772021-12-21 10:39:09.693root 11241100x8000000000000000399453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9765fd8d51998af02021-12-21 10:39:09.693root 11241100x8000000000000000399454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70332560a85893ab2021-12-21 10:39:09.693root 11241100x8000000000000000399455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e072ffb6167fda2021-12-21 10:39:09.693root 11241100x8000000000000000399456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1003eb86ff88745e2021-12-21 10:39:09.693root 11241100x8000000000000000399457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de2c0d8b26ebc6262021-12-21 10:39:09.693root 11241100x8000000000000000399458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a968c62cc6f3ad32021-12-21 10:39:09.693root 11241100x8000000000000000399459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e6620b02197b3b2021-12-21 10:39:09.694root 11241100x8000000000000000399460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e0336f35792e9a2021-12-21 10:39:09.694root 11241100x8000000000000000399461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.257d83aada0076722021-12-21 10:39:09.694root 11241100x8000000000000000399462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62a13740eabceb342021-12-21 10:39:09.694root 11241100x8000000000000000399463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea7e05bbcae07e1a2021-12-21 10:39:09.694root 11241100x8000000000000000399464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.444e85a52c6458722021-12-21 10:39:09.694root 11241100x8000000000000000399465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af5ec42168ef3662021-12-21 10:39:10.193root 11241100x8000000000000000399466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3522f929b3805492021-12-21 10:39:10.193root 11241100x8000000000000000399467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e93519365c31d1182021-12-21 10:39:10.193root 11241100x8000000000000000399468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff6d12d46d2452672021-12-21 10:39:10.193root 11241100x8000000000000000399469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d8e7a3f4330b422021-12-21 10:39:10.193root 11241100x8000000000000000399470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a237cfbdb162c1772021-12-21 10:39:10.193root 11241100x8000000000000000399471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f750917f8f24c542021-12-21 10:39:10.194root 11241100x8000000000000000399472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fccb5629c54ad252021-12-21 10:39:10.194root 11241100x8000000000000000399473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e0436b21d8b0912021-12-21 10:39:10.194root 11241100x8000000000000000399474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4ed19aa34245e742021-12-21 10:39:10.194root 11241100x8000000000000000399475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cfe7537cc16ea822021-12-21 10:39:10.194root 11241100x8000000000000000399476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21fe24ba887425852021-12-21 10:39:10.194root 11241100x8000000000000000399477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae6e6bde83136cd2021-12-21 10:39:10.194root 11241100x8000000000000000399478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3afb9de332b59cbb2021-12-21 10:39:10.693root 11241100x8000000000000000399479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b371c2250edf36d2021-12-21 10:39:10.693root 11241100x8000000000000000399480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ed8a7030105a132021-12-21 10:39:10.693root 11241100x8000000000000000399481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c02292cfe49618dd2021-12-21 10:39:10.693root 11241100x8000000000000000399482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d845095f34367082021-12-21 10:39:10.694root 11241100x8000000000000000399483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9323ff5675457f892021-12-21 10:39:10.694root 11241100x8000000000000000399484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a66d7862fa355ee2021-12-21 10:39:10.694root 11241100x8000000000000000399485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136d7aaa0995023e2021-12-21 10:39:10.694root 11241100x8000000000000000399486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.703ae73b0e72b2542021-12-21 10:39:10.694root 11241100x8000000000000000399487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f7e56259f47ee12021-12-21 10:39:10.694root 11241100x8000000000000000399488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4519ebaf0022642021-12-21 10:39:10.694root 11241100x8000000000000000399489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ac8ea643b55ad02021-12-21 10:39:10.694root 11241100x8000000000000000399490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b955987bc824ce7f2021-12-21 10:39:10.694root 11241100x8000000000000000399491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25765eac5c0e58062021-12-21 10:39:11.193root 11241100x8000000000000000399492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ed31b190fa7fd02021-12-21 10:39:11.193root 11241100x8000000000000000399493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa854466e29e3d6a2021-12-21 10:39:11.193root 11241100x8000000000000000399494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f662089a0b81a32021-12-21 10:39:11.193root 11241100x8000000000000000399495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d6288f505c91ee2021-12-21 10:39:11.193root 11241100x8000000000000000399496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e5a198503324812021-12-21 10:39:11.193root 11241100x8000000000000000399497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75498bacf944d4302021-12-21 10:39:11.194root 11241100x8000000000000000399498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d07268e89800682021-12-21 10:39:11.194root 11241100x8000000000000000399499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576d1ecb34abbf052021-12-21 10:39:11.194root 11241100x8000000000000000399500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ca957e6ccf30e02021-12-21 10:39:11.194root 11241100x8000000000000000399501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0297ec8c90590b402021-12-21 10:39:11.194root 11241100x8000000000000000399502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf8f3ea6068db3d2021-12-21 10:39:11.194root 11241100x8000000000000000399503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755cb18f929054752021-12-21 10:39:11.194root 11241100x8000000000000000399504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e3cc425c5d6d0b52021-12-21 10:39:11.693root 11241100x8000000000000000399505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a1dd1014b18da3b2021-12-21 10:39:11.693root 11241100x8000000000000000399506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4742825c74b0e71a2021-12-21 10:39:11.693root 11241100x8000000000000000399507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e426f2f26497f3fb2021-12-21 10:39:11.693root 11241100x8000000000000000399508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c262c84f5c53cf2021-12-21 10:39:11.693root 11241100x8000000000000000399509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d34f43ae6aad4e02021-12-21 10:39:11.693root 11241100x8000000000000000399510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d78e90ec1653ae812021-12-21 10:39:11.694root 11241100x8000000000000000399511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfdf53e21ef15ff32021-12-21 10:39:11.694root 11241100x8000000000000000399512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b5e6e977e000f022021-12-21 10:39:11.694root 11241100x8000000000000000399513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41aa62b76497025d2021-12-21 10:39:11.694root 11241100x8000000000000000399514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d12069eff7bdc182021-12-21 10:39:11.694root 11241100x8000000000000000399515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72dca6eaf8fb9ba32021-12-21 10:39:11.694root 11241100x8000000000000000399516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.453ab852c470b85f2021-12-21 10:39:11.694root 354300x8000000000000000399517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.042{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47406-false10.0.1.12-8000- 11241100x8000000000000000399518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.043{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d45363eafa2437a2021-12-21 10:39:12.043root 11241100x8000000000000000399519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.043{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab326f1a6faf2aa42021-12-21 10:39:12.043root 11241100x8000000000000000399520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.043{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d42010311235a9c2021-12-21 10:39:12.043root 11241100x8000000000000000399521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.043{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93df7d40ff9453192021-12-21 10:39:12.043root 11241100x8000000000000000399522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88df512796b2ae9b2021-12-21 10:39:12.044root 11241100x8000000000000000399523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0dfedae3c6bf4c2021-12-21 10:39:12.044root 11241100x8000000000000000399524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0307089c51ea76922021-12-21 10:39:12.044root 11241100x8000000000000000399525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30d24e36db3055c22021-12-21 10:39:12.044root 11241100x8000000000000000399526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f50453e5db8aea412021-12-21 10:39:12.044root 11241100x8000000000000000399527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c94536fc0d1f3fdf2021-12-21 10:39:12.044root 11241100x8000000000000000399528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89564a8dd654f4a82021-12-21 10:39:12.044root 11241100x8000000000000000399529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd078f65c08215752021-12-21 10:39:12.044root 11241100x8000000000000000399530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9114c943711360a2021-12-21 10:39:12.044root 11241100x8000000000000000399531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ad16a1b4ba608e2021-12-21 10:39:12.044root 11241100x8000000000000000399532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973ed4da74006ca42021-12-21 10:39:12.443root 11241100x8000000000000000399533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2607809f0a0c2fd2021-12-21 10:39:12.443root 11241100x8000000000000000399534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5dc0db4b2e5b1c22021-12-21 10:39:12.443root 11241100x8000000000000000399535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3611f35fbb389732021-12-21 10:39:12.443root 11241100x8000000000000000399536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ca82e79ea1de6da2021-12-21 10:39:12.444root 11241100x8000000000000000399537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a524a3aec7211f082021-12-21 10:39:12.444root 11241100x8000000000000000399538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd28cb88874129e2021-12-21 10:39:12.444root 11241100x8000000000000000399539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de91dd759a14b2672021-12-21 10:39:12.444root 11241100x8000000000000000399540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bdb3e3f0390f4832021-12-21 10:39:12.444root 11241100x8000000000000000399541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.892b0688224bd4eb2021-12-21 10:39:12.444root 11241100x8000000000000000399542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39a8a80a7fc417d42021-12-21 10:39:12.444root 11241100x8000000000000000399543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53137a816a332e262021-12-21 10:39:12.444root 11241100x8000000000000000399544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb63e7ed2a495fde2021-12-21 10:39:12.445root 11241100x8000000000000000399545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8851ba8902a27dbc2021-12-21 10:39:12.445root 11241100x8000000000000000399546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f01d1ea11cc04b612021-12-21 10:39:12.943root 11241100x8000000000000000399547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f76f2bc561989d6b2021-12-21 10:39:12.943root 11241100x8000000000000000399548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73e87c7318c163f02021-12-21 10:39:12.943root 11241100x8000000000000000399549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.829ca99df9d7fff52021-12-21 10:39:12.943root 11241100x8000000000000000399550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a07816547c940012021-12-21 10:39:12.943root 11241100x8000000000000000399551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.271a625fd21bc59d2021-12-21 10:39:12.943root 11241100x8000000000000000399552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f6b8ae04904bed82021-12-21 10:39:12.944root 11241100x8000000000000000399553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f638d0f41d941be02021-12-21 10:39:12.944root 11241100x8000000000000000399554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceab0550116235b12021-12-21 10:39:12.944root 11241100x8000000000000000399555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba71c92eef56c5dd2021-12-21 10:39:12.944root 11241100x8000000000000000399556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4426cf5d645b42992021-12-21 10:39:12.944root 11241100x8000000000000000399557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa1e4f61a42a76222021-12-21 10:39:12.944root 11241100x8000000000000000399558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48423677b266d28b2021-12-21 10:39:12.944root 11241100x8000000000000000399559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c00488832049788d2021-12-21 10:39:12.944root 11241100x8000000000000000399560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e39d7934b2e0ac2021-12-21 10:39:13.443root 11241100x8000000000000000399561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56ef9ea20046a47d2021-12-21 10:39:13.443root 11241100x8000000000000000399562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a1d6692a50aa70e2021-12-21 10:39:13.443root 11241100x8000000000000000399563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c896ce13187a5e6a2021-12-21 10:39:13.443root 11241100x8000000000000000399564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62561dbcbcf5433f2021-12-21 10:39:13.443root 11241100x8000000000000000399565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5250edab9ec5c432021-12-21 10:39:13.443root 11241100x8000000000000000399566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e5cc42479b6b84f2021-12-21 10:39:13.444root 11241100x8000000000000000399567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec8604558278ae9d2021-12-21 10:39:13.444root 11241100x8000000000000000399568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e3aae8fc3927622021-12-21 10:39:13.444root 11241100x8000000000000000399569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aac48f554c65b232021-12-21 10:39:13.444root 11241100x8000000000000000399570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.293a5be4676ca7692021-12-21 10:39:13.444root 11241100x8000000000000000399571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078cae843419061e2021-12-21 10:39:13.444root 11241100x8000000000000000399572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f029a8775b1b65742021-12-21 10:39:13.444root 11241100x8000000000000000399573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.886bc22069679f642021-12-21 10:39:13.444root 11241100x8000000000000000399574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c312989b9945402021-12-21 10:39:13.943root 11241100x8000000000000000399575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1052aa3b079d48b32021-12-21 10:39:13.943root 11241100x8000000000000000399576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.798115b07d6ef7952021-12-21 10:39:13.943root 11241100x8000000000000000399577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8bb0bbee8ffb2c32021-12-21 10:39:13.943root 11241100x8000000000000000399578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e94e36a72a467472021-12-21 10:39:13.943root 11241100x8000000000000000399579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677db887ab9452992021-12-21 10:39:13.943root 11241100x8000000000000000399580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e59de52887861a0c2021-12-21 10:39:13.944root 11241100x8000000000000000399581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2176a34175fddc62021-12-21 10:39:13.944root 11241100x8000000000000000399582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa539a8a5842db9f2021-12-21 10:39:13.944root 11241100x8000000000000000399583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5864a57a7ab2e7572021-12-21 10:39:13.944root 11241100x8000000000000000399584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.542d22d58d223ccc2021-12-21 10:39:13.944root 11241100x8000000000000000399585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6110fb02720d6f2021-12-21 10:39:13.944root 11241100x8000000000000000399586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada278dd749309052021-12-21 10:39:13.944root 11241100x8000000000000000399587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e5a7caa8cb61ccd2021-12-21 10:39:13.944root 11241100x8000000000000000399588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f66d1eb8b6fff1bd2021-12-21 10:39:14.443root 11241100x8000000000000000399589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2e29e8efb58a022021-12-21 10:39:14.443root 11241100x8000000000000000399590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9de7ef752b6b9bf2021-12-21 10:39:14.443root 11241100x8000000000000000399591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.271f6f51268944222021-12-21 10:39:14.443root 11241100x8000000000000000399592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f183ffec61001bf2021-12-21 10:39:14.443root 11241100x8000000000000000399593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b4789dd8f7fd4822021-12-21 10:39:14.444root 11241100x8000000000000000399594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.468c2706570bfaae2021-12-21 10:39:14.444root 11241100x8000000000000000399595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd0b2984262fcb22021-12-21 10:39:14.444root 11241100x8000000000000000399596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7abbbac8ac4455e52021-12-21 10:39:14.444root 11241100x8000000000000000399597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c96685c3bce19f42021-12-21 10:39:14.444root 11241100x8000000000000000399598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ef61b0b5e4952e2021-12-21 10:39:14.445root 11241100x8000000000000000399599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51741172c8324daf2021-12-21 10:39:14.445root 11241100x8000000000000000399600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.314e69838c81d9512021-12-21 10:39:14.445root 11241100x8000000000000000399601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c67a3e7da98a8402021-12-21 10:39:14.445root 11241100x8000000000000000399602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcfaa99daa7191552021-12-21 10:39:14.943root 11241100x8000000000000000399603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.257b5316da5eb6842021-12-21 10:39:14.943root 11241100x8000000000000000399604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a27041c49f01c0f2021-12-21 10:39:14.943root 11241100x8000000000000000399605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46cc3d30af993652021-12-21 10:39:14.943root 11241100x8000000000000000399606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4988b6469ea36152021-12-21 10:39:14.943root 11241100x8000000000000000399607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2f4417312ee5ebe2021-12-21 10:39:14.944root 11241100x8000000000000000399608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b046dbf612f9677d2021-12-21 10:39:14.944root 11241100x8000000000000000399609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e93ed4706604d6f2021-12-21 10:39:14.944root 11241100x8000000000000000399610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.260791b08b02b1e12021-12-21 10:39:14.944root 11241100x8000000000000000399611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b0b860f00dca3372021-12-21 10:39:14.944root 11241100x8000000000000000399612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839af0425a667c3f2021-12-21 10:39:14.944root 11241100x8000000000000000399613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e7411a1805a4af32021-12-21 10:39:14.944root 11241100x8000000000000000399614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf9db6291b6084a2021-12-21 10:39:14.944root 11241100x8000000000000000399615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5baccc8899e34c2021-12-21 10:39:14.944root 11241100x8000000000000000399616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6135676aca6ca51d2021-12-21 10:39:15.443root 11241100x8000000000000000399617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d3915161daab0bc2021-12-21 10:39:15.443root 11241100x8000000000000000399618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b72a7b4bd49a80bb2021-12-21 10:39:15.443root 11241100x8000000000000000399619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e92adc5cc7ace12021-12-21 10:39:15.443root 11241100x8000000000000000399620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.286f1f457aef7e8b2021-12-21 10:39:15.443root 11241100x8000000000000000399621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbee57a8a8481ea42021-12-21 10:39:15.444root 11241100x8000000000000000399622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.580dac01c0bac0a92021-12-21 10:39:15.444root 11241100x8000000000000000399623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e4695bf7c00a7a72021-12-21 10:39:15.444root 11241100x8000000000000000399624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371ea04d3a3d9f5b2021-12-21 10:39:15.444root 11241100x8000000000000000399625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94bf0775279e95a82021-12-21 10:39:15.444root 11241100x8000000000000000399626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a20f7c8835477c2021-12-21 10:39:15.444root 11241100x8000000000000000399627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0cbb9649218735d2021-12-21 10:39:15.444root 11241100x8000000000000000399628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd76cda72b7eb8fd2021-12-21 10:39:15.444root 11241100x8000000000000000399629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8344011b9e2d8d42021-12-21 10:39:15.444root 11241100x8000000000000000399630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.040dd5bfd517b2522021-12-21 10:39:15.943root 11241100x8000000000000000399631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4846fd8abfdb1ed2021-12-21 10:39:15.943root 11241100x8000000000000000399632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.363944e469fdf0a52021-12-21 10:39:15.943root 11241100x8000000000000000399633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37cb62321187b9a2021-12-21 10:39:15.943root 11241100x8000000000000000399634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f6b7442f4c455fb2021-12-21 10:39:15.944root 11241100x8000000000000000399635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a0b9ffb019466bc2021-12-21 10:39:15.944root 11241100x8000000000000000399636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae75c5b886c549f92021-12-21 10:39:15.944root 11241100x8000000000000000399637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430a278b794b47af2021-12-21 10:39:15.944root 11241100x8000000000000000399638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75c1db7fc22242562021-12-21 10:39:15.944root 11241100x8000000000000000399639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae38b45bb4e98762021-12-21 10:39:15.944root 11241100x8000000000000000399640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e565e047515a2fd2021-12-21 10:39:15.944root 11241100x8000000000000000399641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f7b81cb6e3836cf2021-12-21 10:39:15.944root 11241100x8000000000000000399642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae7fbc077ec556a22021-12-21 10:39:15.944root 11241100x8000000000000000399643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2827b42772fc93f2021-12-21 10:39:15.945root 11241100x8000000000000000399644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca71769bdda8e7a2021-12-21 10:39:16.443root 11241100x8000000000000000399645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a04a2d8a894d08ae2021-12-21 10:39:16.443root 11241100x8000000000000000399646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4cac34c1a001afd2021-12-21 10:39:16.443root 11241100x8000000000000000399647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc6aaa4435bf41e2021-12-21 10:39:16.443root 11241100x8000000000000000399648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b27f3420dc85bff2021-12-21 10:39:16.444root 11241100x8000000000000000399649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eac19815c6dbdb52021-12-21 10:39:16.444root 11241100x8000000000000000399650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.780a28a01b9fa1382021-12-21 10:39:16.444root 11241100x8000000000000000399651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4de3ddb66f1c0f0f2021-12-21 10:39:16.444root 11241100x8000000000000000399652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ee1e5f8700c93d2021-12-21 10:39:16.444root 11241100x8000000000000000399653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39c166f72e1ebed82021-12-21 10:39:16.444root 11241100x8000000000000000399654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1c4c596bd44e112021-12-21 10:39:16.445root 11241100x8000000000000000399655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d13ad59e8b698ab92021-12-21 10:39:16.445root 11241100x8000000000000000399656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02287201eebc789f2021-12-21 10:39:16.445root 11241100x8000000000000000399657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.831eeb21914d06872021-12-21 10:39:16.445root 11241100x8000000000000000399658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93d3a3bc6b48e5552021-12-21 10:39:16.943root 11241100x8000000000000000399659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.658fd8e6e4a358a12021-12-21 10:39:16.943root 11241100x8000000000000000399660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa81579c6c3bcc32021-12-21 10:39:16.943root 11241100x8000000000000000399661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cff6b15814f48be2021-12-21 10:39:16.943root 11241100x8000000000000000399662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec57bc1f1f88430c2021-12-21 10:39:16.943root 11241100x8000000000000000399663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c740b2610a01862021-12-21 10:39:16.943root 11241100x8000000000000000399664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d97a8b55ca8a3782021-12-21 10:39:16.943root 11241100x8000000000000000399665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f2a90499bd98202021-12-21 10:39:16.944root 11241100x8000000000000000399666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6ed3cc498701ce2021-12-21 10:39:16.944root 11241100x8000000000000000399667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bff2d00ff7a1e512021-12-21 10:39:16.944root 11241100x8000000000000000399668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74921b1cc2171d052021-12-21 10:39:16.944root 11241100x8000000000000000399669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac8ad5c88c8b10e02021-12-21 10:39:16.944root 11241100x8000000000000000399670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b8b98694e1818132021-12-21 10:39:16.944root 11241100x8000000000000000399671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a852d7cf3b3fa4f2021-12-21 10:39:16.944root 354300x8000000000000000399672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.058{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47408-false10.0.1.12-8000- 11241100x8000000000000000399673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cee5362397e0cfb2021-12-21 10:39:17.443root 11241100x8000000000000000399674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3f681937a5877f2021-12-21 10:39:17.443root 11241100x8000000000000000399675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7baf2c10b31b18ef2021-12-21 10:39:17.444root 11241100x8000000000000000399676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a5326534c8aa162021-12-21 10:39:17.444root 11241100x8000000000000000399677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b938478208c9dadd2021-12-21 10:39:17.444root 11241100x8000000000000000399678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e29d37f265c3d7922021-12-21 10:39:17.444root 11241100x8000000000000000399679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a05c488519fb54932021-12-21 10:39:17.444root 11241100x8000000000000000399680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a75bff1d6090248e2021-12-21 10:39:17.444root 11241100x8000000000000000399681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a4e97e79034bb5c2021-12-21 10:39:17.445root 11241100x8000000000000000399682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4ad9ffd52fecfe2021-12-21 10:39:17.445root 11241100x8000000000000000399683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12024dc45634710d2021-12-21 10:39:17.445root 11241100x8000000000000000399684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9a5c37b47c87f62021-12-21 10:39:17.445root 11241100x8000000000000000399685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1bc8a1af8fc1062021-12-21 10:39:17.446root 11241100x8000000000000000399686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645d5542ca617f8e2021-12-21 10:39:17.446root 11241100x8000000000000000399687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd873060d8dbd8b2021-12-21 10:39:17.447root 11241100x8000000000000000399688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a9bdd6cc1562c52021-12-21 10:39:17.943root 11241100x8000000000000000399689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d10fb8d97371ee922021-12-21 10:39:17.943root 11241100x8000000000000000399690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f6e1ae7f58b47e2021-12-21 10:39:17.943root 11241100x8000000000000000399691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea2e7b60bfdcd18a2021-12-21 10:39:17.943root 11241100x8000000000000000399692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada6d5a63ec77b432021-12-21 10:39:17.944root 11241100x8000000000000000399693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f9cb1aa57841102021-12-21 10:39:17.944root 11241100x8000000000000000399694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ccea7f5afeec0b2021-12-21 10:39:17.944root 11241100x8000000000000000399695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd737388f8085c272021-12-21 10:39:17.944root 11241100x8000000000000000399696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b67063fe1eae92d62021-12-21 10:39:17.944root 11241100x8000000000000000399697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bd1cb0abf8110622021-12-21 10:39:17.944root 11241100x8000000000000000399698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e0c81c43e3f1972021-12-21 10:39:17.944root 11241100x8000000000000000399699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7deb3fa2cc5626d2021-12-21 10:39:17.944root 11241100x8000000000000000399700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a249e8500f8cfddf2021-12-21 10:39:17.944root 11241100x8000000000000000399701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09cf712d182998d2021-12-21 10:39:17.944root 11241100x8000000000000000399702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d789f9977d2a9a4e2021-12-21 10:39:17.945root 11241100x8000000000000000399703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1c72c15f3273e82021-12-21 10:39:18.443root 11241100x8000000000000000399704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1221e507b179f6f2021-12-21 10:39:18.443root 11241100x8000000000000000399705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d35f26a1725f0e2021-12-21 10:39:18.443root 11241100x8000000000000000399706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398c84e3ff2f38ff2021-12-21 10:39:18.443root 11241100x8000000000000000399707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463f78b111cfbb732021-12-21 10:39:18.443root 11241100x8000000000000000399708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d32e41da52edef8c2021-12-21 10:39:18.444root 11241100x8000000000000000399709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88aa42d262f1798d2021-12-21 10:39:18.444root 11241100x8000000000000000399710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51e6e2c0a73ee4942021-12-21 10:39:18.444root 11241100x8000000000000000399711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d629ce6dbfb9b4c92021-12-21 10:39:18.444root 11241100x8000000000000000399712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95677b6367b0d11f2021-12-21 10:39:18.444root 11241100x8000000000000000399713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce9e88c82f1f7be2021-12-21 10:39:18.444root 11241100x8000000000000000399714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c039d2b053604f2021-12-21 10:39:18.444root 11241100x8000000000000000399715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74b1a4cf8d664bf92021-12-21 10:39:18.444root 11241100x8000000000000000399716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd71d58b45d89ba2021-12-21 10:39:18.445root 11241100x8000000000000000399717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e3fb0bb8c70a2b2021-12-21 10:39:18.445root 11241100x8000000000000000399718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc2ec12bf2e1bb442021-12-21 10:39:18.943root 11241100x8000000000000000399719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10c31283de79b5d2021-12-21 10:39:18.943root 11241100x8000000000000000399720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.756121ea26b98ac92021-12-21 10:39:18.943root 11241100x8000000000000000399721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7136440d5ba7ce02021-12-21 10:39:18.943root 11241100x8000000000000000399722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ae86a2b7e8b0612021-12-21 10:39:18.944root 11241100x8000000000000000399723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dabbb56d3a40e2aa2021-12-21 10:39:18.944root 11241100x8000000000000000399724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c187b02ff80c3ac22021-12-21 10:39:18.944root 11241100x8000000000000000399725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534dbfacda5bc63f2021-12-21 10:39:18.944root 11241100x8000000000000000399726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.501c209a175b4d3c2021-12-21 10:39:18.944root 11241100x8000000000000000399727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ad67a89afbedd782021-12-21 10:39:18.944root 11241100x8000000000000000399728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.272a625ce246ae002021-12-21 10:39:18.944root 11241100x8000000000000000399729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc85c40111df34832021-12-21 10:39:18.944root 11241100x8000000000000000399730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef729e1505ce55e62021-12-21 10:39:18.945root 11241100x8000000000000000399731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06bed80a5cc2ce452021-12-21 10:39:18.945root 11241100x8000000000000000399732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1bd0be2746c5ce2021-12-21 10:39:18.945root 11241100x8000000000000000399733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a1c18128eb9dbf2021-12-21 10:39:19.443root 11241100x8000000000000000399734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e46b88372f13ac3a2021-12-21 10:39:19.443root 11241100x8000000000000000399735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fffc51efd082d83e2021-12-21 10:39:19.443root 11241100x8000000000000000399736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3500332f67c7137e2021-12-21 10:39:19.443root 11241100x8000000000000000399737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a2bb978ae53695e2021-12-21 10:39:19.443root 11241100x8000000000000000399738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b198fdfec8f9162021-12-21 10:39:19.443root 11241100x8000000000000000399739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1885c887a44e82122021-12-21 10:39:19.443root 11241100x8000000000000000399740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbfa3a8d4a1e06682021-12-21 10:39:19.444root 11241100x8000000000000000399741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5481224b1318c0622021-12-21 10:39:19.444root 11241100x8000000000000000399742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b7463c350207b8b2021-12-21 10:39:19.444root 11241100x8000000000000000399743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10601e4c06fdfb8d2021-12-21 10:39:19.444root 11241100x8000000000000000399744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16719bd1213c0b62021-12-21 10:39:19.444root 11241100x8000000000000000399745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1397b012b15bbbd62021-12-21 10:39:19.444root 11241100x8000000000000000399746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bbb8c6823cbb7172021-12-21 10:39:19.444root 11241100x8000000000000000399747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a55c08bf641fdc052021-12-21 10:39:19.444root 11241100x8000000000000000399748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e30e77bef48b38a2021-12-21 10:39:19.943root 11241100x8000000000000000399749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2980c762a995a4d02021-12-21 10:39:19.943root 11241100x8000000000000000399750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c57019fdd76850a2021-12-21 10:39:19.943root 11241100x8000000000000000399751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e72d9d409a6ced152021-12-21 10:39:19.943root 11241100x8000000000000000399752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b5f99e18e6731312021-12-21 10:39:19.943root 11241100x8000000000000000399753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f88418d833a171962021-12-21 10:39:19.944root 11241100x8000000000000000399754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0472a32698a5ee12021-12-21 10:39:19.944root 11241100x8000000000000000399755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c55bbaba7f531c062021-12-21 10:39:19.944root 11241100x8000000000000000399756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.351069dfb16b6c2a2021-12-21 10:39:19.944root 11241100x8000000000000000399757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462615531cbf5f552021-12-21 10:39:19.944root 11241100x8000000000000000399758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8449a0e01e861c9d2021-12-21 10:39:19.944root 11241100x8000000000000000399759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62881f2700cd36a52021-12-21 10:39:19.944root 11241100x8000000000000000399760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c3c24b4064967b2021-12-21 10:39:19.944root 11241100x8000000000000000399761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.110e31c5cc5211b12021-12-21 10:39:19.944root 11241100x8000000000000000399762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa098eb49c8df38d2021-12-21 10:39:19.945root 11241100x8000000000000000399763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e74b03b77f229002021-12-21 10:39:20.443root 11241100x8000000000000000399764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3530f5a98bef99e2021-12-21 10:39:20.443root 11241100x8000000000000000399765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd5c46021da99ba02021-12-21 10:39:20.443root 11241100x8000000000000000399766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1cc72878ab3ae22021-12-21 10:39:20.443root 11241100x8000000000000000399767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6672a079502cdecf2021-12-21 10:39:20.443root 11241100x8000000000000000399768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.587528cd04ad5d172021-12-21 10:39:20.444root 11241100x8000000000000000399769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b8be99d27559a452021-12-21 10:39:20.444root 11241100x8000000000000000399770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6628234f44e6f4032021-12-21 10:39:20.444root 11241100x8000000000000000399771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f8f768b823232a2021-12-21 10:39:20.444root 11241100x8000000000000000399772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde60d00651ac3c82021-12-21 10:39:20.444root 11241100x8000000000000000399773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caf4a617b0e1a94c2021-12-21 10:39:20.444root 11241100x8000000000000000399774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be1aed5f002bf112021-12-21 10:39:20.444root 11241100x8000000000000000399775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.740de7ed866f48b02021-12-21 10:39:20.444root 11241100x8000000000000000399776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc5b166fc834c242021-12-21 10:39:20.445root 11241100x8000000000000000399777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440c488e79a23a9a2021-12-21 10:39:20.445root 11241100x8000000000000000399778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6bb11cc7a65d1042021-12-21 10:39:20.943root 11241100x8000000000000000399779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f3b7b0c6577dcf72021-12-21 10:39:20.943root 11241100x8000000000000000399780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1c82bf3b0b9f1c2021-12-21 10:39:20.943root 11241100x8000000000000000399781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b124dfb87607a54e2021-12-21 10:39:20.943root 11241100x8000000000000000399782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a2ae21974d29ca92021-12-21 10:39:20.943root 11241100x8000000000000000399783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d1726d33f2a9382021-12-21 10:39:20.943root 11241100x8000000000000000399784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cceb9726c5732282021-12-21 10:39:20.943root 11241100x8000000000000000399785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e31c936430ec98b22021-12-21 10:39:20.944root 11241100x8000000000000000399786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428d538f035e2cd42021-12-21 10:39:20.944root 11241100x8000000000000000399787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2784bf3b5fe5dc422021-12-21 10:39:20.944root 11241100x8000000000000000399788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07365259fd8c91a32021-12-21 10:39:20.944root 11241100x8000000000000000399789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f71a1128ad4fbc82021-12-21 10:39:20.944root 11241100x8000000000000000399790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11315792c62d11ee2021-12-21 10:39:20.944root 11241100x8000000000000000399791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a44a1db3544101c72021-12-21 10:39:20.944root 11241100x8000000000000000399792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f24b798dcf5b3c442021-12-21 10:39:20.944root 11241100x8000000000000000399793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b2de674592ae8a2021-12-21 10:39:21.443root 11241100x8000000000000000399794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7f642e26fb2547e2021-12-21 10:39:21.443root 11241100x8000000000000000399795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c28dc43fe8bf20e2021-12-21 10:39:21.443root 11241100x8000000000000000399796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e9103e278d36b42021-12-21 10:39:21.443root 11241100x8000000000000000399797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1afaf62ba7a82d912021-12-21 10:39:21.443root 11241100x8000000000000000399798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.424574cadfefa6082021-12-21 10:39:21.443root 11241100x8000000000000000399799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f70f0add8195b2af2021-12-21 10:39:21.443root 11241100x8000000000000000399800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.598eb33457f7886d2021-12-21 10:39:21.444root 11241100x8000000000000000399801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f6af76421650d172021-12-21 10:39:21.444root 11241100x8000000000000000399802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4656c2738445d2052021-12-21 10:39:21.444root 11241100x8000000000000000399803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50bca0c2933e38e22021-12-21 10:39:21.444root 11241100x8000000000000000399804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6203533b6cb53712021-12-21 10:39:21.444root 11241100x8000000000000000399805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2028f5d2bf37daf52021-12-21 10:39:21.444root 11241100x8000000000000000399806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e9a84adffeb23462021-12-21 10:39:21.444root 11241100x8000000000000000399807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c8c3f67616f637a2021-12-21 10:39:21.444root 11241100x8000000000000000399808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9ea0419ebc90102021-12-21 10:39:21.943root 11241100x8000000000000000399809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b15921c123aa632021-12-21 10:39:21.943root 11241100x8000000000000000399810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0f3403727c9e7122021-12-21 10:39:21.943root 11241100x8000000000000000399811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.145b21add6926b002021-12-21 10:39:21.943root 11241100x8000000000000000399812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c2cd38621c61a52021-12-21 10:39:21.943root 11241100x8000000000000000399813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5153a06140fccd72021-12-21 10:39:21.943root 11241100x8000000000000000399814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.433054689b5013e02021-12-21 10:39:21.943root 11241100x8000000000000000399815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.261d6a069562cb2f2021-12-21 10:39:21.944root 11241100x8000000000000000399816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a0c014f831fa0712021-12-21 10:39:21.944root 11241100x8000000000000000399817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b383ab5757c12a2021-12-21 10:39:21.944root 11241100x8000000000000000399818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89604dab40e3ea1d2021-12-21 10:39:21.944root 11241100x8000000000000000399819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba1b04c573923532021-12-21 10:39:21.944root 11241100x8000000000000000399820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2cd5736ae93a3362021-12-21 10:39:21.944root 11241100x8000000000000000399821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c922485e1a8d87672021-12-21 10:39:21.944root 11241100x8000000000000000399822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc9f931625b65c272021-12-21 10:39:21.944root 354300x8000000000000000399823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:22.128{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47410-false10.0.1.12-8000- 11241100x8000000000000000399824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c4c2ab7b3149e702021-12-21 10:39:22.443root 11241100x8000000000000000399825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b41dd6097550712021-12-21 10:39:22.443root 11241100x8000000000000000399826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a1cd394b2cb105b2021-12-21 10:39:22.443root 11241100x8000000000000000399827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35da1b48b3b1409a2021-12-21 10:39:22.444root 11241100x8000000000000000399828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68e763720f2874532021-12-21 10:39:22.444root 11241100x8000000000000000399829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e4a263c2304295a2021-12-21 10:39:22.444root 11241100x8000000000000000399830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad74244c6e9c7f912021-12-21 10:39:22.444root 11241100x8000000000000000399831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e88f16d8e2ca0e12021-12-21 10:39:22.444root 11241100x8000000000000000399832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28b346303b8c1932021-12-21 10:39:22.444root 11241100x8000000000000000399833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc9875e2a9d3e762021-12-21 10:39:22.444root 11241100x8000000000000000399834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06ef5413a95865ec2021-12-21 10:39:22.444root 11241100x8000000000000000399835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a696c9d84905f42021-12-21 10:39:22.444root 11241100x8000000000000000399836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c9e0c4ec66e641f2021-12-21 10:39:22.444root 11241100x8000000000000000399837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e859f2a06fb597a42021-12-21 10:39:22.445root 11241100x8000000000000000399838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.238f3d10c1ef30942021-12-21 10:39:22.445root 11241100x8000000000000000399839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e0144acf5602872021-12-21 10:39:22.445root 11241100x8000000000000000399840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c425263f11d48d92021-12-21 10:39:22.943root 11241100x8000000000000000399841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c53a5431b71c392021-12-21 10:39:22.943root 11241100x8000000000000000399842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b5faf34b666fcc2021-12-21 10:39:22.943root 11241100x8000000000000000399843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d23834187763cbd52021-12-21 10:39:22.943root 11241100x8000000000000000399844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd13703231e157f02021-12-21 10:39:22.944root 11241100x8000000000000000399845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fed1cb6bc4ae7ea62021-12-21 10:39:22.944root 11241100x8000000000000000399846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ac328c7b75b8942021-12-21 10:39:22.944root 11241100x8000000000000000399847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506f3ce1c1914bbc2021-12-21 10:39:22.944root 11241100x8000000000000000399848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab839b9c83f4aa62021-12-21 10:39:22.944root 11241100x8000000000000000399849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0cf56315b111e692021-12-21 10:39:22.944root 11241100x8000000000000000399850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d915ea8fbdb5fcc72021-12-21 10:39:22.944root 11241100x8000000000000000399851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22b79ded7f79867b2021-12-21 10:39:22.944root 11241100x8000000000000000399852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf607e928f2338692021-12-21 10:39:22.944root 11241100x8000000000000000399853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29d1ea11c760c1d62021-12-21 10:39:22.944root 11241100x8000000000000000399854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb00e95eb5dbf1b32021-12-21 10:39:22.944root 11241100x8000000000000000399855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839a2c667ae939602021-12-21 10:39:22.944root 11241100x8000000000000000399856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bce3b32e6c221672021-12-21 10:39:23.443root 11241100x8000000000000000399857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.675b585eb949689e2021-12-21 10:39:23.443root 11241100x8000000000000000399858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53340943eb5429562021-12-21 10:39:23.443root 11241100x8000000000000000399859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6fe69d2a9c851e2021-12-21 10:39:23.443root 11241100x8000000000000000399860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01136058c24f212d2021-12-21 10:39:23.443root 11241100x8000000000000000399861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.891f1a8d8e374aee2021-12-21 10:39:23.443root 11241100x8000000000000000399862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f86dd44b2ebdc6182021-12-21 10:39:23.443root 11241100x8000000000000000399863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51949d3af4c333042021-12-21 10:39:23.444root 11241100x8000000000000000399864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80646be217dfd5012021-12-21 10:39:23.444root 11241100x8000000000000000399865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ed598d872911ec2021-12-21 10:39:23.444root 11241100x8000000000000000399866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa4fc203033d3ae2021-12-21 10:39:23.444root 11241100x8000000000000000399867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5456b88d8062a3a42021-12-21 10:39:23.444root 11241100x8000000000000000399868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf94b15b0ed8f66e2021-12-21 10:39:23.444root 11241100x8000000000000000399869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f36248dbf9ed31292021-12-21 10:39:23.444root 11241100x8000000000000000399870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d31a9cac97e3b22021-12-21 10:39:23.444root 11241100x8000000000000000399871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534d5fcc7a5b95ab2021-12-21 10:39:23.444root 11241100x8000000000000000399872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec8bb97be84fb1022021-12-21 10:39:23.943root 11241100x8000000000000000399873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.284345abefa79b8e2021-12-21 10:39:23.943root 11241100x8000000000000000399874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79c11b99713535a72021-12-21 10:39:23.943root 11241100x8000000000000000399875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a9b8f92c88187ba2021-12-21 10:39:23.943root 11241100x8000000000000000399876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.363330acac319d652021-12-21 10:39:23.943root 11241100x8000000000000000399877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ed7dbd3882900422021-12-21 10:39:23.943root 11241100x8000000000000000399878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca41fc1425b4c542021-12-21 10:39:23.943root 11241100x8000000000000000399879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.509dae85041d08372021-12-21 10:39:23.944root 11241100x8000000000000000399880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d550643167009f6a2021-12-21 10:39:23.944root 11241100x8000000000000000399881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb2eb3cefd576eff2021-12-21 10:39:23.944root 11241100x8000000000000000399882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b76d6f0ae2b626c2021-12-21 10:39:23.944root 11241100x8000000000000000399883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e20ac3b91bebc82021-12-21 10:39:23.944root 11241100x8000000000000000399884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a489422b1f56c4ef2021-12-21 10:39:23.944root 11241100x8000000000000000399885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc1add50015302a2021-12-21 10:39:23.944root 11241100x8000000000000000399886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18743a0deb5aae2d2021-12-21 10:39:23.944root 11241100x8000000000000000399887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbcef95fe4e886392021-12-21 10:39:23.944root 11241100x8000000000000000399888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34241ea11329cd9c2021-12-21 10:39:24.443root 11241100x8000000000000000399889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ded2a8586f3cee72021-12-21 10:39:24.443root 11241100x8000000000000000399890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a5c4f1331671142021-12-21 10:39:24.443root 11241100x8000000000000000399891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc7066d1d4cb6dc42021-12-21 10:39:24.443root 11241100x8000000000000000399892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f475434bde7c58c2021-12-21 10:39:24.443root 11241100x8000000000000000399893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9927aaa8bae2565d2021-12-21 10:39:24.443root 11241100x8000000000000000399894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3311bd8393942bd02021-12-21 10:39:24.444root 11241100x8000000000000000399895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76614eb16ed74bf22021-12-21 10:39:24.444root 11241100x8000000000000000399896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368fbb700d26cdb32021-12-21 10:39:24.444root 11241100x8000000000000000399897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56951bbc5bdbf68d2021-12-21 10:39:24.444root 11241100x8000000000000000399898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccad36135b4709362021-12-21 10:39:24.444root 11241100x8000000000000000399899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ee2ca847c106f192021-12-21 10:39:24.444root 11241100x8000000000000000399900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c88275ba8a7decc2021-12-21 10:39:24.444root 11241100x8000000000000000399901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb0b91a92217e482021-12-21 10:39:24.444root 11241100x8000000000000000399902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc264658b4f61b232021-12-21 10:39:24.444root 11241100x8000000000000000399903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.665ef3635395e4962021-12-21 10:39:24.444root 11241100x8000000000000000399904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.466dcae9ca288b0a2021-12-21 10:39:24.943root 11241100x8000000000000000399905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be04701d8c9f9d1a2021-12-21 10:39:24.943root 11241100x8000000000000000399906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4547059cf506752021-12-21 10:39:24.943root 11241100x8000000000000000399907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.842e5ae8136cc2972021-12-21 10:39:24.944root 11241100x8000000000000000399908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.863ed6f4035318312021-12-21 10:39:24.944root 11241100x8000000000000000399909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d69a7278718c884f2021-12-21 10:39:24.944root 11241100x8000000000000000399910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732351e548e54a732021-12-21 10:39:24.944root 11241100x8000000000000000399911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af6fdc9dea06ff22021-12-21 10:39:24.944root 11241100x8000000000000000399912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.231d10095350b4722021-12-21 10:39:24.944root 11241100x8000000000000000399913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe77853bf2aa49e2021-12-21 10:39:24.944root 11241100x8000000000000000399914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f95ab9f28d1cc92021-12-21 10:39:24.945root 11241100x8000000000000000399915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03b9d65960cc96b52021-12-21 10:39:24.945root 11241100x8000000000000000399916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b5037a37b2ddd9d2021-12-21 10:39:24.945root 11241100x8000000000000000399917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfabe3dfa2efeafb2021-12-21 10:39:24.945root 11241100x8000000000000000399918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f92256461f2ea6d32021-12-21 10:39:24.945root 11241100x8000000000000000399919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.259b31cd19d765ef2021-12-21 10:39:24.945root 354300x8000000000000000399920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:25.181{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-34476-false10.0.1.12-8089- 11241100x8000000000000000399921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4316eb99c59a6ae12021-12-21 10:39:25.443root 11241100x8000000000000000399922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.555765143c4821022021-12-21 10:39:25.443root 11241100x8000000000000000399923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5740189575dc30072021-12-21 10:39:25.443root 11241100x8000000000000000399924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.388b87eca632b8992021-12-21 10:39:25.443root 11241100x8000000000000000399925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0876849daf81b7872021-12-21 10:39:25.444root 11241100x8000000000000000399926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.006f6c779732bc812021-12-21 10:39:25.444root 11241100x8000000000000000399927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.407762ced08e91872021-12-21 10:39:25.444root 11241100x8000000000000000399928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79f6ae8b88cbd58a2021-12-21 10:39:25.444root 11241100x8000000000000000399929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab9e0dacd608909c2021-12-21 10:39:25.444root 11241100x8000000000000000399930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb3ce49fb3ab99592021-12-21 10:39:25.444root 11241100x8000000000000000399931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f34f41c75fa4b22b2021-12-21 10:39:25.444root 11241100x8000000000000000399932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2152aea1ce47f92021-12-21 10:39:25.445root 11241100x8000000000000000399933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9861f4107cc0bf042021-12-21 10:39:25.445root 11241100x8000000000000000399934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6410a6024154f64b2021-12-21 10:39:25.445root 11241100x8000000000000000399935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c921a219f5a9bd282021-12-21 10:39:25.445root 11241100x8000000000000000399936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6281ae601f409a262021-12-21 10:39:25.445root 11241100x8000000000000000399937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6847ef23ef4889102021-12-21 10:39:25.445root 11241100x8000000000000000399938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f74a2181a189e92021-12-21 10:39:25.943root 11241100x8000000000000000399939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0489cef750e67d292021-12-21 10:39:25.943root 11241100x8000000000000000399940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12431e78a162d0d72021-12-21 10:39:25.943root 11241100x8000000000000000399941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0535454a1e5bc5612021-12-21 10:39:25.943root 11241100x8000000000000000399942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a83477931c4014e42021-12-21 10:39:25.943root 11241100x8000000000000000399943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8feb63173ff00822021-12-21 10:39:25.943root 11241100x8000000000000000399944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c09729d58b5e9d352021-12-21 10:39:25.944root 11241100x8000000000000000399945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b48cf8c68d335f2021-12-21 10:39:25.944root 11241100x8000000000000000399946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.123ff8fe46092b322021-12-21 10:39:25.944root 11241100x8000000000000000399947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f05637bc65efb312021-12-21 10:39:25.944root 11241100x8000000000000000399948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63554d774e2167a12021-12-21 10:39:25.944root 11241100x8000000000000000399949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d83dac04a88a02ef2021-12-21 10:39:25.944root 11241100x8000000000000000399950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103d87a07ca8b2992021-12-21 10:39:25.944root 11241100x8000000000000000399951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c5156013593ad142021-12-21 10:39:25.944root 11241100x8000000000000000399952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5fb052b2a779e5c2021-12-21 10:39:25.944root 11241100x8000000000000000399953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d462002e8dad31e2021-12-21 10:39:25.944root 11241100x8000000000000000399954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca777724e0527dc2021-12-21 10:39:25.944root 11241100x8000000000000000399955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cda681d109ebd342021-12-21 10:39:26.443root 11241100x8000000000000000399956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af3a7eed06b449392021-12-21 10:39:26.443root 11241100x8000000000000000399957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2436905a101a9622021-12-21 10:39:26.443root 11241100x8000000000000000399958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4685c31d284ae42021-12-21 10:39:26.443root 11241100x8000000000000000399959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11ae26d8ed2f34fc2021-12-21 10:39:26.443root 11241100x8000000000000000399960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.552d711c4d23221d2021-12-21 10:39:26.444root 11241100x8000000000000000399961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a8cc80580c723252021-12-21 10:39:26.444root 11241100x8000000000000000399962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f84d1d1387da472021-12-21 10:39:26.444root 11241100x8000000000000000399963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1effcac4f3d31ffe2021-12-21 10:39:26.444root 11241100x8000000000000000399964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53fd2a1ad1d4cd1b2021-12-21 10:39:26.444root 11241100x8000000000000000399965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.227ce1f75424ec862021-12-21 10:39:26.444root 11241100x8000000000000000399966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba7569b05b971d12021-12-21 10:39:26.444root 11241100x8000000000000000399967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae48f9ebba2d0dd2021-12-21 10:39:26.444root 11241100x8000000000000000399968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baecfca98d7fa6df2021-12-21 10:39:26.444root 11241100x8000000000000000399969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71bb6277a04145c72021-12-21 10:39:26.444root 11241100x8000000000000000399970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b400d2d9725a192021-12-21 10:39:26.444root 11241100x8000000000000000399971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c3d428779ca1e52021-12-21 10:39:26.444root 11241100x8000000000000000399972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd7c7fedd0e3cc82021-12-21 10:39:26.943root 11241100x8000000000000000399973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a358f9eb23dca22021-12-21 10:39:26.943root 11241100x8000000000000000399974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca7ed0765bb67e22021-12-21 10:39:26.943root 11241100x8000000000000000399975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299a0930071573fe2021-12-21 10:39:26.943root 11241100x8000000000000000399976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0501eeaab2c6586b2021-12-21 10:39:26.943root 11241100x8000000000000000399977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ddf24f461711ee32021-12-21 10:39:26.943root 11241100x8000000000000000399978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2c1774e330a9f052021-12-21 10:39:26.944root 11241100x8000000000000000399979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9dfa43f556a689c2021-12-21 10:39:26.944root 11241100x8000000000000000399980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d05813d85dc028c2021-12-21 10:39:26.944root 11241100x8000000000000000399981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b9c7ee4ae38cf2b2021-12-21 10:39:26.944root 11241100x8000000000000000399982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74062a34fa1abf972021-12-21 10:39:26.944root 11241100x8000000000000000399983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92709c826836cc1e2021-12-21 10:39:26.944root 11241100x8000000000000000399984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db855a55a3fbf5732021-12-21 10:39:26.944root 11241100x8000000000000000399985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.443aef55320b43402021-12-21 10:39:26.944root 11241100x8000000000000000399986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fbbef9f782878692021-12-21 10:39:26.944root 11241100x8000000000000000399987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9680e509d8b067932021-12-21 10:39:26.944root 11241100x8000000000000000399988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3ea78e7b24ac7422021-12-21 10:39:26.944root 354300x8000000000000000399989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:27.171{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47414-false10.0.1.12-8000- 11241100x8000000000000000399990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b87a2d90a8103f62021-12-21 10:39:27.443root 11241100x8000000000000000399991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2545ce4931a7e42021-12-21 10:39:27.443root 11241100x8000000000000000399992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0abfa89b465df682021-12-21 10:39:27.443root 11241100x8000000000000000399993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe1032ee4d4ae822021-12-21 10:39:27.443root 11241100x8000000000000000399994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6345338744d94fdb2021-12-21 10:39:27.444root 11241100x8000000000000000399995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e094192935bad1562021-12-21 10:39:27.444root 11241100x8000000000000000399996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f43742f9b9567ff12021-12-21 10:39:27.444root 11241100x8000000000000000399997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e41367f79e4418772021-12-21 10:39:27.444root 11241100x8000000000000000399998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfaea68d10332b872021-12-21 10:39:27.444root 11241100x8000000000000000399999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfb822d3e73652342021-12-21 10:39:27.444root 11241100x8000000000000000400000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc793c0914ca8d422021-12-21 10:39:27.444root 11241100x8000000000000000400001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb72e2967826be522021-12-21 10:39:27.444root 11241100x8000000000000000400002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b39e55b778c66fc32021-12-21 10:39:27.444root 11241100x8000000000000000400003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e63195ec22b4c22021-12-21 10:39:27.444root 11241100x8000000000000000400004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e09131815776f992021-12-21 10:39:27.444root 11241100x8000000000000000400005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd29137afab48e952021-12-21 10:39:27.444root 11241100x8000000000000000400006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c6f2260665948d22021-12-21 10:39:27.444root 11241100x8000000000000000400007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eda29df53d08ec22021-12-21 10:39:27.444root 11241100x8000000000000000400008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd4385ed545ff2a82021-12-21 10:39:27.943root 11241100x8000000000000000400009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7a0275f4565cec62021-12-21 10:39:27.944root 11241100x8000000000000000400010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f008bf33df9fd0f2021-12-21 10:39:27.944root 11241100x8000000000000000400011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de733dfafd0628502021-12-21 10:39:27.944root 11241100x8000000000000000400012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8840e8b8eb3d416b2021-12-21 10:39:27.944root 11241100x8000000000000000400013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b266bd8747f515012021-12-21 10:39:27.944root 11241100x8000000000000000400014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09ad764ef46fdf82021-12-21 10:39:27.944root 11241100x8000000000000000400015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8778d407cb4152a2021-12-21 10:39:27.944root 11241100x8000000000000000400016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3af5200b8ac7a532021-12-21 10:39:27.944root 11241100x8000000000000000400017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c18f08b0d1280492021-12-21 10:39:27.944root 11241100x8000000000000000400018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be14b2781f7758382021-12-21 10:39:27.944root 11241100x8000000000000000400019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14c4e03f7ec5a68d2021-12-21 10:39:27.944root 11241100x8000000000000000400020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eafa0c7b7e8c24372021-12-21 10:39:27.944root 11241100x8000000000000000400021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf37f1b3e5045f3c2021-12-21 10:39:27.944root 11241100x8000000000000000400022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42ded31536d92ac2021-12-21 10:39:27.944root 11241100x8000000000000000400023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874bbbcd192bc5af2021-12-21 10:39:27.944root 11241100x8000000000000000400024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.624b380a9bc0f81b2021-12-21 10:39:27.944root 11241100x8000000000000000400025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e977b45445965c92021-12-21 10:39:27.945root 154100x8000000000000000400026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:28.241{ec2b6afe-aee0-61c1-68a4-f4a955550000}9754/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 11241100x8000000000000000400027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:28.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9603b0bc1c403dd02021-12-21 10:39:28.242root 11241100x8000000000000000400028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:28.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af955b87cb4843f22021-12-21 10:39:28.242root 11241100x8000000000000000400029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:28.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603b1c5d229eea3a2021-12-21 10:39:28.242root 11241100x8000000000000000400030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:28.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7855cad1db0b1e932021-12-21 10:39:28.242root 11241100x8000000000000000400031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:28.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c1c4aa4b45edc62021-12-21 10:39:28.242root 11241100x8000000000000000400032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:28.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed9f58d3c3acccae2021-12-21 10:39:28.243root 11241100x8000000000000000400033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:28.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0c05eaa06d1f6f2021-12-21 10:39:28.243root 11241100x8000000000000000400034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:28.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58695fa9399763a62021-12-21 10:39:28.243root 11241100x8000000000000000400035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:28.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3b7cb0082e50bb82021-12-21 10:39:28.243root 11241100x8000000000000000400036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:28.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eab2beba3ba153c2021-12-21 10:39:28.243root 11241100x8000000000000000400037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:28.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f340f18027565752021-12-21 10:39:28.243root 11241100x8000000000000000400038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:28.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.814b5b414db3e9ed2021-12-21 10:39:28.243root 11241100x8000000000000000400039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:28.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.230ba443e24dcfb02021-12-21 10:39:28.243root 11241100x8000000000000000400040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:28.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc53bb76b461ea02021-12-21 10:39:28.243root 11241100x8000000000000000400041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:28.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.005e6d54ed7de3142021-12-21 10:39:28.243root 11241100x8000000000000000400042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:28.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa129118d275345a2021-12-21 10:39:28.243root 11241100x8000000000000000400043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:28.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd4bfb1c36405a72021-12-21 10:39:28.243root 11241100x8000000000000000400044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:28.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed9cf0448f788e302021-12-21 10:39:28.243root 11241100x8000000000000000400045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:28.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3065b4e8a4c152222021-12-21 10:39:28.243root 534500x8000000000000000400046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:28.255{ec2b6afe-aee0-61c1-68a4-f4a955550000}9754/bin/psroot 11241100x8000000000000000400047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd744b8f9350c632021-12-21 10:39:28.693root 11241100x8000000000000000400048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e89e84e29bd3f8bc2021-12-21 10:39:28.693root 11241100x8000000000000000400049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33b3f6ce789c07522021-12-21 10:39:28.693root 11241100x8000000000000000400050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be488d05e1458582021-12-21 10:39:28.693root 11241100x8000000000000000400051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.641b997afc00a2ac2021-12-21 10:39:28.694root 11241100x8000000000000000400052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e89c74d1df31535a2021-12-21 10:39:28.694root 11241100x8000000000000000400053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6726515659e124872021-12-21 10:39:28.694root 11241100x8000000000000000400054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f341a187d2b56bb2021-12-21 10:39:28.694root 11241100x8000000000000000400055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2edf9baff0de302021-12-21 10:39:28.694root 11241100x8000000000000000400056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24914e047c538e692021-12-21 10:39:28.694root 11241100x8000000000000000400057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f3406558fc8c702021-12-21 10:39:28.694root 11241100x8000000000000000400058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695dc9e8963500892021-12-21 10:39:28.694root 11241100x8000000000000000400059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7be1f166488af8f2021-12-21 10:39:28.694root 11241100x8000000000000000400060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0019ac5860fbb8542021-12-21 10:39:28.695root 11241100x8000000000000000400061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f084b8e1244831b2021-12-21 10:39:28.695root 11241100x8000000000000000400062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e7a0ff69fbeba142021-12-21 10:39:28.695root 11241100x8000000000000000400063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c941c5d39f309bed2021-12-21 10:39:28.695root 11241100x8000000000000000400064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e1f2e51e10b82eb2021-12-21 10:39:28.695root 11241100x8000000000000000400065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.714536b0d06e9fcd2021-12-21 10:39:28.695root 11241100x8000000000000000400066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28fb194591011d4a2021-12-21 10:39:28.695root 11241100x8000000000000000400067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e5d2d9b53f6d2762021-12-21 10:39:29.193root 11241100x8000000000000000400068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe7c2b03c49431a62021-12-21 10:39:29.193root 11241100x8000000000000000400069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b88b01d4870070de2021-12-21 10:39:29.193root 11241100x8000000000000000400070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36817843921a9a242021-12-21 10:39:29.193root 11241100x8000000000000000400071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da55219d103591d72021-12-21 10:39:29.194root 11241100x8000000000000000400072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.731267c5df4b91532021-12-21 10:39:29.194root 11241100x8000000000000000400073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1445c73c5a66a112021-12-21 10:39:29.194root 11241100x8000000000000000400074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c97374e9b6c88642021-12-21 10:39:29.194root 11241100x8000000000000000400075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88428d4bd82bcec32021-12-21 10:39:29.194root 11241100x8000000000000000400076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9447787eb235478b2021-12-21 10:39:29.194root 11241100x8000000000000000400077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19605a7338246d832021-12-21 10:39:29.194root 11241100x8000000000000000400078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e82b220687b10002021-12-21 10:39:29.194root 11241100x8000000000000000400079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faee245f8a1caaa72021-12-21 10:39:29.194root 11241100x8000000000000000400080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecc01200e22106522021-12-21 10:39:29.194root 11241100x8000000000000000400081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee71a14e51060e82021-12-21 10:39:29.194root 11241100x8000000000000000400082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d54bdbafaa160c62021-12-21 10:39:29.194root 11241100x8000000000000000400083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.753889a5400c39772021-12-21 10:39:29.195root 11241100x8000000000000000400084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb725b7d51db8312021-12-21 10:39:29.195root 11241100x8000000000000000400085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d7c18b4eee21792021-12-21 10:39:29.195root 11241100x8000000000000000400086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64bf17cb63c980922021-12-21 10:39:29.195root 11241100x8000000000000000400087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bd91ce0a3173aa02021-12-21 10:39:29.693root 11241100x8000000000000000400088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.064132e78c43e57c2021-12-21 10:39:29.693root 11241100x8000000000000000400089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8685eb8fb0a9c3272021-12-21 10:39:29.693root 11241100x8000000000000000400090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b777498890589d4b2021-12-21 10:39:29.693root 11241100x8000000000000000400091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.704cac8c5f1c40362021-12-21 10:39:29.694root 11241100x8000000000000000400092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a34c50fea95af3342021-12-21 10:39:29.694root 11241100x8000000000000000400093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0761e5a9b0def7212021-12-21 10:39:29.694root 11241100x8000000000000000400094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a06d0aa1184f1a2021-12-21 10:39:29.694root 11241100x8000000000000000400095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1411305beff3efba2021-12-21 10:39:29.694root 11241100x8000000000000000400096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4265d976cca9ce9a2021-12-21 10:39:29.694root 11241100x8000000000000000400097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49637374cf8b1e982021-12-21 10:39:29.694root 11241100x8000000000000000400098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8683118fd72656d02021-12-21 10:39:29.694root 11241100x8000000000000000400099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f5dfad0e7d302152021-12-21 10:39:29.694root 11241100x8000000000000000400100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb6fa39d72df85d2021-12-21 10:39:29.694root 11241100x8000000000000000400101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd1b246b9e1f9142021-12-21 10:39:29.694root 11241100x8000000000000000400102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.858941fcb5fd72942021-12-21 10:39:29.695root 11241100x8000000000000000400103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9200cba5403e7e32021-12-21 10:39:29.695root 11241100x8000000000000000400104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e1e213fcb5f67e2021-12-21 10:39:29.695root 11241100x8000000000000000400105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff322b08d63d5be72021-12-21 10:39:29.695root 11241100x8000000000000000400106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a53704330e7534362021-12-21 10:39:29.695root 11241100x8000000000000000400107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.085f0652fad4a2e22021-12-21 10:39:30.193root 11241100x8000000000000000400108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de60e07b1d50983d2021-12-21 10:39:30.193root 11241100x8000000000000000400109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be0f51b3f6ba96d2021-12-21 10:39:30.193root 11241100x8000000000000000400110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb4c7c15c777a952021-12-21 10:39:30.193root 11241100x8000000000000000400111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0925a569cf0fd552021-12-21 10:39:30.194root 11241100x8000000000000000400112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01694bad4a5fca7d2021-12-21 10:39:30.194root 11241100x8000000000000000400113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e915e7550b4aba92021-12-21 10:39:30.194root 11241100x8000000000000000400114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4895e00efca7e9da2021-12-21 10:39:30.194root 11241100x8000000000000000400115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f7dae6cad6c054b2021-12-21 10:39:30.194root 11241100x8000000000000000400116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c41cc82df6ae86d62021-12-21 10:39:30.194root 11241100x8000000000000000400117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d0ff84a9e9100732021-12-21 10:39:30.194root 11241100x8000000000000000400118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.614057f405ba18552021-12-21 10:39:30.194root 11241100x8000000000000000400119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db3a0a969d2f4d3d2021-12-21 10:39:30.194root 11241100x8000000000000000400120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acdcab51b793c4b72021-12-21 10:39:30.194root 11241100x8000000000000000400121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9fd699beb177f212021-12-21 10:39:30.194root 11241100x8000000000000000400122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c142752986caf0c2021-12-21 10:39:30.194root 11241100x8000000000000000400123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c8499c5ad76a5e12021-12-21 10:39:30.194root 11241100x8000000000000000400124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c53d50bf93ed74812021-12-21 10:39:30.194root 11241100x8000000000000000400125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:30.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86854bc207cd05572021-12-21 10:39:30.195root 11241100x8000000000000000400126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:30.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f518dc8f3ef55fd02021-12-21 10:39:30.195root 11241100x8000000000000000400127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.188e67955742022a2021-12-21 10:39:30.693root 11241100x8000000000000000400128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a765cf8ead92d2752021-12-21 10:39:30.693root 11241100x8000000000000000400129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.254ac382d5e0bb022021-12-21 10:39:30.693root 11241100x8000000000000000400130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e05ef03233cff41a2021-12-21 10:39:30.693root 11241100x8000000000000000400131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c715897d958c8f772021-12-21 10:39:30.694root 11241100x8000000000000000400132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ecc3d2585998642021-12-21 10:39:30.694root 11241100x8000000000000000400133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.113e6662c50cf9812021-12-21 10:39:30.694root 11241100x8000000000000000400134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7f18fe6528d4922021-12-21 10:39:30.694root 11241100x8000000000000000400135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.357a0623dd1f5e872021-12-21 10:39:30.694root 11241100x8000000000000000400136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d95bef7bd66725a92021-12-21 10:39:30.694root 11241100x8000000000000000400137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc91eb5c41fa6152021-12-21 10:39:30.694root 11241100x8000000000000000400138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0455799d15fd79752021-12-21 10:39:30.694root 11241100x8000000000000000400139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7031656d36fc13c2021-12-21 10:39:30.694root 11241100x8000000000000000400140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37459d2a5f5600812021-12-21 10:39:30.694root 11241100x8000000000000000400141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f066a0c9d3f5b33a2021-12-21 10:39:30.694root 11241100x8000000000000000400142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.417ddcc356d2d78f2021-12-21 10:39:30.695root 11241100x8000000000000000400143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.014e50876e2c6eed2021-12-21 10:39:30.695root 11241100x8000000000000000400144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78226d849d8d58b42021-12-21 10:39:30.695root 11241100x8000000000000000400145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b8b736173516562021-12-21 10:39:30.695root 11241100x8000000000000000400146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c79350fb0c582b2021-12-21 10:39:30.695root 11241100x8000000000000000400147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daf83170a3f935202021-12-21 10:39:31.193root 11241100x8000000000000000400148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5addfad5ce43d632021-12-21 10:39:31.193root 11241100x8000000000000000400149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fccc8119402eaad82021-12-21 10:39:31.193root 11241100x8000000000000000400150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.166820b3677d901f2021-12-21 10:39:31.193root 11241100x8000000000000000400151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.038b42d4a1000d4f2021-12-21 10:39:31.193root 11241100x8000000000000000400152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03d9cfe34a1bc502021-12-21 10:39:31.194root 11241100x8000000000000000400153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81932197eefcff6b2021-12-21 10:39:31.194root 11241100x8000000000000000400154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f9786a8dd5c4602021-12-21 10:39:31.194root 11241100x8000000000000000400155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07c3252e94fa6bb2021-12-21 10:39:31.194root 11241100x8000000000000000400156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b7084bce7e293952021-12-21 10:39:31.194root 11241100x8000000000000000400157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19403f853b9c9dba2021-12-21 10:39:31.194root 11241100x8000000000000000400158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1de7273ff76395a82021-12-21 10:39:31.194root 11241100x8000000000000000400159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c94447c75c94cee22021-12-21 10:39:31.194root 11241100x8000000000000000400160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26942c4d56ad62942021-12-21 10:39:31.194root 11241100x8000000000000000400161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d29cccddcd8f45242021-12-21 10:39:31.194root 11241100x8000000000000000400162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44fd195ed9e653482021-12-21 10:39:31.194root 11241100x8000000000000000400163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a30d9fb45ad00e2021-12-21 10:39:31.194root 11241100x8000000000000000400164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25669fcbd2e8d6f22021-12-21 10:39:31.194root 11241100x8000000000000000400165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e448888b846d91c2021-12-21 10:39:31.194root 11241100x8000000000000000400166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5712e9bc7fa58a612021-12-21 10:39:31.195root 11241100x8000000000000000400167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63f307ce0fa13da32021-12-21 10:39:31.693root 11241100x8000000000000000400168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56decf7e7dac15312021-12-21 10:39:31.693root 11241100x8000000000000000400169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcdd62bf50df28f72021-12-21 10:39:31.693root 11241100x8000000000000000400170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9752e6d6719b72982021-12-21 10:39:31.693root 11241100x8000000000000000400171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95bf96d265a136c32021-12-21 10:39:31.694root 11241100x8000000000000000400172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e71fe4be13e4e31a2021-12-21 10:39:31.694root 11241100x8000000000000000400173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e214f0f9d762d392021-12-21 10:39:31.694root 11241100x8000000000000000400174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a72e19ddd446892021-12-21 10:39:31.694root 11241100x8000000000000000400175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.328a25de907c4c282021-12-21 10:39:31.694root 11241100x8000000000000000400176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d148e03e956a372021-12-21 10:39:31.694root 11241100x8000000000000000400177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b6c7207e04de292021-12-21 10:39:31.694root 11241100x8000000000000000400178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12543afe3e55dff62021-12-21 10:39:31.694root 11241100x8000000000000000400179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.119af4e7e7f355022021-12-21 10:39:31.694root 11241100x8000000000000000400180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ca204760524e122021-12-21 10:39:31.694root 11241100x8000000000000000400181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df6892e7be2e77342021-12-21 10:39:31.694root 11241100x8000000000000000400182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7adfbb58162ff29b2021-12-21 10:39:31.695root 11241100x8000000000000000400183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b0479b7435a5a532021-12-21 10:39:31.695root 11241100x8000000000000000400184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc4071a8d8b446732021-12-21 10:39:31.695root 11241100x8000000000000000400185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.753280f2986f3a562021-12-21 10:39:31.695root 11241100x8000000000000000400186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d627f70aea1271c2021-12-21 10:39:31.695root 11241100x8000000000000000400187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.557a977bb726a3812021-12-21 10:39:32.193root 11241100x8000000000000000400188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80978bc1e38c30f82021-12-21 10:39:32.193root 11241100x8000000000000000400189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a0e9feeccc21872021-12-21 10:39:32.193root 11241100x8000000000000000400190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6adcba5a7bd039d52021-12-21 10:39:32.193root 11241100x8000000000000000400191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab012a2ebfebed362021-12-21 10:39:32.194root 11241100x8000000000000000400192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b6159d22353eef82021-12-21 10:39:32.194root 11241100x8000000000000000400193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3242448dcf5ee8e2021-12-21 10:39:32.194root 11241100x8000000000000000400194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e10826945ae3082021-12-21 10:39:32.194root 11241100x8000000000000000400195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5dc9697dde5b6122021-12-21 10:39:32.194root 11241100x8000000000000000400196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6667a6df6d613af12021-12-21 10:39:32.194root 11241100x8000000000000000400197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f4640b14c35639b2021-12-21 10:39:32.194root 11241100x8000000000000000400198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.019a740a9ad0dc102021-12-21 10:39:32.194root 11241100x8000000000000000400199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f7eb81490df2ec2021-12-21 10:39:32.194root 11241100x8000000000000000400200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.901d5d7cbd558e392021-12-21 10:39:32.194root 11241100x8000000000000000400201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac969ce8c103a5382021-12-21 10:39:32.195root 11241100x8000000000000000400202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f8a00cf69288492021-12-21 10:39:32.195root 11241100x8000000000000000400203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc7a0622913eba292021-12-21 10:39:32.195root 11241100x8000000000000000400204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f296665834f3eaef2021-12-21 10:39:32.195root 11241100x8000000000000000400205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.303f54038e05f9722021-12-21 10:39:32.195root 11241100x8000000000000000400206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b472bf81388345f82021-12-21 10:39:32.195root 11241100x8000000000000000400207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee4a511c73a209332021-12-21 10:39:32.693root 11241100x8000000000000000400208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bdd479111caaccc2021-12-21 10:39:32.693root 11241100x8000000000000000400209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9414a6bd7342a542021-12-21 10:39:32.693root 11241100x8000000000000000400210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e822f66dc12006602021-12-21 10:39:32.693root 11241100x8000000000000000400211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a34e38077572fd1f2021-12-21 10:39:32.694root 11241100x8000000000000000400212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0882b6554a9dd1d2021-12-21 10:39:32.694root 11241100x8000000000000000400213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8802675f4cae4b32021-12-21 10:39:32.694root 11241100x8000000000000000400214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233fc83470d142732021-12-21 10:39:32.694root 11241100x8000000000000000400215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0133ef24823bdf02021-12-21 10:39:32.694root 11241100x8000000000000000400216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e82309197a8ab12021-12-21 10:39:32.694root 11241100x8000000000000000400217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f572f0cad15c0b22021-12-21 10:39:32.694root 11241100x8000000000000000400218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13849446611778792021-12-21 10:39:32.694root 11241100x8000000000000000400219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e89f498fa0b4cf502021-12-21 10:39:32.694root 11241100x8000000000000000400220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e53498ec6580e82021-12-21 10:39:32.694root 11241100x8000000000000000400221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9fdbdf8f33faef72021-12-21 10:39:32.694root 11241100x8000000000000000400222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6563e1243049be2021-12-21 10:39:32.694root 11241100x8000000000000000400223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11876cf9b9b71d942021-12-21 10:39:32.694root 11241100x8000000000000000400224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a103e18f33a6b82021-12-21 10:39:32.694root 11241100x8000000000000000400225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ece7394701dd9e392021-12-21 10:39:32.694root 11241100x8000000000000000400226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d51aad68cd110292021-12-21 10:39:32.695root 354300x8000000000000000400227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.040{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47416-false10.0.1.12-8000- 11241100x8000000000000000400228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.041{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.277e280df1ef9f122021-12-21 10:39:33.041root 11241100x8000000000000000400229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.042{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74c7f37e036ec6ab2021-12-21 10:39:33.042root 11241100x8000000000000000400230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.042{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2575141f4806f6e02021-12-21 10:39:33.042root 11241100x8000000000000000400231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.042{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00ff768cfd9e9e542021-12-21 10:39:33.042root 11241100x8000000000000000400232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.042{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f27994b14d3a11be2021-12-21 10:39:33.042root 11241100x8000000000000000400233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.042{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58517bf307fafb662021-12-21 10:39:33.042root 11241100x8000000000000000400234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.042{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcd6de0a896022f82021-12-21 10:39:33.042root 11241100x8000000000000000400235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.042{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f8398dcb5710c82021-12-21 10:39:33.042root 11241100x8000000000000000400236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.042{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bed8e64442d29b92021-12-21 10:39:33.042root 11241100x8000000000000000400237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.042{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b993d8f38ec433192021-12-21 10:39:33.042root 11241100x8000000000000000400238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.042{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8546df32483b14a2021-12-21 10:39:33.042root 11241100x8000000000000000400239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.042{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e57637504221bd02021-12-21 10:39:33.042root 11241100x8000000000000000400240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.043{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1be1c7acf640540c2021-12-21 10:39:33.043root 11241100x8000000000000000400241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.043{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbf0268abb2803742021-12-21 10:39:33.043root 11241100x8000000000000000400242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.043{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63402678e19f2f6b2021-12-21 10:39:33.043root 11241100x8000000000000000400243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.043{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d7f3cff061238e2021-12-21 10:39:33.043root 11241100x8000000000000000400244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.043{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cded805e4da9d322021-12-21 10:39:33.043root 11241100x8000000000000000400245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.043{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce0bced6298e3ed12021-12-21 10:39:33.043root 11241100x8000000000000000400246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.043{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84184593e66ac3f32021-12-21 10:39:33.043root 11241100x8000000000000000400247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.043{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d017973a15a60e042021-12-21 10:39:33.043root 11241100x8000000000000000400248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.043{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67543454906522422021-12-21 10:39:33.043root 11241100x8000000000000000400249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b399a154cf262ddf2021-12-21 10:39:33.443root 11241100x8000000000000000400250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db4318fd167ff362021-12-21 10:39:33.443root 11241100x8000000000000000400251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13f30c6e698329f2021-12-21 10:39:33.443root 11241100x8000000000000000400252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8b7d18aa128ee3e2021-12-21 10:39:33.443root 11241100x8000000000000000400253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96507fbeeb9e0be42021-12-21 10:39:33.444root 11241100x8000000000000000400254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b66ef9d660a610332021-12-21 10:39:33.444root 11241100x8000000000000000400255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9099a109ecb0cf672021-12-21 10:39:33.444root 11241100x8000000000000000400256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e73fe9efecbd725f2021-12-21 10:39:33.444root 11241100x8000000000000000400257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ced888fc1892d22021-12-21 10:39:33.444root 11241100x8000000000000000400258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374b457f7d2c52432021-12-21 10:39:33.444root 11241100x8000000000000000400259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc6ba9a554468442021-12-21 10:39:33.444root 11241100x8000000000000000400260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd10f40172b2ca602021-12-21 10:39:33.444root 11241100x8000000000000000400261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc0513b9f576fcd52021-12-21 10:39:33.444root 11241100x8000000000000000400262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53a7ff13c67640ea2021-12-21 10:39:33.445root 11241100x8000000000000000400263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a04c2add72d05032021-12-21 10:39:33.445root 11241100x8000000000000000400264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4ee6efed97302da2021-12-21 10:39:33.445root 11241100x8000000000000000400265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8743b1ba594d2f062021-12-21 10:39:33.445root 11241100x8000000000000000400266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8741314bd89ef0352021-12-21 10:39:33.445root 11241100x8000000000000000400267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe07ab8cbed08332021-12-21 10:39:33.446root 11241100x8000000000000000400268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd405d0633bb96962021-12-21 10:39:33.447root 11241100x8000000000000000400269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a77b982db55e4c42021-12-21 10:39:33.447root 11241100x8000000000000000400270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22de9c98481f67892021-12-21 10:39:33.943root 11241100x8000000000000000400271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cda54dd34344d39e2021-12-21 10:39:33.943root 11241100x8000000000000000400272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f7993f96c193eb2021-12-21 10:39:33.943root 11241100x8000000000000000400273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d84e229459b52b5f2021-12-21 10:39:33.944root 11241100x8000000000000000400274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cd0657f17b6c37c2021-12-21 10:39:33.944root 11241100x8000000000000000400275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d458cc31cf47b55b2021-12-21 10:39:33.944root 11241100x8000000000000000400276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3514dd7fc12a095a2021-12-21 10:39:33.944root 11241100x8000000000000000400277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5661d2e77dd0eba2021-12-21 10:39:33.944root 11241100x8000000000000000400278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f30dcc206b0e712021-12-21 10:39:33.944root 11241100x8000000000000000400279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99c26ff3644d12d82021-12-21 10:39:33.944root 11241100x8000000000000000400280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd73959d97545d7b2021-12-21 10:39:33.944root 11241100x8000000000000000400281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c9668b098b22dd2021-12-21 10:39:33.944root 11241100x8000000000000000400282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ea3f26c1afc1312021-12-21 10:39:33.944root 11241100x8000000000000000400283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2edcfa1248857e102021-12-21 10:39:33.944root 11241100x8000000000000000400284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b41ac92947400fe32021-12-21 10:39:33.944root 11241100x8000000000000000400285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.657bbfd07718821c2021-12-21 10:39:33.945root 11241100x8000000000000000400286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff851251e523e6f2021-12-21 10:39:33.945root 11241100x8000000000000000400287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee431cab11591f02021-12-21 10:39:33.945root 11241100x8000000000000000400288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c15b8fd1a19c0bb2021-12-21 10:39:33.945root 11241100x8000000000000000400289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a1aa2ac95035952021-12-21 10:39:33.945root 11241100x8000000000000000400290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d4a866f867ee082021-12-21 10:39:33.945root 11241100x8000000000000000400291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5ae5a5577d392ac2021-12-21 10:39:34.443root 11241100x8000000000000000400292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42eb99d3487358732021-12-21 10:39:34.443root 11241100x8000000000000000400293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.556be8580f3d1cd52021-12-21 10:39:34.444root 11241100x8000000000000000400294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0723f84702f07592021-12-21 10:39:34.444root 11241100x8000000000000000400295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6638631c1b3bfe72021-12-21 10:39:34.444root 11241100x8000000000000000400296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4661f4df8dae81592021-12-21 10:39:34.444root 11241100x8000000000000000400297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca47ae6caea32ef2021-12-21 10:39:34.444root 11241100x8000000000000000400298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baad35c8d02dabf32021-12-21 10:39:34.444root 11241100x8000000000000000400299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f7baee7f5f13f982021-12-21 10:39:34.444root 11241100x8000000000000000400300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89ea549a322753162021-12-21 10:39:34.444root 11241100x8000000000000000400301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17466e55607798202021-12-21 10:39:34.444root 11241100x8000000000000000400302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa5e1bf257b987a2021-12-21 10:39:34.444root 11241100x8000000000000000400303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f137933159025082021-12-21 10:39:34.445root 11241100x8000000000000000400304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afbe6f3725abd5862021-12-21 10:39:34.445root 11241100x8000000000000000400305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc865461d2d66fc2021-12-21 10:39:34.445root 11241100x8000000000000000400306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6155396c1cc5712e2021-12-21 10:39:34.445root 11241100x8000000000000000400307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b277063b5408af022021-12-21 10:39:34.445root 11241100x8000000000000000400308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325f903d4f5c5c6e2021-12-21 10:39:34.445root 11241100x8000000000000000400309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bfd3a7ea9aac1e32021-12-21 10:39:34.445root 11241100x8000000000000000400310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a1871aea2f920a2021-12-21 10:39:34.445root 11241100x8000000000000000400311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a14c4d0d6f5f4ef2021-12-21 10:39:34.445root 11241100x8000000000000000400312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b17e0e057ff1f8d2021-12-21 10:39:34.943root 11241100x8000000000000000400313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba1c681179f0d11e2021-12-21 10:39:34.943root 11241100x8000000000000000400314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7757a9261829312021-12-21 10:39:34.944root 11241100x8000000000000000400315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1bc8f555232c9b82021-12-21 10:39:34.944root 11241100x8000000000000000400316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d68a6fbeab003c42021-12-21 10:39:34.944root 11241100x8000000000000000400317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9739a795fee3a822021-12-21 10:39:34.944root 11241100x8000000000000000400318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb2719008f80d7112021-12-21 10:39:34.944root 11241100x8000000000000000400319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70fd65ecd60294a52021-12-21 10:39:34.944root 11241100x8000000000000000400320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a901089f20bdce2021-12-21 10:39:34.944root 11241100x8000000000000000400321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f27ad0ea7f01eb1a2021-12-21 10:39:34.944root 11241100x8000000000000000400322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee5bd823d5bbfef02021-12-21 10:39:34.944root 11241100x8000000000000000400323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d4b30ff6c1b14a2021-12-21 10:39:34.944root 11241100x8000000000000000400324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce75c5e9afcc92f2021-12-21 10:39:34.944root 11241100x8000000000000000400325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a64cd2fb0da102b2021-12-21 10:39:34.944root 11241100x8000000000000000400326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf681cd8d694fc232021-12-21 10:39:34.945root 11241100x8000000000000000400327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ba7979a30f012d2021-12-21 10:39:34.945root 11241100x8000000000000000400328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a84c8ca2e520a92021-12-21 10:39:34.945root 11241100x8000000000000000400329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9fd1976591c53df2021-12-21 10:39:34.945root 11241100x8000000000000000400330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.549eab2a84183ddd2021-12-21 10:39:34.945root 11241100x8000000000000000400331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.778662cb035d6fa12021-12-21 10:39:34.945root 11241100x8000000000000000400332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5cc7f30f076593f2021-12-21 10:39:34.945root 11241100x8000000000000000400333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1bbc5250624cc7d2021-12-21 10:39:35.443root 11241100x8000000000000000400334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89826392f7c1f8f12021-12-21 10:39:35.443root 11241100x8000000000000000400335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa665321181d45eb2021-12-21 10:39:35.443root 11241100x8000000000000000400336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99882077386126e62021-12-21 10:39:35.444root 11241100x8000000000000000400337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.100d5262a7047f3b2021-12-21 10:39:35.444root 11241100x8000000000000000400338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa3f6556b0e12922021-12-21 10:39:35.444root 11241100x8000000000000000400339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd7e13576186ca882021-12-21 10:39:35.444root 11241100x8000000000000000400340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7263727ed14a73792021-12-21 10:39:35.444root 11241100x8000000000000000400341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a40ba385c0980232021-12-21 10:39:35.444root 11241100x8000000000000000400342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.265defa37ea0b3ed2021-12-21 10:39:35.444root 11241100x8000000000000000400343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebe0f0ca3c6e00592021-12-21 10:39:35.444root 11241100x8000000000000000400344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b4c9cfc77d913a82021-12-21 10:39:35.444root 11241100x8000000000000000400345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939d5999b6556fff2021-12-21 10:39:35.444root 11241100x8000000000000000400346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b2801ed7d9abdc62021-12-21 10:39:35.444root 11241100x8000000000000000400347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aa4a01d4d1562ab2021-12-21 10:39:35.445root 11241100x8000000000000000400348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efaaf098e4dc59f92021-12-21 10:39:35.445root 11241100x8000000000000000400349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17e205cda6d88bde2021-12-21 10:39:35.445root 11241100x8000000000000000400350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.615fa67bbc87afc92021-12-21 10:39:35.445root 11241100x8000000000000000400351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a61b088f11f44162021-12-21 10:39:35.445root 11241100x8000000000000000400352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1899c584af9b390b2021-12-21 10:39:35.445root 11241100x8000000000000000400353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2beb658f34c69d92021-12-21 10:39:35.445root 11241100x8000000000000000400354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7e48fb777aac87b2021-12-21 10:39:35.943root 11241100x8000000000000000400355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a24c4ec815fb08d22021-12-21 10:39:35.943root 11241100x8000000000000000400356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f327b9e21345b7302021-12-21 10:39:35.944root 11241100x8000000000000000400357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7409290a781bb312021-12-21 10:39:35.944root 11241100x8000000000000000400358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88dc1612558454912021-12-21 10:39:35.944root 11241100x8000000000000000400359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.592a2fc16eb605242021-12-21 10:39:35.944root 11241100x8000000000000000400360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a52539baef12c172021-12-21 10:39:35.944root 11241100x8000000000000000400361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.461c778c35b197ae2021-12-21 10:39:35.944root 11241100x8000000000000000400362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.557a703443b1eb722021-12-21 10:39:35.944root 11241100x8000000000000000400363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d5eeca6d84dc2d2021-12-21 10:39:35.944root 11241100x8000000000000000400364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.333fd13eeee3be732021-12-21 10:39:35.944root 11241100x8000000000000000400365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e26b52ca24ef583c2021-12-21 10:39:35.944root 11241100x8000000000000000400366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af7e794fb7320ed2021-12-21 10:39:35.944root 11241100x8000000000000000400367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f827e36096bd60202021-12-21 10:39:35.944root 11241100x8000000000000000400368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55dd8e4e0709eb062021-12-21 10:39:35.944root 11241100x8000000000000000400369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee45b4cb62c33b2d2021-12-21 10:39:35.945root 11241100x8000000000000000400370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54dff18ee5f068c02021-12-21 10:39:35.945root 11241100x8000000000000000400371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b54e375079fa31f2021-12-21 10:39:35.945root 11241100x8000000000000000400372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb933f0cbd63aa62021-12-21 10:39:35.945root 11241100x8000000000000000400373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c7cebf16e277552021-12-21 10:39:35.945root 11241100x8000000000000000400374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c354965d91b220912021-12-21 10:39:35.945root 11241100x8000000000000000400375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:36.345{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 10:39:36.345root 11241100x8000000000000000400376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:36.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f6c4077e14c73222021-12-21 10:39:36.346root 11241100x8000000000000000400377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:36.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f10dc0ee44f06432021-12-21 10:39:36.346root 11241100x8000000000000000400378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:36.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee99b74dff4ec1e32021-12-21 10:39:36.346root 11241100x8000000000000000400379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:36.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc495810b54f02282021-12-21 10:39:36.346root 11241100x8000000000000000400380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:36.347{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c645815112e016152021-12-21 10:39:36.347root 11241100x8000000000000000400381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:36.347{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e04ed61c2f4ddd2021-12-21 10:39:36.347root 11241100x8000000000000000400382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:36.347{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.711e92eb326055fb2021-12-21 10:39:36.347root 11241100x8000000000000000400383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:36.347{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c6d8faf617e9eb52021-12-21 10:39:36.347root 11241100x8000000000000000400384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:36.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.955d0d82011c65752021-12-21 10:39:36.348root 11241100x8000000000000000400385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:36.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781c7d35cd32e1022021-12-21 10:39:36.348root 11241100x8000000000000000400386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:36.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a7664b2463966f2021-12-21 10:39:36.348root 11241100x8000000000000000400387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:36.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f7515a51489fc5d2021-12-21 10:39:36.348root 11241100x8000000000000000400388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:36.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c586c5ce84f63ae2021-12-21 10:39:36.348root 11241100x8000000000000000400389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:36.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3554c465530fa8572021-12-21 10:39:36.348root 11241100x8000000000000000400390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:36.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.901bf0080bad8df12021-12-21 10:39:36.348root 11241100x8000000000000000400391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:36.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1a70bd06f3624d2021-12-21 10:39:36.348root 11241100x8000000000000000400392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:36.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d9469184a3963c92021-12-21 10:39:36.348root 11241100x8000000000000000400393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:36.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f155a1dd8bf9f04c2021-12-21 10:39:36.348root 11241100x8000000000000000400394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:36.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddc0366e9de096392021-12-21 10:39:36.348root 11241100x8000000000000000400395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:36.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abfa4c5df1ad19542021-12-21 10:39:36.349root 11241100x8000000000000000400396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:36.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56938e65db1a83c42021-12-21 10:39:36.349root 11241100x8000000000000000400397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:36.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b727d4afaef1fff2021-12-21 10:39:36.349root 11241100x8000000000000000400398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:36.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.934362aace1bdb182021-12-21 10:39:36.349root 11241100x8000000000000000400399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:36.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b55aa79fcaed46022021-12-21 10:39:36.349root 11241100x8000000000000000400400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:36.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b92701971a1498c02021-12-21 10:39:36.349root 11241100x8000000000000000400401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:36.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c665d1e375a18f2021-12-21 10:39:36.349root 11241100x8000000000000000400402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f043cb3851d43942021-12-21 10:39:36.693root 11241100x8000000000000000400403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da348b45e7ef41b02021-12-21 10:39:36.693root 11241100x8000000000000000400404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.499142ef28991bd12021-12-21 10:39:36.693root 11241100x8000000000000000400405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd6f0a883419c162021-12-21 10:39:36.694root 11241100x8000000000000000400406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e14dc4071c858b952021-12-21 10:39:36.694root 11241100x8000000000000000400407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.717e00ca78f8b14a2021-12-21 10:39:36.694root 11241100x8000000000000000400408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a4c2b6f6f6f85d32021-12-21 10:39:36.694root 11241100x8000000000000000400409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0f72ec024bc05af2021-12-21 10:39:36.694root 11241100x8000000000000000400410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca06a31e667fc3bc2021-12-21 10:39:36.694root 11241100x8000000000000000400411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3b4c9e477c63252021-12-21 10:39:36.694root 11241100x8000000000000000400412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10784750417a9f8d2021-12-21 10:39:36.694root 11241100x8000000000000000400413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dca71e6cc5ea091b2021-12-21 10:39:36.694root 11241100x8000000000000000400414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41355dd3c8fcecba2021-12-21 10:39:36.694root 11241100x8000000000000000400415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d684f7387c582b922021-12-21 10:39:36.695root 11241100x8000000000000000400416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.652dd23bb8f5bfd02021-12-21 10:39:36.695root 11241100x8000000000000000400417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1a70fe2a95968412021-12-21 10:39:36.695root 11241100x8000000000000000400418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f2469596f2d23852021-12-21 10:39:36.695root 11241100x8000000000000000400419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1257f2268d231bcd2021-12-21 10:39:36.695root 11241100x8000000000000000400420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de381f7cbda24332021-12-21 10:39:36.695root 11241100x8000000000000000400421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:36.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d82da9e6bbe16e092021-12-21 10:39:36.696root 11241100x8000000000000000400422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:36.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24ea445d4a0a1f772021-12-21 10:39:36.696root 11241100x8000000000000000400423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:36.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f66255e0bfab3a82021-12-21 10:39:36.696root 11241100x8000000000000000400424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67f1648e5f5899332021-12-21 10:39:37.193root 11241100x8000000000000000400425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.168fbcf304ac8ac02021-12-21 10:39:37.194root 11241100x8000000000000000400426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4471da886555f9a52021-12-21 10:39:37.194root 11241100x8000000000000000400427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74311b372f2561fd2021-12-21 10:39:37.194root 11241100x8000000000000000400428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cef8710f8bab66e2021-12-21 10:39:37.194root 11241100x8000000000000000400429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc523ab1219d4abd2021-12-21 10:39:37.194root 11241100x8000000000000000400430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38382c8b92a4d50d2021-12-21 10:39:37.195root 11241100x8000000000000000400431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88720499fd20c3c12021-12-21 10:39:37.195root 11241100x8000000000000000400432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1146cd6f81a45e42021-12-21 10:39:37.195root 11241100x8000000000000000400433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09abd531e65775ba2021-12-21 10:39:37.195root 11241100x8000000000000000400434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ce05686abcf67e2021-12-21 10:39:37.195root 11241100x8000000000000000400435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d24897ae805e25032021-12-21 10:39:37.195root 11241100x8000000000000000400436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63e2c365d4269a862021-12-21 10:39:37.195root 11241100x8000000000000000400437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43cff77e40cae4152021-12-21 10:39:37.195root 11241100x8000000000000000400438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.538c2ed589af3be72021-12-21 10:39:37.195root 11241100x8000000000000000400439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bde55f8ea5ecf50e2021-12-21 10:39:37.195root 11241100x8000000000000000400440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42de0b152880a0e32021-12-21 10:39:37.196root 11241100x8000000000000000400441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28db8ac961ac3f342021-12-21 10:39:37.196root 11241100x8000000000000000400442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3f40b6c07579472021-12-21 10:39:37.196root 11241100x8000000000000000400443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90cf30440534033e2021-12-21 10:39:37.196root 11241100x8000000000000000400444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d383005561edb952021-12-21 10:39:37.196root 11241100x8000000000000000400445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a01f464fe18d825d2021-12-21 10:39:37.196root 11241100x8000000000000000400446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c27efa0daffc992021-12-21 10:39:37.693root 11241100x8000000000000000400447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec16414e36802ce2021-12-21 10:39:37.693root 11241100x8000000000000000400448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a4a1df971d07932021-12-21 10:39:37.693root 11241100x8000000000000000400449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d93a42b9e326289e2021-12-21 10:39:37.694root 11241100x8000000000000000400450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5b8697cceeaaddf2021-12-21 10:39:37.694root 11241100x8000000000000000400451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee32c7ec01b28392021-12-21 10:39:37.694root 11241100x8000000000000000400452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd146b4ca45b114e2021-12-21 10:39:37.694root 11241100x8000000000000000400453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.066823fd8058a95e2021-12-21 10:39:37.694root 11241100x8000000000000000400454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.672ac2b8b79b97e82021-12-21 10:39:37.694root 11241100x8000000000000000400455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.444a1026dc213f652021-12-21 10:39:37.694root 11241100x8000000000000000400456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b71620dfa105b012021-12-21 10:39:37.694root 11241100x8000000000000000400457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.877ac2734eab355d2021-12-21 10:39:37.694root 11241100x8000000000000000400458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d8f1d1092ad0a452021-12-21 10:39:37.694root 11241100x8000000000000000400459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdf5525d7a473a8c2021-12-21 10:39:37.694root 11241100x8000000000000000400460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a145621bda76fcb2021-12-21 10:39:37.694root 11241100x8000000000000000400461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6843530a506d93ed2021-12-21 10:39:37.694root 11241100x8000000000000000400462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752dee824325b9e22021-12-21 10:39:37.694root 11241100x8000000000000000400463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d910dbfc6007482021-12-21 10:39:37.694root 11241100x8000000000000000400464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1efdbefe317bbdbf2021-12-21 10:39:37.695root 11241100x8000000000000000400465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a2d8860620b38262021-12-21 10:39:37.695root 11241100x8000000000000000400466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f9ed942d0eb30b2021-12-21 10:39:37.695root 11241100x8000000000000000400467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f259e83966f1d9e2021-12-21 10:39:37.695root 354300x8000000000000000400468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.082{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47418-false10.0.1.12-8000- 11241100x8000000000000000400469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f811c79799321e72021-12-21 10:39:38.083root 11241100x8000000000000000400470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a435d395359372d2021-12-21 10:39:38.084root 11241100x8000000000000000400471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e11ce0fc8ffcf52021-12-21 10:39:38.084root 11241100x8000000000000000400472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f45b8d399295bd962021-12-21 10:39:38.084root 11241100x8000000000000000400473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.517afeff26764e402021-12-21 10:39:38.084root 11241100x8000000000000000400474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c07f4b0d7c681f6c2021-12-21 10:39:38.085root 11241100x8000000000000000400475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.804072e1ad732de92021-12-21 10:39:38.085root 11241100x8000000000000000400476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43641bb496037ca52021-12-21 10:39:38.085root 11241100x8000000000000000400477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05bc9ff773c220dc2021-12-21 10:39:38.085root 11241100x8000000000000000400478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a74a3e6c58434c62021-12-21 10:39:38.085root 11241100x8000000000000000400479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe66c4bf81d5365f2021-12-21 10:39:38.085root 11241100x8000000000000000400480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ee8efbbb03e8be22021-12-21 10:39:38.085root 11241100x8000000000000000400481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f63e4f1a5a52c3a2021-12-21 10:39:38.085root 11241100x8000000000000000400482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d72491d47d648ed2021-12-21 10:39:38.086root 11241100x8000000000000000400483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f348c09f340b69fd2021-12-21 10:39:38.086root 11241100x8000000000000000400484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f786d40c880952f92021-12-21 10:39:38.086root 11241100x8000000000000000400485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b6a11d6309ef6fd2021-12-21 10:39:38.086root 11241100x8000000000000000400486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3295c65162b5eb7b2021-12-21 10:39:38.086root 11241100x8000000000000000400487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c815155dabd1922021-12-21 10:39:38.086root 11241100x8000000000000000400488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ff411bcb80cf6c2021-12-21 10:39:38.086root 11241100x8000000000000000400489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a7873169b7957f2021-12-21 10:39:38.086root 11241100x8000000000000000400490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db6f934a8e4d9962021-12-21 10:39:38.086root 11241100x8000000000000000400491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c3ef122b2b013202021-12-21 10:39:38.087root 11241100x8000000000000000400492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ece1a082829a50e2021-12-21 10:39:38.087root 11241100x8000000000000000400493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506bbc998c5500df2021-12-21 10:39:38.443root 11241100x8000000000000000400494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6032107bda8cddd2021-12-21 10:39:38.443root 11241100x8000000000000000400495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8946694626cf4cec2021-12-21 10:39:38.444root 11241100x8000000000000000400496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e9016f5f2d200562021-12-21 10:39:38.444root 11241100x8000000000000000400497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15c3e1ca766af1e82021-12-21 10:39:38.444root 11241100x8000000000000000400498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f5fa387e95f756a2021-12-21 10:39:38.444root 11241100x8000000000000000400499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1631d82b3bf4e76e2021-12-21 10:39:38.444root 11241100x8000000000000000400500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca67a0b76bd744e12021-12-21 10:39:38.444root 11241100x8000000000000000400501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.341e8a565ba210002021-12-21 10:39:38.444root 11241100x8000000000000000400502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a738658551db06cd2021-12-21 10:39:38.444root 11241100x8000000000000000400503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.966a17c828e490bb2021-12-21 10:39:38.444root 11241100x8000000000000000400504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e72033e586ca831a2021-12-21 10:39:38.444root 11241100x8000000000000000400505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d352b9e65b16362021-12-21 10:39:38.444root 11241100x8000000000000000400506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a870fa18b0ec7642021-12-21 10:39:38.444root 11241100x8000000000000000400507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d19eed82387e8a2021-12-21 10:39:38.445root 11241100x8000000000000000400508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d578d9923b6d462021-12-21 10:39:38.445root 11241100x8000000000000000400509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.322d2bec062a18662021-12-21 10:39:38.445root 11241100x8000000000000000400510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c25da04f304a502021-12-21 10:39:38.445root 11241100x8000000000000000400511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3494fe97765bcf12021-12-21 10:39:38.445root 11241100x8000000000000000400512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f393963724b39abb2021-12-21 10:39:38.445root 11241100x8000000000000000400513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.857f38409a0f90152021-12-21 10:39:38.445root 11241100x8000000000000000400514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd143778f876cd692021-12-21 10:39:38.445root 11241100x8000000000000000400515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7944d944331cad522021-12-21 10:39:38.445root 11241100x8000000000000000400516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc210b09ab0f254e2021-12-21 10:39:38.943root 11241100x8000000000000000400517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e82a89e44e8d482021-12-21 10:39:38.943root 11241100x8000000000000000400518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.465a6e65b07d68af2021-12-21 10:39:38.943root 11241100x8000000000000000400519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e4af50a2bd7e8152021-12-21 10:39:38.944root 11241100x8000000000000000400520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.689b1a2a566044f92021-12-21 10:39:38.944root 11241100x8000000000000000400521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99c0c4b7ed9f611a2021-12-21 10:39:38.944root 11241100x8000000000000000400522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97dacdb1aa19054e2021-12-21 10:39:38.944root 11241100x8000000000000000400523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d96a05f3ddb60d0b2021-12-21 10:39:38.944root 11241100x8000000000000000400524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b59214dbd335872021-12-21 10:39:38.944root 11241100x8000000000000000400525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe42c7e57f6cb93b2021-12-21 10:39:38.944root 11241100x8000000000000000400526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25de759a858d22942021-12-21 10:39:38.944root 11241100x8000000000000000400527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.099114cb183f2ec22021-12-21 10:39:38.944root 11241100x8000000000000000400528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8333a138472ca6b62021-12-21 10:39:38.944root 11241100x8000000000000000400529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f2a5e451e30ac1a2021-12-21 10:39:38.944root 11241100x8000000000000000400530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.773c6731e146e9bb2021-12-21 10:39:38.944root 11241100x8000000000000000400531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e25907e3f9a92a2021-12-21 10:39:38.944root 11241100x8000000000000000400532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ee24de3085ad0b32021-12-21 10:39:38.944root 11241100x8000000000000000400533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b39ae0624ff29b2021-12-21 10:39:38.944root 11241100x8000000000000000400534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.547b547675e6e7462021-12-21 10:39:38.945root 11241100x8000000000000000400535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9054e21808b4d5e2021-12-21 10:39:38.945root 11241100x8000000000000000400536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53cc82ed8c26313d2021-12-21 10:39:38.945root 11241100x8000000000000000400537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7192683ee9dbcbf2021-12-21 10:39:38.945root 11241100x8000000000000000400538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94998163d2b9ef4c2021-12-21 10:39:38.945root 23542300x8000000000000000400539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:39.347{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000400540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:39.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61aad5c6161d74952021-12-21 10:39:39.349root 11241100x8000000000000000400541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:39.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c8a68691a34408a2021-12-21 10:39:39.349root 11241100x8000000000000000400542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:39.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a7b8fa451a49122021-12-21 10:39:39.349root 11241100x8000000000000000400543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:39.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c181e07be761481a2021-12-21 10:39:39.349root 11241100x8000000000000000400544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:39.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52aa42b47374b4f62021-12-21 10:39:39.349root 11241100x8000000000000000400545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:39.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23aa426aa73c740d2021-12-21 10:39:39.349root 11241100x8000000000000000400546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:39.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c854ab5c769d1922021-12-21 10:39:39.349root 11241100x8000000000000000400547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:39.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.946f7ad1bb5a991f2021-12-21 10:39:39.349root 11241100x8000000000000000400548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:39.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90fb1b4c12d980672021-12-21 10:39:39.350root 11241100x8000000000000000400549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:39.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e4174abe473c69a2021-12-21 10:39:39.350root 11241100x8000000000000000400550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:39.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aefae193f4a334da2021-12-21 10:39:39.350root 11241100x8000000000000000400551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:39.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59580c4891646fea2021-12-21 10:39:39.350root 11241100x8000000000000000400552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:39.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66476684cb81f7572021-12-21 10:39:39.350root 11241100x8000000000000000400553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:39.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f383eb9ceee60de2021-12-21 10:39:39.350root 11241100x8000000000000000400554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:39.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c37f7ade90d69d2021-12-21 10:39:39.350root 11241100x8000000000000000400555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:39.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39f45f4f88c0825f2021-12-21 10:39:39.350root 11241100x8000000000000000400556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:39.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2219dee9566565212021-12-21 10:39:39.350root 11241100x8000000000000000400557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:39.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a86f11bc75cc4f22021-12-21 10:39:39.350root 11241100x8000000000000000400558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:39.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd13b51a3fd5eee02021-12-21 10:39:39.350root 11241100x8000000000000000400559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:39.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4af054e679613b22021-12-21 10:39:39.351root 11241100x8000000000000000400560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:39.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c322a4bbf0a09682021-12-21 10:39:39.351root 11241100x8000000000000000400561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:39.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d54df2ddebc46f72021-12-21 10:39:39.351root 11241100x8000000000000000400562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:39.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ea7802aa3e5c742021-12-21 10:39:39.351root 11241100x8000000000000000400563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:39.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d11d4f7b4bc4cd2021-12-21 10:39:39.351root 11241100x8000000000000000400564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ae924a28f2ecb92021-12-21 10:39:39.693root 11241100x8000000000000000400565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ca59e88d1c5a482021-12-21 10:39:39.694root 11241100x8000000000000000400566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d5420a475d18272021-12-21 10:39:39.694root 11241100x8000000000000000400567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.109a737a78020c0c2021-12-21 10:39:39.694root 11241100x8000000000000000400568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fab10cc31af2cadd2021-12-21 10:39:39.695root 11241100x8000000000000000400569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58a04034b67b33a2021-12-21 10:39:39.695root 11241100x8000000000000000400570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bedae28e2c76f17f2021-12-21 10:39:39.695root 11241100x8000000000000000400571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93de1bf521730ddf2021-12-21 10:39:39.696root 11241100x8000000000000000400572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.135736cbec5a1a812021-12-21 10:39:39.696root 11241100x8000000000000000400573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd2d320fd4d73f862021-12-21 10:39:39.696root 11241100x8000000000000000400574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ce38872d63bd282021-12-21 10:39:39.696root 11241100x8000000000000000400575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca92a7ff833af732021-12-21 10:39:39.696root 11241100x8000000000000000400576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d263cae68ac91a602021-12-21 10:39:39.696root 11241100x8000000000000000400577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d796a852737aba752021-12-21 10:39:39.696root 11241100x8000000000000000400578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feed54988de572412021-12-21 10:39:39.696root 11241100x8000000000000000400579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b2cb7e4a6f5123a2021-12-21 10:39:39.696root 11241100x8000000000000000400580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.510af90ecffafbc32021-12-21 10:39:39.696root 11241100x8000000000000000400581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c09cd32ccfe498d2021-12-21 10:39:39.696root 11241100x8000000000000000400582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b942e22306b136a2021-12-21 10:39:39.696root 11241100x8000000000000000400583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59b49b25572788f2021-12-21 10:39:39.697root 11241100x8000000000000000400584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a37d91a483d0472021-12-21 10:39:39.697root 11241100x8000000000000000400585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b237e4c9ee7a9f02021-12-21 10:39:39.697root 11241100x8000000000000000400586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21bf0c336b974a252021-12-21 10:39:39.697root 11241100x8000000000000000400587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7439b8cfccee0592021-12-21 10:39:39.697root 11241100x8000000000000000400588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39960419af71506a2021-12-21 10:39:40.193root 11241100x8000000000000000400589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89e52647bb311ecc2021-12-21 10:39:40.193root 11241100x8000000000000000400590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.399bd42a2d6790842021-12-21 10:39:40.194root 11241100x8000000000000000400591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c3e9af6d2e861a2021-12-21 10:39:40.194root 11241100x8000000000000000400592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.167bcac7fdf3f1812021-12-21 10:39:40.194root 11241100x8000000000000000400593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.425d6f3454ca233f2021-12-21 10:39:40.195root 11241100x8000000000000000400594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0004914f33a0114d2021-12-21 10:39:40.195root 11241100x8000000000000000400595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f32de6e7e3075022021-12-21 10:39:40.195root 11241100x8000000000000000400596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fba77651f77ef822021-12-21 10:39:40.195root 11241100x8000000000000000400597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4844ab9c087ac42021-12-21 10:39:40.195root 11241100x8000000000000000400598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca1ba2304db5ecad2021-12-21 10:39:40.195root 11241100x8000000000000000400599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75726c1040bc96262021-12-21 10:39:40.195root 11241100x8000000000000000400600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e19308ec2d9db382021-12-21 10:39:40.195root 11241100x8000000000000000400601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b428eaedc445ad6b2021-12-21 10:39:40.195root 11241100x8000000000000000400602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.868e55855437cc1c2021-12-21 10:39:40.195root 11241100x8000000000000000400603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5289f26d20f4b612021-12-21 10:39:40.195root 11241100x8000000000000000400604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20de14f03adbf8722021-12-21 10:39:40.195root 11241100x8000000000000000400605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.143044c8a7be5e452021-12-21 10:39:40.195root 11241100x8000000000000000400606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ee3f3fd8d758902021-12-21 10:39:40.195root 11241100x8000000000000000400607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a2fe6042c0d4342021-12-21 10:39:40.195root 11241100x8000000000000000400608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9291bf8f1502e4fc2021-12-21 10:39:40.196root 11241100x8000000000000000400609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09512fd87ceceea02021-12-21 10:39:40.196root 11241100x8000000000000000400610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bef6ca0b9e7648802021-12-21 10:39:40.196root 11241100x8000000000000000400611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56d963921e5a05b82021-12-21 10:39:40.196root 11241100x8000000000000000400612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:40.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01bf279e22a878b52021-12-21 10:39:40.692root 11241100x8000000000000000400613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f7b39d46a507a0e2021-12-21 10:39:40.693root 11241100x8000000000000000400614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4af5dbf59c6a8622021-12-21 10:39:40.693root 11241100x8000000000000000400615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2fb878bf710b4a82021-12-21 10:39:40.693root 11241100x8000000000000000400616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e445a921719c1592021-12-21 10:39:40.693root 11241100x8000000000000000400617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3886900c9257fab2021-12-21 10:39:40.693root 11241100x8000000000000000400618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c449036d81ec660f2021-12-21 10:39:40.694root 11241100x8000000000000000400619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6be0d7702d8f381c2021-12-21 10:39:40.694root 11241100x8000000000000000400620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36ac2f3dfcc457412021-12-21 10:39:40.694root 11241100x8000000000000000400621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7278d66afbaeb6e02021-12-21 10:39:40.694root 11241100x8000000000000000400622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dacafcf0f7522cc2021-12-21 10:39:40.694root 11241100x8000000000000000400623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d06320a09d3d462021-12-21 10:39:40.694root 11241100x8000000000000000400624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb67be9c287ae472021-12-21 10:39:40.694root 11241100x8000000000000000400625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a79327908dbcbf2021-12-21 10:39:40.694root 11241100x8000000000000000400626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a6b04ba15111af2021-12-21 10:39:40.694root 11241100x8000000000000000400627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d417783a6fa39122021-12-21 10:39:40.694root 11241100x8000000000000000400628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.694839a8166f857f2021-12-21 10:39:40.694root 11241100x8000000000000000400629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07cf3c56c48b522c2021-12-21 10:39:40.695root 11241100x8000000000000000400630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7abec02bba5cf7ce2021-12-21 10:39:40.695root 11241100x8000000000000000400631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af32baaaaf442232021-12-21 10:39:40.695root 11241100x8000000000000000400632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8221076388519c602021-12-21 10:39:40.695root 11241100x8000000000000000400633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c93eb6c6769575b82021-12-21 10:39:40.695root 11241100x8000000000000000400634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda71648c751ccbe2021-12-21 10:39:40.695root 11241100x8000000000000000400635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.437c4499e3f9da2b2021-12-21 10:39:40.695root 11241100x8000000000000000400636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3cc61162516e4922021-12-21 10:39:40.695root 11241100x8000000000000000400637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.892075d4990294c52021-12-21 10:39:40.695root 11241100x8000000000000000400638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989ce01539cba0182021-12-21 10:39:40.695root 11241100x8000000000000000400639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad0ac41a5771d9a02021-12-21 10:39:41.193root 11241100x8000000000000000400640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff9ff443e158d6c92021-12-21 10:39:41.193root 11241100x8000000000000000400641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ccc283b5c3ef6f32021-12-21 10:39:41.193root 11241100x8000000000000000400642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b6e7ac2dc521752021-12-21 10:39:41.193root 11241100x8000000000000000400643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e84cbf0de3b2b22021-12-21 10:39:41.194root 11241100x8000000000000000400644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.375649143c7a61222021-12-21 10:39:41.194root 11241100x8000000000000000400645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f24edad1b2fd4b762021-12-21 10:39:41.194root 11241100x8000000000000000400646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b467e1bbb959b32021-12-21 10:39:41.194root 11241100x8000000000000000400647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d8691ac4f78d3f42021-12-21 10:39:41.195root 11241100x8000000000000000400648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a578351a4838182021-12-21 10:39:41.195root 11241100x8000000000000000400649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13393b00e35cde222021-12-21 10:39:41.195root 11241100x8000000000000000400650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.070808e6074899082021-12-21 10:39:41.195root 11241100x8000000000000000400651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1447fd2cf8834ace2021-12-21 10:39:41.195root 11241100x8000000000000000400652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.905e9e480852ebd12021-12-21 10:39:41.195root 11241100x8000000000000000400653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9f0792c9c0766b2021-12-21 10:39:41.195root 11241100x8000000000000000400654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a94c36f4850b4fe2021-12-21 10:39:41.195root 11241100x8000000000000000400655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0f07ea9b951f9e52021-12-21 10:39:41.195root 11241100x8000000000000000400656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06ec4d8cf223c1d22021-12-21 10:39:41.195root 11241100x8000000000000000400657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd7e90400caca9592021-12-21 10:39:41.195root 11241100x8000000000000000400658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a82d2d2a44444f352021-12-21 10:39:41.195root 11241100x8000000000000000400659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f8d4b74038969db2021-12-21 10:39:41.195root 11241100x8000000000000000400660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7489ca8bffc6002021-12-21 10:39:41.195root 11241100x8000000000000000400661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea0845c7e77846b2021-12-21 10:39:41.195root 11241100x8000000000000000400662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4abeb91fcda8a862021-12-21 10:39:41.196root 11241100x8000000000000000400663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.632feacd981506fd2021-12-21 10:39:41.693root 11241100x8000000000000000400664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f450a1756c4e09042021-12-21 10:39:41.693root 11241100x8000000000000000400665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f0c8bccbfa0e9182021-12-21 10:39:41.694root 11241100x8000000000000000400666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.241c2c7e03f305b62021-12-21 10:39:41.694root 11241100x8000000000000000400667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a033dc6a505518392021-12-21 10:39:41.695root 11241100x8000000000000000400668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f1bdd248b832852021-12-21 10:39:41.695root 11241100x8000000000000000400669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.009e4b981dfafb8f2021-12-21 10:39:41.696root 11241100x8000000000000000400670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7739407f5f1e966d2021-12-21 10:39:41.696root 11241100x8000000000000000400671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d80b1a502541ec022021-12-21 10:39:41.696root 11241100x8000000000000000400672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41489b97f088d7b52021-12-21 10:39:41.697root 11241100x8000000000000000400673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c40cec0806b9a12021-12-21 10:39:41.697root 11241100x8000000000000000400674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d6bd5f55250617b2021-12-21 10:39:41.697root 11241100x8000000000000000400675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7d4347dabc4c642021-12-21 10:39:41.697root 11241100x8000000000000000400676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b638b5dd190074b2021-12-21 10:39:41.697root 11241100x8000000000000000400677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:41.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74aa4bbc5f0a70902021-12-21 10:39:41.698root 11241100x8000000000000000400678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:41.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65dc59d99d6b53642021-12-21 10:39:41.698root 11241100x8000000000000000400679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:41.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9da324b37b3f325a2021-12-21 10:39:41.698root 11241100x8000000000000000400680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:41.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce48c3038b410292021-12-21 10:39:41.698root 11241100x8000000000000000400681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:41.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.591f58a8a5f31fb72021-12-21 10:39:41.698root 11241100x8000000000000000400682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:41.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b4ed4d0b00768a32021-12-21 10:39:41.698root 11241100x8000000000000000400683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:41.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f9748bbf8f0c4b2021-12-21 10:39:41.699root 11241100x8000000000000000400684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:41.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c98262db714ad02021-12-21 10:39:41.699root 11241100x8000000000000000400685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:41.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b3f6160ae9ae26b2021-12-21 10:39:41.699root 11241100x8000000000000000400686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:41.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd5538fb8eccf2b2021-12-21 10:39:41.699root 11241100x8000000000000000400687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:41.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f711a609a9ef17af2021-12-21 10:39:41.699root 11241100x8000000000000000400688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00fd1d1c47a20e082021-12-21 10:39:42.193root 11241100x8000000000000000400689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138e07d5ffcb965c2021-12-21 10:39:42.193root 11241100x8000000000000000400690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69a65f9507368cd22021-12-21 10:39:42.194root 11241100x8000000000000000400691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d16f4bb5f2a23e3a2021-12-21 10:39:42.194root 11241100x8000000000000000400692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e400a64e615655d2021-12-21 10:39:42.194root 11241100x8000000000000000400693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f65fddbb92527eb72021-12-21 10:39:42.195root 11241100x8000000000000000400694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2fa010b8a4cf4ea2021-12-21 10:39:42.195root 11241100x8000000000000000400695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65384ced98cecbe72021-12-21 10:39:42.195root 11241100x8000000000000000400696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b83274f1402128022021-12-21 10:39:42.196root 11241100x8000000000000000400697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2500fa983f7f55862021-12-21 10:39:42.196root 11241100x8000000000000000400698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b413659fd11d89882021-12-21 10:39:42.196root 11241100x8000000000000000400699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6251e279aa3d52972021-12-21 10:39:42.196root 11241100x8000000000000000400700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed0d532fc37bafd2021-12-21 10:39:42.196root 11241100x8000000000000000400701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9375438f0ddf5292021-12-21 10:39:42.196root 11241100x8000000000000000400702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff7bfa7047586b3c2021-12-21 10:39:42.196root 11241100x8000000000000000400703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:42.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a27701aa4d47f5d02021-12-21 10:39:42.197root 11241100x8000000000000000400704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:42.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1679757907e6c4062021-12-21 10:39:42.197root 11241100x8000000000000000400705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:42.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.719c9c1cae7910ad2021-12-21 10:39:42.197root 11241100x8000000000000000400706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:42.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d8fad312172d54d2021-12-21 10:39:42.197root 11241100x8000000000000000400707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:42.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87110554e20e8bdf2021-12-21 10:39:42.197root 11241100x8000000000000000400708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:42.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3a13d8149c102092021-12-21 10:39:42.197root 11241100x8000000000000000400709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:42.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4790095eeb2580692021-12-21 10:39:42.198root 11241100x8000000000000000400710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:42.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9958085b414f208a2021-12-21 10:39:42.198root 11241100x8000000000000000400711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:42.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3021eb8d901fd3142021-12-21 10:39:42.198root 11241100x8000000000000000400712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:42.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a437c6042e434ccf2021-12-21 10:39:42.198root 11241100x8000000000000000400713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.590fa07be7d47bc52021-12-21 10:39:42.693root 11241100x8000000000000000400714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c283dd6299d57e2d2021-12-21 10:39:42.693root 11241100x8000000000000000400715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82f390606d5d0192021-12-21 10:39:42.694root 11241100x8000000000000000400716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f72285fa57b8deaf2021-12-21 10:39:42.694root 11241100x8000000000000000400717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.054bf2a8d4ce50222021-12-21 10:39:42.695root 11241100x8000000000000000400718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d5061d364ef6372021-12-21 10:39:42.695root 11241100x8000000000000000400719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd453d858a6516c62021-12-21 10:39:42.695root 11241100x8000000000000000400720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adf537e502e04b612021-12-21 10:39:42.696root 11241100x8000000000000000400721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e0bd27afe6b0082021-12-21 10:39:42.696root 11241100x8000000000000000400722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d95117467506d7212021-12-21 10:39:42.696root 11241100x8000000000000000400723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cfc96c8a059e8d02021-12-21 10:39:42.696root 11241100x8000000000000000400724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:42.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fae0dde181d9b782021-12-21 10:39:42.697root 11241100x8000000000000000400725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:42.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f8df01053a53fb52021-12-21 10:39:42.697root 11241100x8000000000000000400726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:42.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf2cb418cc41c4352021-12-21 10:39:42.697root 11241100x8000000000000000400727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:42.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53f56fffa16ef3402021-12-21 10:39:42.698root 11241100x8000000000000000400728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:42.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91319879c32730022021-12-21 10:39:42.698root 11241100x8000000000000000400729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:42.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45154af2b0d30e4d2021-12-21 10:39:42.698root 11241100x8000000000000000400730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:42.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7db1fcf4309ba9782021-12-21 10:39:42.698root 11241100x8000000000000000400731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:42.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.302591f5e2113a982021-12-21 10:39:42.698root 11241100x8000000000000000400732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:42.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b4db2d21717afc32021-12-21 10:39:42.698root 11241100x8000000000000000400733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:42.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9617037abbd405442021-12-21 10:39:42.699root 11241100x8000000000000000400734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:42.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5188706c4aef0cfb2021-12-21 10:39:42.699root 11241100x8000000000000000400735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:42.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.239693fc42d894d12021-12-21 10:39:42.699root 11241100x8000000000000000400736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:42.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.060e49ee5a91abcb2021-12-21 10:39:42.699root 11241100x8000000000000000400737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:42.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a51919833aed2fe2021-12-21 10:39:42.699root 11241100x8000000000000000400738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d8be311a05eec792021-12-21 10:39:43.193root 11241100x8000000000000000400739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d82b9cf887e5652021-12-21 10:39:43.193root 11241100x8000000000000000400740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.522dac6ab3201aaf2021-12-21 10:39:43.193root 11241100x8000000000000000400741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf6ebe2b390da1e2021-12-21 10:39:43.194root 11241100x8000000000000000400742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d19a3f34255cdc2021-12-21 10:39:43.194root 11241100x8000000000000000400743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82ae9d94e435962a2021-12-21 10:39:43.194root 11241100x8000000000000000400744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889d4da7167ec04d2021-12-21 10:39:43.194root 11241100x8000000000000000400745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a44db0e97b650922021-12-21 10:39:43.194root 11241100x8000000000000000400746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c0795c20d503d262021-12-21 10:39:43.195root 11241100x8000000000000000400747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a480d83d7718ab2021-12-21 10:39:43.195root 11241100x8000000000000000400748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d69d38172e92a9532021-12-21 10:39:43.195root 11241100x8000000000000000400749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6460e630cb4821a72021-12-21 10:39:43.195root 11241100x8000000000000000400750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14eeabb68c5a70532021-12-21 10:39:43.195root 11241100x8000000000000000400751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4329bcb424e1033a2021-12-21 10:39:43.195root 11241100x8000000000000000400752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b0e579c6cb938282021-12-21 10:39:43.195root 11241100x8000000000000000400753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2adf5bed8674333a2021-12-21 10:39:43.196root 11241100x8000000000000000400754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f7796162590d7112021-12-21 10:39:43.196root 11241100x8000000000000000400755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b86f34568cb24a022021-12-21 10:39:43.196root 11241100x8000000000000000400756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b7808140ccbb98d2021-12-21 10:39:43.196root 11241100x8000000000000000400757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.607375f514b3b10c2021-12-21 10:39:43.196root 11241100x8000000000000000400758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be997655bfaa5b72021-12-21 10:39:43.196root 11241100x8000000000000000400759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f324b2cb21def132021-12-21 10:39:43.196root 11241100x8000000000000000400760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:43.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a0b6175ed0ef6442021-12-21 10:39:43.197root 11241100x8000000000000000400761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:43.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.185e2447d25ca3012021-12-21 10:39:43.197root 11241100x8000000000000000400762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:43.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.442ed8ced0be71e52021-12-21 10:39:43.197root 354300x8000000000000000400763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:43.256{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47420-false10.0.1.12-8000- 11241100x8000000000000000400764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35623fd647066b892021-12-21 10:39:43.693root 11241100x8000000000000000400765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.501601693ecfd0462021-12-21 10:39:43.693root 11241100x8000000000000000400766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb37addb94e712d22021-12-21 10:39:43.693root 11241100x8000000000000000400767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.004a942e359653ae2021-12-21 10:39:43.693root 11241100x8000000000000000400768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb83a2dbb799ce992021-12-21 10:39:43.693root 11241100x8000000000000000400769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b60b201c2061742021-12-21 10:39:43.693root 11241100x8000000000000000400770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3bf8b3d5e856be22021-12-21 10:39:43.693root 11241100x8000000000000000400771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36505234e6585b852021-12-21 10:39:43.693root 11241100x8000000000000000400772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e807f743d5e4ba542021-12-21 10:39:43.693root 11241100x8000000000000000400773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c2577c3a5c1f632021-12-21 10:39:43.694root 11241100x8000000000000000400774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8100fe246de547232021-12-21 10:39:43.694root 11241100x8000000000000000400775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41dee61b6951342c2021-12-21 10:39:43.694root 11241100x8000000000000000400776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d688925d75951cd2021-12-21 10:39:43.694root 11241100x8000000000000000400777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c9040a5fa5ba1652021-12-21 10:39:43.694root 11241100x8000000000000000400778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6454e363f75dc0f72021-12-21 10:39:43.694root 11241100x8000000000000000400779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f21b904c6dbb858f2021-12-21 10:39:43.694root 11241100x8000000000000000400780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64444b500b6ddcaf2021-12-21 10:39:43.694root 11241100x8000000000000000400781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa49935493c3e0e62021-12-21 10:39:43.694root 11241100x8000000000000000400782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a87579234072f92021-12-21 10:39:43.694root 11241100x8000000000000000400783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.813c40f3a6c1262a2021-12-21 10:39:43.694root 11241100x8000000000000000400784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ce18b476a1bb9e2021-12-21 10:39:43.695root 11241100x8000000000000000400785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23def4b1807a0f802021-12-21 10:39:43.695root 11241100x8000000000000000400786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d258845121e4d8682021-12-21 10:39:43.695root 11241100x8000000000000000400787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11e5ca53a2bf75522021-12-21 10:39:43.695root 11241100x8000000000000000400788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a628f89bb7ec604d2021-12-21 10:39:43.695root 11241100x8000000000000000400789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a2e2036729b1e692021-12-21 10:39:43.695root 534500x8000000000000000400790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:43.901{00000000-0000-0000-0000-000000000000}9755<unknown process>ubuntu 11241100x8000000000000000400791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:43.901{ec2b6afe-aacb-61c1-0834-fdd63c560000}5677/bin/bash/tmp/sh-thd.woD2Jk2021-12-21 10:39:43.901ubuntu 23542300x8000000000000000400792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:43.901{ec2b6afe-aacb-61c1-0834-fdd63c560000}5677ubuntu/bin/bash/tmp/sh-thd.woD2Jk--- 534500x8000000000000000400793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:43.903{00000000-0000-0000-0000-000000000000}9756<unknown process>ubuntu 11241100x8000000000000000400794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:43.903{ec2b6afe-aacb-61c1-0834-fdd63c560000}5677/bin/bash/tmp/sh-thd.zJMwdE2021-12-21 10:39:43.903ubuntu 23542300x8000000000000000400795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:43.903{ec2b6afe-aacb-61c1-0834-fdd63c560000}5677ubuntu/bin/bash/tmp/sh-thd.zJMwdE--- 11241100x8000000000000000400796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8690f7508182a7792021-12-21 10:39:44.193root 11241100x8000000000000000400797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d20207dc7b18fbfb2021-12-21 10:39:44.193root 11241100x8000000000000000400798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e636ff91a88e5d2021-12-21 10:39:44.193root 11241100x8000000000000000400799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da53e21a8ba33962021-12-21 10:39:44.194root 11241100x8000000000000000400800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3381e462f2bf04fa2021-12-21 10:39:44.194root 11241100x8000000000000000400801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a84a02922401dc322021-12-21 10:39:44.194root 11241100x8000000000000000400802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c066bf3f0d5e704a2021-12-21 10:39:44.194root 11241100x8000000000000000400803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.801ef0ed469f48a62021-12-21 10:39:44.194root 11241100x8000000000000000400804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d934caf2657ca72021-12-21 10:39:44.194root 11241100x8000000000000000400805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e02e688a7f3272452021-12-21 10:39:44.194root 11241100x8000000000000000400806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcf7f711e61ddc432021-12-21 10:39:44.194root 11241100x8000000000000000400807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf399f878658eadd2021-12-21 10:39:44.194root 11241100x8000000000000000400808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc56ffad5cbaa562021-12-21 10:39:44.195root 11241100x8000000000000000400809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3215b5a3339661172021-12-21 10:39:44.195root 11241100x8000000000000000400810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b8562b4985e6072021-12-21 10:39:44.195root 11241100x8000000000000000400811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9375d5dd86b994aa2021-12-21 10:39:44.195root 11241100x8000000000000000400812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e72dd1f3f7fbaf72021-12-21 10:39:44.195root 11241100x8000000000000000400813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d90400af6c1fa62021-12-21 10:39:44.195root 11241100x8000000000000000400814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cccba47ddd236a42021-12-21 10:39:44.195root 11241100x8000000000000000400815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e490f4a6ae05ca42021-12-21 10:39:44.195root 11241100x8000000000000000400816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.391186c3c626d7082021-12-21 10:39:44.196root 11241100x8000000000000000400817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f380bf82b2436ad22021-12-21 10:39:44.196root 11241100x8000000000000000400818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.703eac59515d0a672021-12-21 10:39:44.196root 11241100x8000000000000000400819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ef08abb65621baf2021-12-21 10:39:44.196root 11241100x8000000000000000400820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f607fc64b6dbd512021-12-21 10:39:44.196root 11241100x8000000000000000400821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f7e1a074e8f993e2021-12-21 10:39:44.196root 11241100x8000000000000000400822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f89b7bf95630682021-12-21 10:39:44.196root 11241100x8000000000000000400823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab4fd07fd3e77df32021-12-21 10:39:44.196root 11241100x8000000000000000400824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f64fc91f1c23f362021-12-21 10:39:44.196root 11241100x8000000000000000400825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.004d351671192d8a2021-12-21 10:39:44.197root 11241100x8000000000000000400826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22b52ade390f443c2021-12-21 10:39:44.197root 11241100x8000000000000000400827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f92281d6ea208802021-12-21 10:39:44.692root 11241100x8000000000000000400828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0083879516cc40e2021-12-21 10:39:44.693root 11241100x8000000000000000400829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79da14285b2e352f2021-12-21 10:39:44.693root 11241100x8000000000000000400830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed797aa91fe4c4552021-12-21 10:39:44.693root 11241100x8000000000000000400831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3407bfda0119147e2021-12-21 10:39:44.693root 11241100x8000000000000000400832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c2c6f65681733fd2021-12-21 10:39:44.693root 11241100x8000000000000000400833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d40d4b6f205a6302021-12-21 10:39:44.693root 11241100x8000000000000000400834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b0d4c8c55c9c3e2021-12-21 10:39:44.693root 11241100x8000000000000000400835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad21a8f33fcb372e2021-12-21 10:39:44.693root 11241100x8000000000000000400836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70cd67d3dea4fd882021-12-21 10:39:44.694root 11241100x8000000000000000400837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d80702abe356222021-12-21 10:39:44.694root 11241100x8000000000000000400838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9756d6334babf7862021-12-21 10:39:44.694root 11241100x8000000000000000400839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.831f8578f15b17fe2021-12-21 10:39:44.694root 11241100x8000000000000000400840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ef5f71f29f62432021-12-21 10:39:44.694root 11241100x8000000000000000400841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff28921379f5491e2021-12-21 10:39:44.694root 11241100x8000000000000000400842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba6698923c4592e2021-12-21 10:39:44.694root 11241100x8000000000000000400843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8690f5c084c7922021-12-21 10:39:44.694root 11241100x8000000000000000400844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.346835d9d67d2d422021-12-21 10:39:44.694root 11241100x8000000000000000400845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa82ff25e7a3bff2021-12-21 10:39:44.694root 11241100x8000000000000000400846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d375cdd48a4703f2021-12-21 10:39:44.694root 11241100x8000000000000000400847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c91baa084e7cdd02021-12-21 10:39:44.695root 11241100x8000000000000000400848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7263a3909939f3862021-12-21 10:39:44.695root 11241100x8000000000000000400849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b37c21175bb18b2021-12-21 10:39:44.695root 11241100x8000000000000000400850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a38287e24ef30822021-12-21 10:39:44.695root 11241100x8000000000000000400851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d31082285ceb392021-12-21 10:39:44.695root 11241100x8000000000000000400852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dc4e202b7d8e0192021-12-21 10:39:44.695root 11241100x8000000000000000400853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09e6a9c062c1ae012021-12-21 10:39:44.695root 11241100x8000000000000000400854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b265e4f488f69d612021-12-21 10:39:44.695root 11241100x8000000000000000400855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ccf8104e8990b32021-12-21 10:39:44.695root 11241100x8000000000000000400856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e891007178ae992021-12-21 10:39:44.696root 11241100x8000000000000000400857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc6381df20b5f0db2021-12-21 10:39:44.696root 11241100x8000000000000000400858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9338a4e1deb630422021-12-21 10:39:44.696root 11241100x8000000000000000400859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7907db6083505e642021-12-21 10:39:44.696root 11241100x8000000000000000400860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e47512520ca12e2021-12-21 10:39:44.696root 11241100x8000000000000000400861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.142a7a1777a73eff2021-12-21 10:39:44.696root 11241100x8000000000000000400862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf77bc24439d75d2021-12-21 10:39:44.696root 11241100x8000000000000000400863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23841fcff705cba52021-12-21 10:39:44.696root 11241100x8000000000000000400864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b5cba9188e4d5142021-12-21 10:39:44.696root 11241100x8000000000000000400865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69eabe639a6e981d2021-12-21 10:39:44.696root 11241100x8000000000000000400866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b303c45d7bf51f7d2021-12-21 10:39:44.696root 11241100x8000000000000000400867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8950ba6632b2a602021-12-21 10:39:44.696root 11241100x8000000000000000400868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c53df9a82772e5602021-12-21 10:39:44.697root 11241100x8000000000000000400869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:44.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91826f3cad103ddb2021-12-21 10:39:44.697root 11241100x8000000000000000400870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1efe9c8f7a7f857d2021-12-21 10:39:45.192root 11241100x8000000000000000400871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05e064be81de5f732021-12-21 10:39:45.193root 11241100x8000000000000000400872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22779583e5ddddf2021-12-21 10:39:45.193root 11241100x8000000000000000400873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd9fc1c495d2e522021-12-21 10:39:45.194root 11241100x8000000000000000400874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.810651a22279848b2021-12-21 10:39:45.194root 11241100x8000000000000000400875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10bc20c71d64d0d52021-12-21 10:39:45.194root 11241100x8000000000000000400876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea52d79b1ac98a62021-12-21 10:39:45.194root 11241100x8000000000000000400877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03287973cee0aba02021-12-21 10:39:45.194root 11241100x8000000000000000400878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d4569c0aa2d770d2021-12-21 10:39:45.195root 11241100x8000000000000000400879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d3c8978bd23b1b92021-12-21 10:39:45.195root 11241100x8000000000000000400880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f2a9c1f0a0210552021-12-21 10:39:45.195root 11241100x8000000000000000400881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76fe1b4e5a2887c32021-12-21 10:39:45.196root 11241100x8000000000000000400882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a1d766f4ed70e532021-12-21 10:39:45.197root 11241100x8000000000000000400883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3262be3d1a1f036a2021-12-21 10:39:45.197root 11241100x8000000000000000400884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f106063f02718f062021-12-21 10:39:45.197root 11241100x8000000000000000400885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0529f3a6406f04e2021-12-21 10:39:45.197root 11241100x8000000000000000400886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.669093d5b102661e2021-12-21 10:39:45.198root 11241100x8000000000000000400887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c24d145043b26aa12021-12-21 10:39:45.198root 11241100x8000000000000000400888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9b4768a8c0320642021-12-21 10:39:45.198root 11241100x8000000000000000400889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46aa3bcc6d6063cc2021-12-21 10:39:45.199root 11241100x8000000000000000400890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a33f9fb0a1884f52021-12-21 10:39:45.199root 11241100x8000000000000000400891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66a99374b6aed4d82021-12-21 10:39:45.199root 11241100x8000000000000000400892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a2c1fe43aa7b1d2021-12-21 10:39:45.199root 11241100x8000000000000000400893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf7fe78525c6551d2021-12-21 10:39:45.200root 11241100x8000000000000000400894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c821c647bd35d24d2021-12-21 10:39:45.200root 11241100x8000000000000000400895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ca00b33a264fc02021-12-21 10:39:45.200root 11241100x8000000000000000400896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f237458ea95ed6ce2021-12-21 10:39:45.200root 11241100x8000000000000000400897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ebf201861627a52021-12-21 10:39:45.200root 11241100x8000000000000000400898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f24373c687c2652021-12-21 10:39:45.201root 11241100x8000000000000000400899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10477fe0e86ecc442021-12-21 10:39:45.201root 11241100x8000000000000000400900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1f7b561f20d4c412021-12-21 10:39:45.201root 11241100x8000000000000000400901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b0e1e245fc64542021-12-21 10:39:45.201root 11241100x8000000000000000400902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.716ac28bb7f5e3ff2021-12-21 10:39:45.201root 11241100x8000000000000000400903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab479d44146f33262021-12-21 10:39:45.201root 11241100x8000000000000000400904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5381d994cecdde2021-12-21 10:39:45.202root 11241100x8000000000000000400905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc93bbbbc4064422021-12-21 10:39:45.202root 11241100x8000000000000000400906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e57e8fdab9bc9b2021-12-21 10:39:45.202root 11241100x8000000000000000400907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a0982fc09b92e72021-12-21 10:39:45.202root 11241100x8000000000000000400908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b366557f77266d2021-12-21 10:39:45.202root 11241100x8000000000000000400909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ca35e6cf04d17872021-12-21 10:39:45.693root 11241100x8000000000000000400910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7121757271da09d52021-12-21 10:39:45.693root 11241100x8000000000000000400911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a629c8d223b077c2021-12-21 10:39:45.694root 11241100x8000000000000000400912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed59af7896b7571b2021-12-21 10:39:45.694root 11241100x8000000000000000400913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f1e61cf8a138e12021-12-21 10:39:45.694root 11241100x8000000000000000400914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24ad5cf2d76b69c82021-12-21 10:39:45.694root 11241100x8000000000000000400915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f365b42f28c7a13b2021-12-21 10:39:45.695root 11241100x8000000000000000400916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab74eca3fb8323c2021-12-21 10:39:45.695root 11241100x8000000000000000400917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f9eee74b0919ef2021-12-21 10:39:45.695root 11241100x8000000000000000400918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c505a5d19eabb2822021-12-21 10:39:45.695root 11241100x8000000000000000400919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5477afb5caabdf9a2021-12-21 10:39:45.695root 11241100x8000000000000000400920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e96501635fedada2021-12-21 10:39:45.695root 11241100x8000000000000000400921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8e1dfca2d78f632021-12-21 10:39:45.696root 11241100x8000000000000000400922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ac1b34146f3f7fb2021-12-21 10:39:45.696root 11241100x8000000000000000400923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2c066c2c4afdb252021-12-21 10:39:45.696root 11241100x8000000000000000400924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ef189d739dc848d2021-12-21 10:39:45.696root 11241100x8000000000000000400925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89287fa5985a7dcf2021-12-21 10:39:45.696root 11241100x8000000000000000400926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0149cff6bab054c02021-12-21 10:39:45.696root 11241100x8000000000000000400927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0175f946e3c648ae2021-12-21 10:39:45.696root 11241100x8000000000000000400928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af2b0755e77476582021-12-21 10:39:45.696root 11241100x8000000000000000400929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f72250d4785a132021-12-21 10:39:45.696root 11241100x8000000000000000400930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1104e2ce393b285e2021-12-21 10:39:45.697root 11241100x8000000000000000400931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b996e32858444042021-12-21 10:39:45.697root 11241100x8000000000000000400932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59abafdf5eeb56312021-12-21 10:39:45.697root 11241100x8000000000000000400933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e363e2384dc1ee682021-12-21 10:39:45.697root 11241100x8000000000000000400934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6279e1de3fd9d4122021-12-21 10:39:45.697root 11241100x8000000000000000400935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1116632fd5a9dad2021-12-21 10:39:45.697root 11241100x8000000000000000400936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db06df772eefc6fd2021-12-21 10:39:45.697root 11241100x8000000000000000400937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acee19cef8dde6b42021-12-21 10:39:45.697root 11241100x8000000000000000400938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a6e4a684aa3263b2021-12-21 10:39:45.698root 11241100x8000000000000000400939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52f48231b057fff12021-12-21 10:39:45.698root 11241100x8000000000000000400940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1f1bf0cc96ab392021-12-21 10:39:45.698root 11241100x8000000000000000400941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:45.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55fa95fbfcbfab1c2021-12-21 10:39:45.698root 11241100x8000000000000000400942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c688eb68d83ace02021-12-21 10:39:46.193root 11241100x8000000000000000400943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7094287cc8ba73d2021-12-21 10:39:46.193root 11241100x8000000000000000400944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89cac0144c43786d2021-12-21 10:39:46.193root 11241100x8000000000000000400945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc707f11c9dd1d62021-12-21 10:39:46.194root 11241100x8000000000000000400946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b368087b6fcaff2021-12-21 10:39:46.194root 11241100x8000000000000000400947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3855aef2213d6972021-12-21 10:39:46.194root 11241100x8000000000000000400948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2411f3f16fe6037d2021-12-21 10:39:46.194root 11241100x8000000000000000400949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.543bae07529878c22021-12-21 10:39:46.194root 11241100x8000000000000000400950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa35ef336531389a2021-12-21 10:39:46.194root 11241100x8000000000000000400951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e282b38ae90b3b172021-12-21 10:39:46.194root 11241100x8000000000000000400952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce23ba9b18d5b2f82021-12-21 10:39:46.194root 11241100x8000000000000000400953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f1255180763e4032021-12-21 10:39:46.194root 11241100x8000000000000000400954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd785fe302ca36582021-12-21 10:39:46.195root 11241100x8000000000000000400955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c774b91ff990d062021-12-21 10:39:46.195root 11241100x8000000000000000400956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d85741668ac64192021-12-21 10:39:46.195root 11241100x8000000000000000400957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feeca6386760f5b32021-12-21 10:39:46.195root 11241100x8000000000000000400958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d885ab64db3341262021-12-21 10:39:46.195root 11241100x8000000000000000400959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f595eebbd1f569e62021-12-21 10:39:46.195root 11241100x8000000000000000400960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.694b1db811388b582021-12-21 10:39:46.195root 11241100x8000000000000000400961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f25a34ecb4902592021-12-21 10:39:46.195root 11241100x8000000000000000400962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6ba718888b0e94a2021-12-21 10:39:46.195root 11241100x8000000000000000400963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e94bbeca4e7686c2021-12-21 10:39:46.195root 11241100x8000000000000000400964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eba8e9d04a3cb3742021-12-21 10:39:46.195root 11241100x8000000000000000400965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33529b54c868f8302021-12-21 10:39:46.196root 11241100x8000000000000000400966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ae6c927c46386f2021-12-21 10:39:46.196root 11241100x8000000000000000400967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.961c2bbc3c7fdd2e2021-12-21 10:39:46.196root 11241100x8000000000000000400968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08aceca61317c1fa2021-12-21 10:39:46.196root 11241100x8000000000000000400969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc76d822583e9e02021-12-21 10:39:46.196root 11241100x8000000000000000400970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e5f46eeebe532492021-12-21 10:39:46.196root 11241100x8000000000000000400971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa746155be3b40992021-12-21 10:39:46.196root 11241100x8000000000000000400972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b160cfd19d429bed2021-12-21 10:39:46.196root 11241100x8000000000000000400973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44dab4bddc3956c42021-12-21 10:39:46.196root 11241100x8000000000000000400974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d4fc65570a487c2021-12-21 10:39:46.196root 11241100x8000000000000000400975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df122d113aa121ac2021-12-21 10:39:46.197root 11241100x8000000000000000400976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cfab989542a44a42021-12-21 10:39:46.693root 11241100x8000000000000000400977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a21eeda859122932021-12-21 10:39:46.693root 11241100x8000000000000000400978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.402f5c5426c07c2c2021-12-21 10:39:46.693root 11241100x8000000000000000400979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96db4ae87e797952021-12-21 10:39:46.694root 11241100x8000000000000000400980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c4aca3b12b39bc2021-12-21 10:39:46.694root 11241100x8000000000000000400981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7341f07e37f50be12021-12-21 10:39:46.695root 11241100x8000000000000000400982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e5d72a956e5f1892021-12-21 10:39:46.695root 11241100x8000000000000000400983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.303f5733614731c12021-12-21 10:39:46.695root 11241100x8000000000000000400984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df939010447571ce2021-12-21 10:39:46.695root 11241100x8000000000000000400985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b91f3d0c6ce3f92021-12-21 10:39:46.695root 11241100x8000000000000000400986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a39fbedfaf01d862021-12-21 10:39:46.695root 11241100x8000000000000000400987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efd009ad41700c202021-12-21 10:39:46.696root 11241100x8000000000000000400988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be2af4db0f85b4722021-12-21 10:39:46.696root 11241100x8000000000000000400989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.237e21c80b42f4fb2021-12-21 10:39:46.696root 11241100x8000000000000000400990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a703193a2a6a0e232021-12-21 10:39:46.696root 11241100x8000000000000000400991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c719e3d5d4e119842021-12-21 10:39:46.696root 11241100x8000000000000000400992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cb57399cfe3d4522021-12-21 10:39:46.697root 11241100x8000000000000000400993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f5a8bd7a4e2acc2021-12-21 10:39:46.697root 11241100x8000000000000000400994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c63428c967ef912021-12-21 10:39:46.697root 11241100x8000000000000000400995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c1b5b128dbd7362021-12-21 10:39:46.697root 11241100x8000000000000000400996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b6788eabaacf2962021-12-21 10:39:46.697root 11241100x8000000000000000400997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4861bd49c24386c62021-12-21 10:39:46.697root 11241100x8000000000000000400998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b16c7406e1cac0002021-12-21 10:39:46.698root 11241100x8000000000000000400999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d2bc02e81d91de2021-12-21 10:39:46.698root 11241100x8000000000000000401000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56ffd7bafdaacc472021-12-21 10:39:46.698root 11241100x8000000000000000401001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f649eb41255b06e82021-12-21 10:39:46.698root 11241100x8000000000000000401002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.520b9ca71fa861e42021-12-21 10:39:46.698root 11241100x8000000000000000401003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e2bff8b0748cd582021-12-21 10:39:46.699root 11241100x8000000000000000401004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.993cbbc93b53e7992021-12-21 10:39:46.699root 11241100x8000000000000000401005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.479562fc7a6afbab2021-12-21 10:39:46.699root 11241100x8000000000000000401006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.532da9afefed4ae72021-12-21 10:39:46.699root 11241100x8000000000000000401007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c70ed0b374b41e1f2021-12-21 10:39:46.699root 11241100x8000000000000000401008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dee4fa745cfc3fb42021-12-21 10:39:46.699root 11241100x8000000000000000401009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:46.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c26e6e6df8369c832021-12-21 10:39:46.700root 11241100x8000000000000000401010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2519f2c8a0028b562021-12-21 10:39:47.193root 11241100x8000000000000000401011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.415aa4a67be0bb7e2021-12-21 10:39:47.193root 11241100x8000000000000000401012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb87df42f87dcf372021-12-21 10:39:47.194root 11241100x8000000000000000401013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c291064daf015fe82021-12-21 10:39:47.194root 11241100x8000000000000000401014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3071cd78fa6ae9fb2021-12-21 10:39:47.194root 11241100x8000000000000000401015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d334479d1b472ee2021-12-21 10:39:47.194root 11241100x8000000000000000401016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f9f8b1d4475024c2021-12-21 10:39:47.194root 11241100x8000000000000000401017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.827b59f3faaf591b2021-12-21 10:39:47.194root 11241100x8000000000000000401018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e56dda6c3278b8c92021-12-21 10:39:47.194root 11241100x8000000000000000401019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a30ef272c0445ca2021-12-21 10:39:47.194root 11241100x8000000000000000401020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c19a95edfcd660b82021-12-21 10:39:47.194root 11241100x8000000000000000401021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0539f32cf514a6f2021-12-21 10:39:47.195root 11241100x8000000000000000401022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43fa5dd98f4f50c42021-12-21 10:39:47.195root 11241100x8000000000000000401023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb09ac23c775ba282021-12-21 10:39:47.195root 11241100x8000000000000000401024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b010e6f2ed6e1ab12021-12-21 10:39:47.195root 11241100x8000000000000000401025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.170b671a90714db02021-12-21 10:39:47.195root 11241100x8000000000000000401026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c520834c664ccb2021-12-21 10:39:47.196root 11241100x8000000000000000401027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69f41402fbf8cfa52021-12-21 10:39:47.196root 11241100x8000000000000000401028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5647dbb937031c382021-12-21 10:39:47.196root 11241100x8000000000000000401029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df99012ef911ab1a2021-12-21 10:39:47.196root 11241100x8000000000000000401030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b8bd4029b3926ca2021-12-21 10:39:47.196root 11241100x8000000000000000401031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b8dc44c53142112021-12-21 10:39:47.196root 11241100x8000000000000000401032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88015ec5eacf00452021-12-21 10:39:47.196root 11241100x8000000000000000401033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aae05e4edf798832021-12-21 10:39:47.197root 11241100x8000000000000000401034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89e4c23208c095252021-12-21 10:39:47.197root 11241100x8000000000000000401035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81700737b1487f0a2021-12-21 10:39:47.197root 11241100x8000000000000000401036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e944ab3ec07f139e2021-12-21 10:39:47.197root 11241100x8000000000000000401037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a40cef61038e4a52021-12-21 10:39:47.197root 11241100x8000000000000000401038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53db2ef9a77704fc2021-12-21 10:39:47.197root 11241100x8000000000000000401039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62162eb7679243df2021-12-21 10:39:47.197root 11241100x8000000000000000401040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c127329277e89b22021-12-21 10:39:47.197root 11241100x8000000000000000401041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd9b966627ff19b2021-12-21 10:39:47.693root 11241100x8000000000000000401042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c264a8cd2a1cb0aa2021-12-21 10:39:47.694root 11241100x8000000000000000401043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.631a0ee6dd75f1762021-12-21 10:39:47.694root 11241100x8000000000000000401044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d470b111f91dc3d72021-12-21 10:39:47.694root 11241100x8000000000000000401045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970624fe26f4fe252021-12-21 10:39:47.694root 11241100x8000000000000000401046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8574dac62cb8e052021-12-21 10:39:47.694root 11241100x8000000000000000401047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e079a9e074a3558d2021-12-21 10:39:47.695root 11241100x8000000000000000401048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc76ada2708f2682021-12-21 10:39:47.695root 11241100x8000000000000000401049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc780bbd54084682021-12-21 10:39:47.695root 11241100x8000000000000000401050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a7ecf522bcca6a2021-12-21 10:39:47.695root 11241100x8000000000000000401051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a2b7936d42063f2021-12-21 10:39:47.695root 11241100x8000000000000000401052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3104294a8c9dd55e2021-12-21 10:39:47.695root 11241100x8000000000000000401053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c2a87d82e83bc802021-12-21 10:39:47.696root 11241100x8000000000000000401054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3689fc350a306f3c2021-12-21 10:39:47.696root 11241100x8000000000000000401055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1786d9c8a2493312021-12-21 10:39:47.696root 11241100x8000000000000000401056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3366f4543fea26c22021-12-21 10:39:47.696root 11241100x8000000000000000401057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d63950a7c25a052021-12-21 10:39:47.696root 11241100x8000000000000000401058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af0d29d163a30002021-12-21 10:39:47.696root 11241100x8000000000000000401059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bef74783d7185712021-12-21 10:39:47.696root 11241100x8000000000000000401060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439c935cb1e014932021-12-21 10:39:47.696root 11241100x8000000000000000401061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9867f74f261a12302021-12-21 10:39:47.696root 11241100x8000000000000000401062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.251b7fa4e2b4d9002021-12-21 10:39:47.696root 11241100x8000000000000000401063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56efdbd4c675597e2021-12-21 10:39:47.697root 11241100x8000000000000000401064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e337a2c0288f662021-12-21 10:39:47.697root 11241100x8000000000000000401065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.288143a13eba0c492021-12-21 10:39:47.697root 11241100x8000000000000000401066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9cd266f297d0aba2021-12-21 10:39:47.697root 11241100x8000000000000000401067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3126c49dd631d8032021-12-21 10:39:47.697root 11241100x8000000000000000401068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c98b8db698516b3a2021-12-21 10:39:47.697root 11241100x8000000000000000401069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e16f40b21db5172021-12-21 10:39:47.697root 11241100x8000000000000000401070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc0f481f2a678da2021-12-21 10:39:47.697root 11241100x8000000000000000401071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:47.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f5f71a5981bc1e92021-12-21 10:39:47.697root 11241100x8000000000000000401072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115f7856cf8f56cf2021-12-21 10:39:48.193root 11241100x8000000000000000401073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7407e205c9020cb52021-12-21 10:39:48.193root 11241100x8000000000000000401074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d1c7b451461741b2021-12-21 10:39:48.193root 11241100x8000000000000000401075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b2c5618bada751a2021-12-21 10:39:48.194root 11241100x8000000000000000401076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.811729fb4b49ac992021-12-21 10:39:48.194root 11241100x8000000000000000401077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2585b4bf40e61c82021-12-21 10:39:48.194root 11241100x8000000000000000401078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e880acd57e95ea2021-12-21 10:39:48.194root 11241100x8000000000000000401079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7161e1395338c67b2021-12-21 10:39:48.195root 11241100x8000000000000000401080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb70beaff4976d22021-12-21 10:39:48.195root 11241100x8000000000000000401081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40081ff919a4db4e2021-12-21 10:39:48.195root 11241100x8000000000000000401082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb53677fa169609b2021-12-21 10:39:48.195root 11241100x8000000000000000401083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61aa7ea4fb0c6612021-12-21 10:39:48.195root 11241100x8000000000000000401084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2952c70c8f7804b72021-12-21 10:39:48.196root 11241100x8000000000000000401085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d59842818f991d52021-12-21 10:39:48.196root 11241100x8000000000000000401086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d82d8808e7ff64a32021-12-21 10:39:48.196root 11241100x8000000000000000401087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f890b69f7731e9582021-12-21 10:39:48.196root 11241100x8000000000000000401088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6faefbbfd9ba2c212021-12-21 10:39:48.196root 11241100x8000000000000000401089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e668224092c8512021-12-21 10:39:48.196root 11241100x8000000000000000401090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5111ed6ec79ecc162021-12-21 10:39:48.197root 11241100x8000000000000000401091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf61c32501754fec2021-12-21 10:39:48.197root 11241100x8000000000000000401092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62a19671191df1af2021-12-21 10:39:48.197root 11241100x8000000000000000401093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce500ec786bf78392021-12-21 10:39:48.197root 11241100x8000000000000000401094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96fac7d7a54503192021-12-21 10:39:48.197root 11241100x8000000000000000401095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b7d3021d48575812021-12-21 10:39:48.197root 11241100x8000000000000000401096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f332c16798c68c2021-12-21 10:39:48.198root 11241100x8000000000000000401097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45502149e23940912021-12-21 10:39:48.198root 11241100x8000000000000000401098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8216a2a5100958022021-12-21 10:39:48.198root 11241100x8000000000000000401099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ca2a15f10c90f12021-12-21 10:39:48.198root 11241100x8000000000000000401100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dbe37142a23756b2021-12-21 10:39:48.198root 11241100x8000000000000000401101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c6ec6142d1c9a92021-12-21 10:39:48.199root 11241100x8000000000000000401102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d887ca015bb891d2021-12-21 10:39:48.199root 11241100x8000000000000000401103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4613f36559e1a6752021-12-21 10:39:48.199root 11241100x8000000000000000401104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eadeca191b611ee2021-12-21 10:39:48.199root 11241100x8000000000000000401105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.375b7a5c74daf3572021-12-21 10:39:48.199root 154100x8000000000000000401106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.481{ec2b6afe-aef4-61c1-8042-173553560000}9757/bin/nano-----nano /etc/sudoers/home/ubuntuubuntu{ec2b6afe-aacb-61c1-e803-000000000000}10006no level-{ec2b6afe-aacb-61c1-0834-fdd63c560000}5677/bin/bash-bashubuntu 11241100x8000000000000000401107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.482{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30670886b1492e512021-12-21 10:39:48.482root 11241100x8000000000000000401108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.482{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a416fef5128775192021-12-21 10:39:48.482root 11241100x8000000000000000401109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.483{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dbfc8db351e6e1e2021-12-21 10:39:48.483root 11241100x8000000000000000401110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.483{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3637533461f1daa12021-12-21 10:39:48.483root 11241100x8000000000000000401111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.483{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca84bc0a2dddf7ef2021-12-21 10:39:48.483root 11241100x8000000000000000401112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.483{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee5e0418200cddb32021-12-21 10:39:48.483root 11241100x8000000000000000401113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.483{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.531c640e12e439af2021-12-21 10:39:48.483root 11241100x8000000000000000401114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.484{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfa11d9aed67cecd2021-12-21 10:39:48.484root 11241100x8000000000000000401115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.484{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72785960c2beaf402021-12-21 10:39:48.484root 11241100x8000000000000000401116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.484{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5853f686b3ac81d02021-12-21 10:39:48.484root 11241100x8000000000000000401117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.484{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb6a91bc7b4ce9f2021-12-21 10:39:48.484root 11241100x8000000000000000401118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.484{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe8e8af2a3c22562021-12-21 10:39:48.484root 11241100x8000000000000000401119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.485{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7506fbb803d720b62021-12-21 10:39:48.485root 11241100x8000000000000000401120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.485{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6995f2d40a17cec2021-12-21 10:39:48.485root 11241100x8000000000000000401121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.485{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10ed719ae5174432021-12-21 10:39:48.485root 11241100x8000000000000000401122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.485{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf5b538d481b85a2021-12-21 10:39:48.485root 11241100x8000000000000000401123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.485{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f86023c25ff03a2021-12-21 10:39:48.485root 11241100x8000000000000000401124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.486{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0709ef6a90a9767c2021-12-21 10:39:48.486root 11241100x8000000000000000401125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.486{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc44ce272ec8b7b2021-12-21 10:39:48.486root 11241100x8000000000000000401126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.486{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbfc62997b5c45cd2021-12-21 10:39:48.486root 11241100x8000000000000000401127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.486{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db7dde505224d9b2021-12-21 10:39:48.486root 11241100x8000000000000000401128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.486{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87916d3a8b1110ae2021-12-21 10:39:48.486root 11241100x8000000000000000401129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.486{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f1a6df1b59f4bf2021-12-21 10:39:48.486root 11241100x8000000000000000401130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.487{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb43da679647ecf2021-12-21 10:39:48.487root 11241100x8000000000000000401131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.487{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b0477377f75a102021-12-21 10:39:48.487root 11241100x8000000000000000401132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.487{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dece97a8dfdbc3302021-12-21 10:39:48.487root 11241100x8000000000000000401133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.487{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af219d3c890ad5c2021-12-21 10:39:48.487root 11241100x8000000000000000401134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.487{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c727a73da4315fbc2021-12-21 10:39:48.487root 11241100x8000000000000000401135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.488{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0201f30d7c4be4952021-12-21 10:39:48.488root 11241100x8000000000000000401136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.488{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d5c0bef40863e802021-12-21 10:39:48.488root 11241100x8000000000000000401137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.488{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5173c8e65da01de22021-12-21 10:39:48.488root 11241100x8000000000000000401138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.488{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14689274b2f307bf2021-12-21 10:39:48.488root 11241100x8000000000000000401139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.488{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d83d75cedfa252682021-12-21 10:39:48.488root 11241100x8000000000000000401140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.489{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ffe69f7a161eb82021-12-21 10:39:48.489root 11241100x8000000000000000401141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.489{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bb59e47562ed3b22021-12-21 10:39:48.489root 11241100x8000000000000000401142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.489{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3319ec922d1074f2021-12-21 10:39:48.489root 11241100x8000000000000000401143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.489{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.240eb3a191a8dc3c2021-12-21 10:39:48.489root 11241100x8000000000000000401144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.489{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a100ef50ff20d4142021-12-21 10:39:48.489root 11241100x8000000000000000401145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.490{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96189dc66d0335c72021-12-21 10:39:48.490root 11241100x8000000000000000401146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.490{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0161df758806fc22021-12-21 10:39:48.490root 11241100x8000000000000000401147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.490{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2463c23b0ca9fd0c2021-12-21 10:39:48.490root 11241100x8000000000000000401148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.490{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8448d84f621b1ef2021-12-21 10:39:48.490root 11241100x8000000000000000401149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.490{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e0ce2bd27e45142021-12-21 10:39:48.490root 11241100x8000000000000000401150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.491{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a65c2cab10db1ba22021-12-21 10:39:48.491root 11241100x8000000000000000401151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.491{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e8a4a320fcd8132021-12-21 10:39:48.491root 11241100x8000000000000000401152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.491{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e1c41325d7625e2021-12-21 10:39:48.491root 11241100x8000000000000000401153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.492{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f7255fbe3b88582021-12-21 10:39:48.492root 11241100x8000000000000000401154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.492{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cee41ba024a0cc72021-12-21 10:39:48.492root 11241100x8000000000000000401155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.492{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd7d6de87ee75f8d2021-12-21 10:39:48.492root 11241100x8000000000000000401156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.492{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1835760b0b567e32021-12-21 10:39:48.492root 11241100x8000000000000000401157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.492{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e6c92e3d0767df2021-12-21 10:39:48.492root 11241100x8000000000000000401158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.493{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0db61bc8b899f002021-12-21 10:39:48.493root 11241100x8000000000000000401159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.493{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a366d927d3346292021-12-21 10:39:48.493root 11241100x8000000000000000401160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.493{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b79e9a79cab89502021-12-21 10:39:48.493root 11241100x8000000000000000401161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.493{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d33008e3aea9cf532021-12-21 10:39:48.493root 11241100x8000000000000000401162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.493{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6723634fe308172021-12-21 10:39:48.493root 11241100x8000000000000000401163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.494{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f5650a90664d86e2021-12-21 10:39:48.494root 11241100x8000000000000000401164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.494{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.546c111b5a0aa7822021-12-21 10:39:48.494root 11241100x8000000000000000401165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.494{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b648e7b1039f292021-12-21 10:39:48.494root 11241100x8000000000000000401166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.494{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99315477aa8abd112021-12-21 10:39:48.494root 11241100x8000000000000000401167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.494{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7823d9e94dae0c112021-12-21 10:39:48.494root 11241100x8000000000000000401168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.494{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b011e8e93ee5cf2021-12-21 10:39:48.494root 11241100x8000000000000000401169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.495{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92fd3b79dd94ca082021-12-21 10:39:48.495root 11241100x8000000000000000401170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.495{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.116eca8b655366af2021-12-21 10:39:48.495root 11241100x8000000000000000401171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.495{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b2c59decbf99e12021-12-21 10:39:48.495root 11241100x8000000000000000401172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.495{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0383a0861a7f6c2021-12-21 10:39:48.495root 11241100x8000000000000000401173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.495{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a09bf70d85848042021-12-21 10:39:48.495root 11241100x8000000000000000401174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.495{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0a0e42f0349f22b2021-12-21 10:39:48.495root 11241100x8000000000000000401175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.496{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.912eab5ba314ec8d2021-12-21 10:39:48.496root 11241100x8000000000000000401176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.496{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b48a55c1bdcd67cf2021-12-21 10:39:48.496root 11241100x8000000000000000401177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.496{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1547482d304efa9d2021-12-21 10:39:48.496root 11241100x8000000000000000401178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.496{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8280ad42159e90192021-12-21 10:39:48.496root 11241100x8000000000000000401179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.496{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f2dca55a10a20fd2021-12-21 10:39:48.496root 11241100x8000000000000000401180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.496{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9d0f61df598ff62021-12-21 10:39:48.496root 11241100x8000000000000000401181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.497{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d47df5d23ed654c32021-12-21 10:39:48.497root 11241100x8000000000000000401182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.497{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9551da2693516c092021-12-21 10:39:48.497root 11241100x8000000000000000401183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.497{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.805291659b324c942021-12-21 10:39:48.497root 11241100x8000000000000000401184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.497{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c386236574fdd9d12021-12-21 10:39:48.497root 11241100x8000000000000000401185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.497{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d39a98a4143c94f32021-12-21 10:39:48.497root 11241100x8000000000000000401186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.498{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c1243f5a5e7cd72021-12-21 10:39:48.498root 11241100x8000000000000000401187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.498{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f1181d7e3ee4eb2021-12-21 10:39:48.498root 11241100x8000000000000000401188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.498{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d71a718a9838c9822021-12-21 10:39:48.498root 11241100x8000000000000000401189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.498{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f85cef1d5aa5be1e2021-12-21 10:39:48.498root 11241100x8000000000000000401190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.498{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7cb1c69041d140d2021-12-21 10:39:48.498root 11241100x8000000000000000401191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.498{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa6f677562daa602021-12-21 10:39:48.498root 11241100x8000000000000000401192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.498{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee5fc20130cbf262021-12-21 10:39:48.498root 11241100x8000000000000000401193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.498{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec43a40caf0d75e2021-12-21 10:39:48.498root 11241100x8000000000000000401194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc303d44426cfe182021-12-21 10:39:48.943root 11241100x8000000000000000401195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b266f531262fb0f02021-12-21 10:39:48.943root 11241100x8000000000000000401196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf8bf4835383afc02021-12-21 10:39:48.943root 11241100x8000000000000000401197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c2b2c80c212c642021-12-21 10:39:48.943root 11241100x8000000000000000401198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e70bbc05351c6fd2021-12-21 10:39:48.944root 11241100x8000000000000000401199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.107fa718bb99f1202021-12-21 10:39:48.944root 11241100x8000000000000000401200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.597dc676f7f990412021-12-21 10:39:48.944root 11241100x8000000000000000401201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f5a6288d7f3f4432021-12-21 10:39:48.945root 11241100x8000000000000000401202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31998cfb2a00d6632021-12-21 10:39:48.945root 11241100x8000000000000000401203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c24cfa459218472021-12-21 10:39:48.945root 11241100x8000000000000000401204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d762930a14317d2021-12-21 10:39:48.945root 11241100x8000000000000000401205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db5779468b6f4e1f2021-12-21 10:39:48.945root 11241100x8000000000000000401206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb146a2c0d53ef92021-12-21 10:39:48.945root 11241100x8000000000000000401207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.488ffc7b1cc63eb02021-12-21 10:39:48.945root 11241100x8000000000000000401208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.077549aca89b1aef2021-12-21 10:39:48.945root 11241100x8000000000000000401209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.988a7fa6e19e6bf72021-12-21 10:39:48.945root 11241100x8000000000000000401210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f183032b82f1092021-12-21 10:39:48.945root 11241100x8000000000000000401211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d362857f76880e2021-12-21 10:39:48.945root 11241100x8000000000000000401212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad3dc72f947cb5e92021-12-21 10:39:48.945root 11241100x8000000000000000401213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a53f11a692943e092021-12-21 10:39:48.945root 11241100x8000000000000000401214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b2b688ead8b780b2021-12-21 10:39:48.945root 11241100x8000000000000000401215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53067e1dd4e05daf2021-12-21 10:39:48.946root 11241100x8000000000000000401216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.777637b5534a1b732021-12-21 10:39:48.946root 11241100x8000000000000000401217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32caebd4a70771072021-12-21 10:39:48.946root 11241100x8000000000000000401218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.474b54d4b6d832c02021-12-21 10:39:48.946root 11241100x8000000000000000401219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad93ab43f85272ac2021-12-21 10:39:48.946root 11241100x8000000000000000401220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.676abb9efff0b04e2021-12-21 10:39:48.946root 11241100x8000000000000000401221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ffb7abb63c691c2021-12-21 10:39:48.946root 11241100x8000000000000000401222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec6480eebb0296012021-12-21 10:39:48.946root 11241100x8000000000000000401223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df7c1f59d43694922021-12-21 10:39:48.946root 11241100x8000000000000000401224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6797b112393db9f2021-12-21 10:39:48.947root 11241100x8000000000000000401225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2b58f7a7cef25ec2021-12-21 10:39:48.947root 11241100x8000000000000000401226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.972228b562eda04f2021-12-21 10:39:48.947root 11241100x8000000000000000401227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed70df376c712ddf2021-12-21 10:39:48.947root 354300x8000000000000000401228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.143{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47422-false10.0.1.12-8000- 11241100x8000000000000000401229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5155664a697da4692021-12-21 10:39:49.443root 11241100x8000000000000000401230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2100db07a41108032021-12-21 10:39:49.443root 11241100x8000000000000000401231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e1236a711148cf12021-12-21 10:39:49.443root 11241100x8000000000000000401232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e031ce7209a114142021-12-21 10:39:49.443root 11241100x8000000000000000401233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.052329a9569167d32021-12-21 10:39:49.443root 11241100x8000000000000000401234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e36849be7bb2592021-12-21 10:39:49.443root 11241100x8000000000000000401235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41842ffdb0208f172021-12-21 10:39:49.443root 11241100x8000000000000000401236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e5cb5fd6e9fc0c22021-12-21 10:39:49.444root 11241100x8000000000000000401237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f87af7a6e2cf6a322021-12-21 10:39:49.444root 11241100x8000000000000000401238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.514280bd1a10d8442021-12-21 10:39:49.444root 11241100x8000000000000000401239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63d97e5426ce9ef52021-12-21 10:39:49.444root 11241100x8000000000000000401240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c241295577a2d3152021-12-21 10:39:49.444root 11241100x8000000000000000401241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e22822324b5a18622021-12-21 10:39:49.444root 11241100x8000000000000000401242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f30ffe3920788cce2021-12-21 10:39:49.444root 11241100x8000000000000000401243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a38badef24b96632021-12-21 10:39:49.444root 11241100x8000000000000000401244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59bfc2816cb3040d2021-12-21 10:39:49.444root 11241100x8000000000000000401245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.befef420bbc67a942021-12-21 10:39:49.444root 11241100x8000000000000000401246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eec6da10969316f2021-12-21 10:39:49.445root 11241100x8000000000000000401247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af2309ddcbd216272021-12-21 10:39:49.445root 11241100x8000000000000000401248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.947ea377f743f01b2021-12-21 10:39:49.445root 11241100x8000000000000000401249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ec0191c29ecd8f2021-12-21 10:39:49.445root 11241100x8000000000000000401250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.124ca7cb21339d832021-12-21 10:39:49.445root 11241100x8000000000000000401251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c481c187059fa02021-12-21 10:39:49.445root 11241100x8000000000000000401252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6d2bebd3551a76d2021-12-21 10:39:49.445root 11241100x8000000000000000401253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2f11e727f9ff5a32021-12-21 10:39:49.445root 11241100x8000000000000000401254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfaca740a8e4392e2021-12-21 10:39:49.445root 11241100x8000000000000000401255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0790aac61dd81f2021-12-21 10:39:49.445root 11241100x8000000000000000401256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f1ec01e19778ade2021-12-21 10:39:49.445root 11241100x8000000000000000401257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41aedfaa8fb41c192021-12-21 10:39:49.445root 11241100x8000000000000000401258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef59cdca7431cbd12021-12-21 10:39:49.445root 11241100x8000000000000000401259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad20c67e96ab7b8b2021-12-21 10:39:49.445root 11241100x8000000000000000401260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2822d46b532fbaa62021-12-21 10:39:49.445root 11241100x8000000000000000401261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e041d772eb8904fc2021-12-21 10:39:49.446root 11241100x8000000000000000401262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0583527ae0052172021-12-21 10:39:49.446root 11241100x8000000000000000401263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec0e989198d77c82021-12-21 10:39:49.446root 11241100x8000000000000000401264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331d9ef7da9f3e962021-12-21 10:39:49.446root 11241100x8000000000000000401265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcabd4f029fe4df82021-12-21 10:39:49.446root 11241100x8000000000000000401266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f6fc1e27787b55d2021-12-21 10:39:49.446root 11241100x8000000000000000401267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b165cc49ff3ff22021-12-21 10:39:49.446root 11241100x8000000000000000401268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b382cb38ad95a4632021-12-21 10:39:49.446root 11241100x8000000000000000401269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1afeb2b476444dd2021-12-21 10:39:49.446root 11241100x8000000000000000401270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c791991cdd01f8832021-12-21 10:39:49.446root 11241100x8000000000000000401271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b180ea711f0eae2021-12-21 10:39:49.446root 11241100x8000000000000000401272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f03503cc76f7bb512021-12-21 10:39:49.446root 11241100x8000000000000000401273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0060f7e50a262e42021-12-21 10:39:49.446root 11241100x8000000000000000401274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79455013f7db40ec2021-12-21 10:39:49.446root 11241100x8000000000000000401275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b596b830743368d42021-12-21 10:39:49.446root 11241100x8000000000000000401276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3693b72fd93b24d82021-12-21 10:39:49.446root 11241100x8000000000000000401277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb2002f40ef54622021-12-21 10:39:49.943root 11241100x8000000000000000401278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed7f7c9a2cb1913d2021-12-21 10:39:49.943root 11241100x8000000000000000401279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e43bd0c255a0652021-12-21 10:39:49.943root 11241100x8000000000000000401280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad13fe87472c1102021-12-21 10:39:49.943root 11241100x8000000000000000401281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfcfee23e2ae740a2021-12-21 10:39:49.944root 11241100x8000000000000000401282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf8656b98b63d9b2021-12-21 10:39:49.944root 11241100x8000000000000000401283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d9e438f1c5caee92021-12-21 10:39:49.944root 11241100x8000000000000000401284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c53207c764888fc2021-12-21 10:39:49.944root 11241100x8000000000000000401285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.164cc85f257a93052021-12-21 10:39:49.944root 11241100x8000000000000000401286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f40a0fcc1ef65c82021-12-21 10:39:49.944root 11241100x8000000000000000401287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce47741c1e8589f2021-12-21 10:39:49.944root 11241100x8000000000000000401288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f43d16ed4c4f2dc62021-12-21 10:39:49.944root 11241100x8000000000000000401289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee210ec645571952021-12-21 10:39:49.944root 11241100x8000000000000000401290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a052285ae3b1afaa2021-12-21 10:39:49.944root 11241100x8000000000000000401291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a9a62c4f1465bc2021-12-21 10:39:49.945root 11241100x8000000000000000401292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3896639d6454c6c2021-12-21 10:39:49.945root 11241100x8000000000000000401293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c65328dfa2ecd282021-12-21 10:39:49.945root 11241100x8000000000000000401294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7cb9b80d0201eb32021-12-21 10:39:49.945root 11241100x8000000000000000401295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.661b1eefd77f86992021-12-21 10:39:49.945root 11241100x8000000000000000401296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb5e8416bb198e3e2021-12-21 10:39:49.945root 11241100x8000000000000000401297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.092048fe809f5e882021-12-21 10:39:49.945root 11241100x8000000000000000401298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f606099eef282642021-12-21 10:39:49.945root 11241100x8000000000000000401299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a8f901cd66a1492021-12-21 10:39:49.945root 11241100x8000000000000000401300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fb09b7f17be02c02021-12-21 10:39:49.945root 11241100x8000000000000000401301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a58fb9270f81d1c2021-12-21 10:39:49.946root 11241100x8000000000000000401302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a124c5e5acc422132021-12-21 10:39:49.946root 11241100x8000000000000000401303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a60af1fc81e53182021-12-21 10:39:49.946root 11241100x8000000000000000401304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc64aba0c610736f2021-12-21 10:39:49.946root 11241100x8000000000000000401305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa2c65e25f5d2852021-12-21 10:39:49.946root 11241100x8000000000000000401306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f22afcdb8087ea972021-12-21 10:39:49.946root 11241100x8000000000000000401307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ad46e9784e052b52021-12-21 10:39:49.946root 11241100x8000000000000000401308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f10c23cd10a3d6d2021-12-21 10:39:49.946root 11241100x8000000000000000401309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:49.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f307a62a6637d0c22021-12-21 10:39:49.947root 534500x8000000000000000401310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.233{ec2b6afe-aef4-61c1-8042-173553560000}9757/bin/nanoubuntu 11241100x8000000000000000401311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.233{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa63b84ffa48a5d32021-12-21 10:39:50.233root 11241100x8000000000000000401312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.622c72367fbf37262021-12-21 10:39:50.234root 11241100x8000000000000000401313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d0644bbf2181e92021-12-21 10:39:50.234root 11241100x8000000000000000401314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3965a9b4dd3aa7f2021-12-21 10:39:50.234root 11241100x8000000000000000401315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c302ebdb71fca22021-12-21 10:39:50.234root 11241100x8000000000000000401316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d27ea79a699938312021-12-21 10:39:50.234root 11241100x8000000000000000401317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874748d2625bb0332021-12-21 10:39:50.234root 11241100x8000000000000000401318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db7f95f454148b1c2021-12-21 10:39:50.234root 11241100x8000000000000000401319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.863b61d7b1f74bbd2021-12-21 10:39:50.234root 11241100x8000000000000000401320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8ee725e1d4473d52021-12-21 10:39:50.234root 11241100x8000000000000000401321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d348035616d72ab2021-12-21 10:39:50.234root 11241100x8000000000000000401322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f37d6f42c4d8292021-12-21 10:39:50.234root 11241100x8000000000000000401323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49e0d160e080a8cb2021-12-21 10:39:50.234root 11241100x8000000000000000401324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc310070af8171a2021-12-21 10:39:50.234root 11241100x8000000000000000401325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f9c95082558c1af2021-12-21 10:39:50.235root 11241100x8000000000000000401326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.473c6cb86b1cd8b72021-12-21 10:39:50.235root 11241100x8000000000000000401327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f482c42cd7338d2021-12-21 10:39:50.235root 11241100x8000000000000000401328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a26f9cc82e5457df2021-12-21 10:39:50.235root 11241100x8000000000000000401329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.794a79937c004a042021-12-21 10:39:50.235root 11241100x8000000000000000401330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7624255984f8b5d32021-12-21 10:39:50.235root 11241100x8000000000000000401331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce203d4811ec39c22021-12-21 10:39:50.235root 11241100x8000000000000000401332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5dad6148a9158b62021-12-21 10:39:50.235root 11241100x8000000000000000401333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.315b43d68c8730272021-12-21 10:39:50.235root 11241100x8000000000000000401334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a19a385c4a641b22021-12-21 10:39:50.236root 11241100x8000000000000000401335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.622a35989bdccfe42021-12-21 10:39:50.236root 11241100x8000000000000000401336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36ef3ad59bf38abb2021-12-21 10:39:50.236root 11241100x8000000000000000401337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.097473ee17e64ede2021-12-21 10:39:50.236root 11241100x8000000000000000401338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6818c2841e8231a2021-12-21 10:39:50.236root 11241100x8000000000000000401339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a551af289f5d24622021-12-21 10:39:50.236root 11241100x8000000000000000401340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6b5a7e36441cd9c2021-12-21 10:39:50.236root 11241100x8000000000000000401341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.836eff44766e11c32021-12-21 10:39:50.236root 11241100x8000000000000000401342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa5a69e17584962a2021-12-21 10:39:50.236root 11241100x8000000000000000401343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.890ba6844f71f2e02021-12-21 10:39:50.236root 11241100x8000000000000000401344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e133dc8c2c3d8b2021-12-21 10:39:50.236root 11241100x8000000000000000401345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e786ece3005d782021-12-21 10:39:50.237root 11241100x8000000000000000401346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dbe9a4b49dfd8392021-12-21 10:39:50.237root 11241100x8000000000000000401347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0561609da89883db2021-12-21 10:39:50.237root 11241100x8000000000000000401348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d33625816af82a182021-12-21 10:39:50.237root 11241100x8000000000000000401349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c44d9a8e15df04f72021-12-21 10:39:50.238root 11241100x8000000000000000401350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08361f1000c571b82021-12-21 10:39:50.238root 11241100x8000000000000000401351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf8a280f35bc31e2021-12-21 10:39:50.238root 11241100x8000000000000000401352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eeb5d9a7b1ed6a42021-12-21 10:39:50.238root 11241100x8000000000000000401353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c8bcb0ca36d3c52021-12-21 10:39:50.239root 11241100x8000000000000000401354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.102c0fbda27a16662021-12-21 10:39:50.239root 11241100x8000000000000000401355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f1a094bb72522b52021-12-21 10:39:50.239root 11241100x8000000000000000401356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b700d9ac1c3e71dd2021-12-21 10:39:50.240root 11241100x8000000000000000401357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a7726771612ac32021-12-21 10:39:50.240root 11241100x8000000000000000401358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d56f1a0f049ad92021-12-21 10:39:50.240root 11241100x8000000000000000401359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a506be9baf1506182021-12-21 10:39:50.241root 11241100x8000000000000000401360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fbb44e2593da04e2021-12-21 10:39:50.241root 11241100x8000000000000000401361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb08b70ef5b53c82021-12-21 10:39:50.241root 11241100x8000000000000000401362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18b8965d0b2ef022021-12-21 10:39:50.242root 11241100x8000000000000000401363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd54d756429f0c382021-12-21 10:39:50.693root 11241100x8000000000000000401364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98325d3b0857bb4c2021-12-21 10:39:50.693root 11241100x8000000000000000401365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa41dc1d0145e6492021-12-21 10:39:50.693root 11241100x8000000000000000401366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4b0c92d680785222021-12-21 10:39:50.693root 11241100x8000000000000000401367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd056b3d50252d7b2021-12-21 10:39:50.693root 11241100x8000000000000000401368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0042d3875d7200832021-12-21 10:39:50.693root 11241100x8000000000000000401369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.042f012987ea79c42021-12-21 10:39:50.694root 11241100x8000000000000000401370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab797d2aab29513e2021-12-21 10:39:50.694root 11241100x8000000000000000401371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.662c7eb3275ab18f2021-12-21 10:39:50.694root 11241100x8000000000000000401372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a7b15c5007eac1a2021-12-21 10:39:50.694root 11241100x8000000000000000401373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a8fe78664fab40b2021-12-21 10:39:50.694root 11241100x8000000000000000401374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.729d6697b31d05f22021-12-21 10:39:50.694root 11241100x8000000000000000401375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b6666fe4a7b8bd2021-12-21 10:39:50.694root 11241100x8000000000000000401376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc8c8c1d784199162021-12-21 10:39:50.694root 11241100x8000000000000000401377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.801185f5aca9bca12021-12-21 10:39:50.695root 11241100x8000000000000000401378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c02b7e3cdc9ced232021-12-21 10:39:50.695root 11241100x8000000000000000401379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f624613cf48e8e02021-12-21 10:39:50.695root 11241100x8000000000000000401380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0290704d39375aac2021-12-21 10:39:50.695root 11241100x8000000000000000401381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e1d9c80119992482021-12-21 10:39:50.696root 11241100x8000000000000000401382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6dc296d704486cf2021-12-21 10:39:50.696root 11241100x8000000000000000401383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7df022f972044932021-12-21 10:39:50.696root 11241100x8000000000000000401384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff1dffa179c5d8912021-12-21 10:39:50.696root 11241100x8000000000000000401385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c40b6cb262e6d52021-12-21 10:39:50.696root 11241100x8000000000000000401386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ea44c1b3806e022021-12-21 10:39:50.697root 11241100x8000000000000000401387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c128b99ef11d49892021-12-21 10:39:50.697root 11241100x8000000000000000401388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.496f86573a61d3512021-12-21 10:39:50.697root 11241100x8000000000000000401389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37752f6d17eb02652021-12-21 10:39:50.697root 11241100x8000000000000000401390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bbabc0c2bc42b322021-12-21 10:39:50.697root 11241100x8000000000000000401391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c19cb097985a0f2021-12-21 10:39:50.698root 11241100x8000000000000000401392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2262593df85d54ea2021-12-21 10:39:50.698root 11241100x8000000000000000401393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c44db0492e7d3b9c2021-12-21 10:39:50.698root 11241100x8000000000000000401394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f44aada7635354272021-12-21 10:39:50.698root 11241100x8000000000000000401395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a1074ec98626a02021-12-21 10:39:50.698root 11241100x8000000000000000401396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.085fd370ee6fea9b2021-12-21 10:39:50.698root 11241100x8000000000000000401397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0699fdb575cbee7b2021-12-21 10:39:50.698root 11241100x8000000000000000401398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f2023d8b0e5559c2021-12-21 10:39:50.698root 11241100x8000000000000000401399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e7d181900e6d8b2021-12-21 10:39:50.698root 11241100x8000000000000000401400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db32ed4b963df2b32021-12-21 10:39:50.698root 11241100x8000000000000000401401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f0324bd3a5047b2021-12-21 10:39:50.699root 11241100x8000000000000000401402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7b8bc1d205ff98b2021-12-21 10:39:50.699root 11241100x8000000000000000401403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a2504f99dd9572a2021-12-21 10:39:50.699root 11241100x8000000000000000401404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.907fb0a5b44870952021-12-21 10:39:50.699root 11241100x8000000000000000401405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e853df16170b9ae2021-12-21 10:39:50.699root 11241100x8000000000000000401406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09496f4768f457892021-12-21 10:39:50.699root 11241100x8000000000000000401407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8825f6b6099b3da2021-12-21 10:39:50.699root 11241100x8000000000000000401408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2931b7743f7ac0872021-12-21 10:39:50.699root 11241100x8000000000000000401409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2dfecd9ed44c2f2021-12-21 10:39:50.700root 11241100x8000000000000000401410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fbcabe8864577992021-12-21 10:39:50.700root 11241100x8000000000000000401411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc9c87c5712126b2021-12-21 10:39:50.700root 11241100x8000000000000000401412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e7c5a2cfd1c4dd2021-12-21 10:39:50.700root 11241100x8000000000000000401413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f50dc09af682cd3f2021-12-21 10:39:50.700root 11241100x8000000000000000401414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.819501f6d6b3367e2021-12-21 10:39:50.700root 11241100x8000000000000000401415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c150becc60b3222021-12-21 10:39:50.700root 11241100x8000000000000000401416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e2d9da57638c3f22021-12-21 10:39:50.700root 11241100x8000000000000000401417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7ffb61ceaf6fafa2021-12-21 10:39:50.700root 11241100x8000000000000000401418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6982e53e2ef0a14d2021-12-21 10:39:50.700root 11241100x8000000000000000401419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b47cd031db12ac82021-12-21 10:39:50.700root 11241100x8000000000000000401420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0e2182d505a5202021-12-21 10:39:50.701root 11241100x8000000000000000401421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6482ebc9e1f9b0a2021-12-21 10:39:50.701root 11241100x8000000000000000401422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:50.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be8ca70b044183e62021-12-21 10:39:50.701root 11241100x8000000000000000401423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8331c13897bd378c2021-12-21 10:39:51.193root 11241100x8000000000000000401424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0663b7e5c4a7d5b2021-12-21 10:39:51.193root 11241100x8000000000000000401425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e5ce45276ba98752021-12-21 10:39:51.193root 11241100x8000000000000000401426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e00f579acf0e7ed92021-12-21 10:39:51.193root 11241100x8000000000000000401427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.754f30484e37f0e82021-12-21 10:39:51.193root 11241100x8000000000000000401428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d570dd16bd0ccdbb2021-12-21 10:39:51.193root 11241100x8000000000000000401429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1312f991ab2153492021-12-21 10:39:51.193root 11241100x8000000000000000401430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0209f2b71ff3cafe2021-12-21 10:39:51.193root 11241100x8000000000000000401431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9739709a10f5102021-12-21 10:39:51.193root 11241100x8000000000000000401432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f67ccd019065c0c12021-12-21 10:39:51.194root 11241100x8000000000000000401433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12c9b66331a5504e2021-12-21 10:39:51.194root 11241100x8000000000000000401434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af8b40bb90928adc2021-12-21 10:39:51.194root 11241100x8000000000000000401435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c1c94b75e252dd42021-12-21 10:39:51.194root 11241100x8000000000000000401436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c33ccae07e0888c92021-12-21 10:39:51.194root 11241100x8000000000000000401437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9c0173f81651d12021-12-21 10:39:51.194root 11241100x8000000000000000401438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deffe9b805ffd94f2021-12-21 10:39:51.194root 11241100x8000000000000000401439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07b8b71fe38b5c3d2021-12-21 10:39:51.194root 11241100x8000000000000000401440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f5cc6c4e364eb92021-12-21 10:39:51.194root 11241100x8000000000000000401441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b1dddccae699f52021-12-21 10:39:51.194root 11241100x8000000000000000401442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.262091b121b4ce5c2021-12-21 10:39:51.195root 11241100x8000000000000000401443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.215bf82a545185382021-12-21 10:39:51.195root 11241100x8000000000000000401444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbff11e7337c5be12021-12-21 10:39:51.195root 11241100x8000000000000000401445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f52e787b4d2c56b82021-12-21 10:39:51.195root 11241100x8000000000000000401446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf82bba19b3ac8382021-12-21 10:39:51.195root 11241100x8000000000000000401447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f16d4daa0b1e9b2021-12-21 10:39:51.195root 11241100x8000000000000000401448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a65fc97da1746362021-12-21 10:39:51.196root 11241100x8000000000000000401449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8586a01e5c5efe882021-12-21 10:39:51.196root 11241100x8000000000000000401450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eae2c83776d53a62021-12-21 10:39:51.196root 11241100x8000000000000000401451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430052a8359825062021-12-21 10:39:51.196root 11241100x8000000000000000401452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5604368ab16ee70c2021-12-21 10:39:51.196root 11241100x8000000000000000401453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bff19346bcb1ace2021-12-21 10:39:51.197root 11241100x8000000000000000401454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c96e3095fdc9a332021-12-21 10:39:51.197root 11241100x8000000000000000401455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.449da6bfb8fb84ee2021-12-21 10:39:51.197root 11241100x8000000000000000401456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9018c184bac4d71b2021-12-21 10:39:51.197root 11241100x8000000000000000401457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a5f554dd26f2932021-12-21 10:39:51.197root 11241100x8000000000000000401458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1747a992d5490cd52021-12-21 10:39:51.197root 11241100x8000000000000000401459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb130b2b6d737272021-12-21 10:39:51.197root 11241100x8000000000000000401460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e75ccebbbf6d17c2021-12-21 10:39:51.198root 11241100x8000000000000000401461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cca0e376e4c6e24f2021-12-21 10:39:51.198root 11241100x8000000000000000401462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0de1911c9ef253e2021-12-21 10:39:51.198root 11241100x8000000000000000401463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b0eeedea115a852021-12-21 10:39:51.198root 11241100x8000000000000000401464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.295fd1f56ccd4ee22021-12-21 10:39:51.693root 11241100x8000000000000000401465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77183d3ff174fcab2021-12-21 10:39:51.693root 11241100x8000000000000000401466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e027e642d079fde2021-12-21 10:39:51.693root 11241100x8000000000000000401467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d35011bfc6e6b16d2021-12-21 10:39:51.693root 11241100x8000000000000000401468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2a4312fc7900002021-12-21 10:39:51.693root 11241100x8000000000000000401469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ca43a66dc301272021-12-21 10:39:51.693root 11241100x8000000000000000401470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31bc0a93b13ce2fc2021-12-21 10:39:51.693root 11241100x8000000000000000401471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a8e1587a29cec72021-12-21 10:39:51.693root 11241100x8000000000000000401472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.093f6d66fc0c80bb2021-12-21 10:39:51.693root 11241100x8000000000000000401473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3337d21f7ff266422021-12-21 10:39:51.693root 11241100x8000000000000000401474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ea99ef69b972c862021-12-21 10:39:51.693root 11241100x8000000000000000401475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e3218007653a9312021-12-21 10:39:51.693root 11241100x8000000000000000401476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4a51d4656771f62021-12-21 10:39:51.694root 11241100x8000000000000000401477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8e4773780950482021-12-21 10:39:51.694root 11241100x8000000000000000401478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8770c6ba437bc6b2021-12-21 10:39:51.694root 11241100x8000000000000000401479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.471c71b2187a862f2021-12-21 10:39:51.694root 11241100x8000000000000000401480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.130253a8edff67122021-12-21 10:39:51.694root 11241100x8000000000000000401481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe77dccae505aff2021-12-21 10:39:51.694root 11241100x8000000000000000401482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1947e2dd1c5e3d452021-12-21 10:39:51.694root 11241100x8000000000000000401483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91f75b5c7f78a0d42021-12-21 10:39:51.694root 11241100x8000000000000000401484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.226825db7e08ed9b2021-12-21 10:39:51.694root 11241100x8000000000000000401485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bebaa72d383d77582021-12-21 10:39:51.694root 11241100x8000000000000000401486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8262e462a05a8de2021-12-21 10:39:51.694root 11241100x8000000000000000401487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62bbe22bce115db52021-12-21 10:39:51.694root 11241100x8000000000000000401488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3265cd7f876a61492021-12-21 10:39:51.694root 11241100x8000000000000000401489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7e7ceeab1abbc762021-12-21 10:39:51.694root 11241100x8000000000000000401490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374a47356ae7869b2021-12-21 10:39:51.694root 11241100x8000000000000000401491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2faaf8a096f23152021-12-21 10:39:51.694root 11241100x8000000000000000401492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825a048531abf3c92021-12-21 10:39:51.695root 11241100x8000000000000000401493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.490ff8972895f95c2021-12-21 10:39:51.695root 11241100x8000000000000000401494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ab2d95bbb0ffd482021-12-21 10:39:51.695root 11241100x8000000000000000401495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc85e7167ccfe9cd2021-12-21 10:39:51.695root 11241100x8000000000000000401496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a4e9aa7304861422021-12-21 10:39:51.695root 11241100x8000000000000000401497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90429b575af7d4c22021-12-21 10:39:51.695root 11241100x8000000000000000401498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9697b2ee6907b522021-12-21 10:39:51.695root 11241100x8000000000000000401499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a2f21f262d139af2021-12-21 10:39:51.695root 11241100x8000000000000000401500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d866feb5e226eb822021-12-21 10:39:51.695root 11241100x8000000000000000401501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d52fde69a426a22021-12-21 10:39:51.695root 11241100x8000000000000000401502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8857d22b7f6972462021-12-21 10:39:51.695root 11241100x8000000000000000401503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb448b278c98be582021-12-21 10:39:51.696root 11241100x8000000000000000401504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d520938d0db2b642021-12-21 10:39:51.696root 11241100x8000000000000000401505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e46cf5eff4265d32021-12-21 10:39:51.696root 11241100x8000000000000000401506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f829dfd7045600242021-12-21 10:39:51.696root 11241100x8000000000000000401507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2025521a99a99552021-12-21 10:39:51.697root 11241100x8000000000000000401508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0644b8496a75df172021-12-21 10:39:51.697root 11241100x8000000000000000401509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e9fbe16dc9aaa92021-12-21 10:39:51.697root 11241100x8000000000000000401510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ffd36b765d58c542021-12-21 10:39:51.697root 11241100x8000000000000000401511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.680bf890f14d81502021-12-21 10:39:51.697root 11241100x8000000000000000401512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c7bf420e89471492021-12-21 10:39:51.697root 11241100x8000000000000000401513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.490c2c7b40546fa82021-12-21 10:39:51.697root 11241100x8000000000000000401514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a30a6140f008d4d42021-12-21 10:39:51.698root 11241100x8000000000000000401515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42e3aa5f375620ec2021-12-21 10:39:51.698root 11241100x8000000000000000401516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b5c9f0773b01592021-12-21 10:39:51.698root 11241100x8000000000000000401517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a036cc71a728f3722021-12-21 10:39:51.698root 11241100x8000000000000000401518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f48597af06f7b8112021-12-21 10:39:51.698root 11241100x8000000000000000401519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.447704604e9149012021-12-21 10:39:51.698root 11241100x8000000000000000401520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:51.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75003aa3c156cd582021-12-21 10:39:51.698root 11241100x8000000000000000401521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.884b391e74c545c32021-12-21 10:39:52.193root 11241100x8000000000000000401522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e6b01b4857e62992021-12-21 10:39:52.193root 11241100x8000000000000000401523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e67083ee7330512021-12-21 10:39:52.193root 11241100x8000000000000000401524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d83fdba4a84ec0042021-12-21 10:39:52.193root 11241100x8000000000000000401525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c7109855e69b0b2021-12-21 10:39:52.193root 11241100x8000000000000000401526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.460e9109ccdb67002021-12-21 10:39:52.193root 11241100x8000000000000000401527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7068c074c7209742021-12-21 10:39:52.193root 11241100x8000000000000000401528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d4cf834c562f452021-12-21 10:39:52.193root 11241100x8000000000000000401529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0578d097131410122021-12-21 10:39:52.193root 11241100x8000000000000000401530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f80c96578b9592922021-12-21 10:39:52.193root 11241100x8000000000000000401531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c0fe7415fce5dba2021-12-21 10:39:52.193root 11241100x8000000000000000401532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93568f72028238772021-12-21 10:39:52.193root 11241100x8000000000000000401533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.245b1de3af9b1c7a2021-12-21 10:39:52.193root 11241100x8000000000000000401534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2acd422af0eebe612021-12-21 10:39:52.193root 11241100x8000000000000000401535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60da3aaf6e1286962021-12-21 10:39:52.194root 11241100x8000000000000000401536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aebf651724071392021-12-21 10:39:52.194root 11241100x8000000000000000401537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.086b481a7e1c3b362021-12-21 10:39:52.194root 11241100x8000000000000000401538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcaa172dcf3ef5672021-12-21 10:39:52.194root 11241100x8000000000000000401539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.145a7b06d1354c162021-12-21 10:39:52.194root 11241100x8000000000000000401540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceafbe29372b57e12021-12-21 10:39:52.194root 11241100x8000000000000000401541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df6ccde001d0d6742021-12-21 10:39:52.194root 11241100x8000000000000000401542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5909536f7d1cf8f22021-12-21 10:39:52.194root 11241100x8000000000000000401543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a419d82f8edaf7f82021-12-21 10:39:52.194root 11241100x8000000000000000401544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.447b173d54ff818c2021-12-21 10:39:52.194root 11241100x8000000000000000401545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.983b5b95e9e7cf7a2021-12-21 10:39:52.194root 11241100x8000000000000000401546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d093ac2b2c48372021-12-21 10:39:52.194root 11241100x8000000000000000401547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.484b7d37a4c9addf2021-12-21 10:39:52.194root 11241100x8000000000000000401548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c866b4e95942472021-12-21 10:39:52.194root 11241100x8000000000000000401549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13392bc777ef9f9d2021-12-21 10:39:52.194root 11241100x8000000000000000401550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec6077548db87dc42021-12-21 10:39:52.194root 11241100x8000000000000000401551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e8c5a37fd4014b2021-12-21 10:39:52.195root 11241100x8000000000000000401552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c0e2c25728620e2021-12-21 10:39:52.195root 11241100x8000000000000000401553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a563bee9e4d4ab2021-12-21 10:39:52.195root 11241100x8000000000000000401554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee8fbb37b78a712a2021-12-21 10:39:52.195root 11241100x8000000000000000401555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b9b24e3a5f80732021-12-21 10:39:52.195root 11241100x8000000000000000401556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e6595cf698758d2021-12-21 10:39:52.195root 11241100x8000000000000000401557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3355f118b1a77aeb2021-12-21 10:39:52.195root 11241100x8000000000000000401558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6523f3d5ac7febc42021-12-21 10:39:52.195root 11241100x8000000000000000401559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eadf823f5e5cd5c62021-12-21 10:39:52.196root 11241100x8000000000000000401560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac27c0917854ff472021-12-21 10:39:52.196root 11241100x8000000000000000401561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebb0c7427d7bb0972021-12-21 10:39:52.692root 11241100x8000000000000000401562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa02bfd7c4222e82021-12-21 10:39:52.693root 11241100x8000000000000000401563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.161453eca51142732021-12-21 10:39:52.693root 11241100x8000000000000000401564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a77099629d27bf72021-12-21 10:39:52.693root 11241100x8000000000000000401565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d4c68610a955cd02021-12-21 10:39:52.693root 11241100x8000000000000000401566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca3a26e7f95f9a02021-12-21 10:39:52.693root 11241100x8000000000000000401567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aae74debdabd93b2021-12-21 10:39:52.693root 11241100x8000000000000000401568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af46eb7c5c1a9b202021-12-21 10:39:52.693root 11241100x8000000000000000401569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c742d5947c933feb2021-12-21 10:39:52.693root 11241100x8000000000000000401570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf7ae6298ac7c6e2021-12-21 10:39:52.694root 11241100x8000000000000000401571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e33a50d0fb8c4012021-12-21 10:39:52.694root 11241100x8000000000000000401572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b005f5fa85c6382021-12-21 10:39:52.694root 11241100x8000000000000000401573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c3b9be863c47e02021-12-21 10:39:52.694root 11241100x8000000000000000401574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b7c51a6d3d1edf2021-12-21 10:39:52.694root 11241100x8000000000000000401575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.248c45a69fbcd54e2021-12-21 10:39:52.694root 11241100x8000000000000000401576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b55a8ed9521b85a2021-12-21 10:39:52.694root 11241100x8000000000000000401577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7ed3d69c889c5832021-12-21 10:39:52.694root 11241100x8000000000000000401578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0901e961415c82ea2021-12-21 10:39:52.694root 11241100x8000000000000000401579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1153b1c748afb3102021-12-21 10:39:52.694root 11241100x8000000000000000401580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.084b63e2ff6391172021-12-21 10:39:52.695root 11241100x8000000000000000401581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79696b540a2ed5692021-12-21 10:39:52.695root 11241100x8000000000000000401582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe8ff70f930428d62021-12-21 10:39:52.695root 11241100x8000000000000000401583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e0799493972dfe2021-12-21 10:39:52.695root 11241100x8000000000000000401584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a8c41952603e542021-12-21 10:39:52.695root 11241100x8000000000000000401585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d72acdba4091f7002021-12-21 10:39:52.695root 11241100x8000000000000000401586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6652f88b6b3d44002021-12-21 10:39:52.695root 11241100x8000000000000000401587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5303f0f2e29be8be2021-12-21 10:39:52.695root 11241100x8000000000000000401588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.942958346c7d29852021-12-21 10:39:52.695root 11241100x8000000000000000401589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d54f18d886fd1bb2021-12-21 10:39:52.695root 11241100x8000000000000000401590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cc2f7b5289efe832021-12-21 10:39:52.696root 11241100x8000000000000000401591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874e94352a723bdb2021-12-21 10:39:52.696root 11241100x8000000000000000401592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d5c6bc09da9973c2021-12-21 10:39:52.696root 11241100x8000000000000000401593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5fea6b3185303d62021-12-21 10:39:52.696root 11241100x8000000000000000401594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7407b7c69cef50172021-12-21 10:39:52.696root 11241100x8000000000000000401595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85a5ae9514dcf3f72021-12-21 10:39:52.696root 11241100x8000000000000000401596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2667cb2f4533a7402021-12-21 10:39:52.696root 11241100x8000000000000000401597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03d3a6c1c210c782021-12-21 10:39:52.696root 11241100x8000000000000000401598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.373e25fce85708702021-12-21 10:39:52.697root 11241100x8000000000000000401599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd6844b254a1b62c2021-12-21 10:39:52.697root 11241100x8000000000000000401600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f24722b01fa4f062021-12-21 10:39:52.697root 11241100x8000000000000000401601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5251fdeb22579dab2021-12-21 10:39:52.697root 11241100x8000000000000000401602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f905b7b8566b82c72021-12-21 10:39:52.697root 11241100x8000000000000000401603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e52db520e425e12021-12-21 10:39:52.697root 11241100x8000000000000000401604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1dc7d31820ed5032021-12-21 10:39:52.697root 11241100x8000000000000000401605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dc324bc0a40d6722021-12-21 10:39:52.697root 11241100x8000000000000000401606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03351e4eb46d58222021-12-21 10:39:52.697root 11241100x8000000000000000401607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f79210471ed653a62021-12-21 10:39:52.697root 11241100x8000000000000000401608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18a3ca1c29ad6a82021-12-21 10:39:52.697root 11241100x8000000000000000401609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.672504ff4c62f6312021-12-21 10:39:52.697root 11241100x8000000000000000401610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b4178e73dc0c262021-12-21 10:39:52.698root 11241100x8000000000000000401611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:52.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daedb5fda31ccfd22021-12-21 10:39:52.698root 11241100x8000000000000000401612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b991ff72a70ca7a2021-12-21 10:39:53.193root 11241100x8000000000000000401613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a43829aa97643c652021-12-21 10:39:53.193root 11241100x8000000000000000401614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed6ed4086802734b2021-12-21 10:39:53.194root 11241100x8000000000000000401615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a55ec178d1109ee2021-12-21 10:39:53.194root 11241100x8000000000000000401616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8926523d6bd0e3eb2021-12-21 10:39:53.194root 11241100x8000000000000000401617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fade9c969af7fe432021-12-21 10:39:53.194root 11241100x8000000000000000401618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d18c58379d6b0bb22021-12-21 10:39:53.194root 11241100x8000000000000000401619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2cf09d7bda254512021-12-21 10:39:53.194root 11241100x8000000000000000401620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c66f21923843b82021-12-21 10:39:53.194root 11241100x8000000000000000401621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b7690b292cb0f02021-12-21 10:39:53.194root 11241100x8000000000000000401622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c63beec3da989a522021-12-21 10:39:53.195root 11241100x8000000000000000401623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d387d7b024e07632021-12-21 10:39:53.195root 11241100x8000000000000000401624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.733c9d252a6a07962021-12-21 10:39:53.195root 11241100x8000000000000000401625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.587f0301c9ca14782021-12-21 10:39:53.195root 11241100x8000000000000000401626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.813a3b86e3e2ea822021-12-21 10:39:53.195root 11241100x8000000000000000401627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc7de3b161722b12021-12-21 10:39:53.195root 11241100x8000000000000000401628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04fe4c1b7ff0e02b2021-12-21 10:39:53.195root 11241100x8000000000000000401629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a3b5ecb1b0fe9b2021-12-21 10:39:53.195root 11241100x8000000000000000401630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b915ac9c777c8c4b2021-12-21 10:39:53.195root 11241100x8000000000000000401631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.227e00e6ab3aec6a2021-12-21 10:39:53.195root 11241100x8000000000000000401632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa2e4e5fb56d4892021-12-21 10:39:53.195root 11241100x8000000000000000401633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96493d15142c532e2021-12-21 10:39:53.195root 11241100x8000000000000000401634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a67246c98d0a5f2021-12-21 10:39:53.195root 11241100x8000000000000000401635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ffc6f72e03d4402021-12-21 10:39:53.196root 11241100x8000000000000000401636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a769d4725843bf102021-12-21 10:39:53.196root 11241100x8000000000000000401637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b00c6749b2cd27ab2021-12-21 10:39:53.196root 11241100x8000000000000000401638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c318dd927dbb127f2021-12-21 10:39:53.196root 11241100x8000000000000000401639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e83d2dcb303ec5992021-12-21 10:39:53.196root 11241100x8000000000000000401640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0009d8444375fb2021-12-21 10:39:53.196root 11241100x8000000000000000401641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f952054e2588972021-12-21 10:39:53.196root 11241100x8000000000000000401642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4633dfa2383133a2021-12-21 10:39:53.196root 11241100x8000000000000000401643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a649691c125a372021-12-21 10:39:53.196root 11241100x8000000000000000401644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca310983780127542021-12-21 10:39:53.197root 11241100x8000000000000000401645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.291d8ced6a67a21e2021-12-21 10:39:53.197root 11241100x8000000000000000401646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b96a4ac7c1cba752021-12-21 10:39:53.692root 11241100x8000000000000000401647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a37365acdb32c92021-12-21 10:39:53.693root 11241100x8000000000000000401648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5549d54a34c467f42021-12-21 10:39:53.693root 11241100x8000000000000000401649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bbf5f290db81a402021-12-21 10:39:53.693root 11241100x8000000000000000401650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc7b0ee611be7692021-12-21 10:39:53.693root 11241100x8000000000000000401651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e84f30167923a9e02021-12-21 10:39:53.693root 11241100x8000000000000000401652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6186c791a1194402021-12-21 10:39:53.693root 11241100x8000000000000000401653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3870f0cb888c7dfa2021-12-21 10:39:53.693root 11241100x8000000000000000401654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d893512c929292c92021-12-21 10:39:53.693root 11241100x8000000000000000401655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409576e55c1305b52021-12-21 10:39:53.693root 11241100x8000000000000000401656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30d0f3cee73470922021-12-21 10:39:53.693root 11241100x8000000000000000401657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2a6a1284ae9a892021-12-21 10:39:53.693root 11241100x8000000000000000401658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c7092f60167fe782021-12-21 10:39:53.694root 11241100x8000000000000000401659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad8a5adcc246bf532021-12-21 10:39:53.694root 11241100x8000000000000000401660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a86056b07b3cb082021-12-21 10:39:53.694root 11241100x8000000000000000401661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d9f41773aaddd1b2021-12-21 10:39:53.694root 11241100x8000000000000000401662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f08cca4ca95b222021-12-21 10:39:53.694root 11241100x8000000000000000401663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f41f015d648939d32021-12-21 10:39:53.694root 11241100x8000000000000000401664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c187de470bb0152021-12-21 10:39:53.694root 11241100x8000000000000000401665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63a41a32a464c7f02021-12-21 10:39:53.694root 11241100x8000000000000000401666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d872509e7d6a212021-12-21 10:39:53.694root 11241100x8000000000000000401667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea41a06ad5880542021-12-21 10:39:53.694root 11241100x8000000000000000401668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af84c83c481f09772021-12-21 10:39:53.694root 11241100x8000000000000000401669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fed7eae406d18f52021-12-21 10:39:53.694root 11241100x8000000000000000401670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b3e0e9b243178562021-12-21 10:39:53.695root 11241100x8000000000000000401671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527aeae5fb6b04582021-12-21 10:39:53.695root 11241100x8000000000000000401672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b68c5d769165543d2021-12-21 10:39:53.695root 11241100x8000000000000000401673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc21e85c4dd6a7f2021-12-21 10:39:53.695root 11241100x8000000000000000401674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9fef95a2b807a9f2021-12-21 10:39:53.695root 11241100x8000000000000000401675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e6a3cb2e1e7b542021-12-21 10:39:53.696root 11241100x8000000000000000401676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d58f5b68c31f6fb2021-12-21 10:39:53.696root 11241100x8000000000000000401677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb9b269bedaceb42021-12-21 10:39:53.696root 11241100x8000000000000000401678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e057b5939b32ac532021-12-21 10:39:53.696root 11241100x8000000000000000401679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b19204506cd6529d2021-12-21 10:39:53.696root 11241100x8000000000000000401680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89cf2850a1f162932021-12-21 10:39:53.696root 11241100x8000000000000000401681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d4c765b3fedb192021-12-21 10:39:53.696root 11241100x8000000000000000401682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1470a158eda4e3802021-12-21 10:39:53.696root 11241100x8000000000000000401683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85a4b304121435bf2021-12-21 10:39:53.696root 11241100x8000000000000000401684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab1452cc7b5d2d92021-12-21 10:39:53.696root 11241100x8000000000000000401685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d2af5d06bbf0f812021-12-21 10:39:53.696root 11241100x8000000000000000401686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a16e6c45853d23192021-12-21 10:39:53.696root 11241100x8000000000000000401687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee88558026e4b0d2021-12-21 10:39:53.696root 11241100x8000000000000000401688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ddfe93d5398b1df2021-12-21 10:39:53.696root 11241100x8000000000000000401689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.145c09b99585b9aa2021-12-21 10:39:53.696root 11241100x8000000000000000401690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64b044fc663dd302021-12-21 10:39:53.696root 11241100x8000000000000000401691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a27853821278512021-12-21 10:39:53.697root 11241100x8000000000000000401692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.665720d789a2ce4a2021-12-21 10:39:53.697root 11241100x8000000000000000401693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc269fd465344b9f2021-12-21 10:39:53.697root 11241100x8000000000000000401694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5959cc98ad5b67a2021-12-21 10:39:53.697root 11241100x8000000000000000401695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c99e8f1fa162422021-12-21 10:39:53.697root 11241100x8000000000000000401696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d054e69f71c8a1812021-12-21 10:39:53.697root 11241100x8000000000000000401697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c521ecf7c236d62021-12-21 10:39:53.697root 11241100x8000000000000000401698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d3ab500966d9d72021-12-21 10:39:53.697root 11241100x8000000000000000401699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91dce2cfb8770d332021-12-21 10:39:53.697root 11241100x8000000000000000401700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f9d259d72183e82021-12-21 10:39:53.697root 11241100x8000000000000000401701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7bf781d02e6d4082021-12-21 10:39:53.697root 11241100x8000000000000000401702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8c6b2c672ce0d632021-12-21 10:39:53.697root 11241100x8000000000000000401703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe647f0ca4cfffd2021-12-21 10:39:53.697root 11241100x8000000000000000401704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500dadf9bc3abe0d2021-12-21 10:39:53.697root 11241100x8000000000000000401705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff59bb776af07cba2021-12-21 10:39:53.697root 11241100x8000000000000000401706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525c5c3181d285bd2021-12-21 10:39:53.697root 11241100x8000000000000000401707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c598f708d1fa79b62021-12-21 10:39:53.698root 11241100x8000000000000000401708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f51cedbf57ccf3b2021-12-21 10:39:53.698root 11241100x8000000000000000401709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292f5090cd39b2332021-12-21 10:39:53.698root 11241100x8000000000000000401710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65bd10103e0ce9862021-12-21 10:39:53.698root 11241100x8000000000000000401711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:53.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f98f54315756a702021-12-21 10:39:53.698root 354300x8000000000000000401712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.152{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47424-false10.0.1.12-8000- 11241100x8000000000000000401713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.152{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f400362485f55b2021-12-21 10:39:54.152root 11241100x8000000000000000401714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.152{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfb8466cd3d484d82021-12-21 10:39:54.152root 11241100x8000000000000000401715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f26b444262296b52021-12-21 10:39:54.153root 11241100x8000000000000000401716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.840cc6e28b39e7242021-12-21 10:39:54.153root 11241100x8000000000000000401717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2470ceec6eebcd102021-12-21 10:39:54.153root 11241100x8000000000000000401718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fbb43ae76657c792021-12-21 10:39:54.153root 11241100x8000000000000000401719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b81447e3a47c722021-12-21 10:39:54.153root 11241100x8000000000000000401720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26908bb9b5f3c72a2021-12-21 10:39:54.153root 11241100x8000000000000000401721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd66d221fb8c535c2021-12-21 10:39:54.153root 11241100x8000000000000000401722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbc10e92c05d0c9a2021-12-21 10:39:54.153root 11241100x8000000000000000401723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cdeba75168fc0c12021-12-21 10:39:54.153root 11241100x8000000000000000401724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2f7cf466513d6d12021-12-21 10:39:54.153root 11241100x8000000000000000401725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1956fe269872e8aa2021-12-21 10:39:54.154root 11241100x8000000000000000401726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b2ddb67a5567f192021-12-21 10:39:54.154root 11241100x8000000000000000401727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d608a1729e413942021-12-21 10:39:54.154root 11241100x8000000000000000401728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe7dae29a69f95e2021-12-21 10:39:54.154root 11241100x8000000000000000401729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d6b806cf9a800162021-12-21 10:39:54.154root 11241100x8000000000000000401730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1b3fecd04896df22021-12-21 10:39:54.154root 11241100x8000000000000000401731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a58360d90c68b4332021-12-21 10:39:54.154root 11241100x8000000000000000401732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.155{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec22667b636e40072021-12-21 10:39:54.155root 11241100x8000000000000000401733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.155{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d5b68a97113ad7e2021-12-21 10:39:54.155root 11241100x8000000000000000401734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.155{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c5380a1e567aa72021-12-21 10:39:54.155root 11241100x8000000000000000401735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.158{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb0da6ddacf96502021-12-21 10:39:54.158root 11241100x8000000000000000401736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.159{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9fa3c6e48201bf2021-12-21 10:39:54.159root 11241100x8000000000000000401737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.159{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac14aef32906c7e2021-12-21 10:39:54.159root 11241100x8000000000000000401738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.159{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0293ddad12b411e52021-12-21 10:39:54.159root 11241100x8000000000000000401739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.159{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9796d72e125ef48a2021-12-21 10:39:54.159root 11241100x8000000000000000401740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.159{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f9fb4536d309042021-12-21 10:39:54.159root 11241100x8000000000000000401741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.159{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac621e8f6d9d2cf2021-12-21 10:39:54.159root 11241100x8000000000000000401742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.159{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b2207e95a60105f2021-12-21 10:39:54.159root 11241100x8000000000000000401743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.159{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6db4b2420b0747b2021-12-21 10:39:54.159root 11241100x8000000000000000401744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.160{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd5f288ab00e6a02021-12-21 10:39:54.160root 11241100x8000000000000000401745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.160{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3929cafebfc50832021-12-21 10:39:54.160root 11241100x8000000000000000401746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.160{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a9aedaaa5e49052021-12-21 10:39:54.160root 11241100x8000000000000000401747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.160{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbe40dd6b7e867eb2021-12-21 10:39:54.160root 11241100x8000000000000000401748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.160{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3931ee250a317ede2021-12-21 10:39:54.160root 11241100x8000000000000000401749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.161{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a70f3a2ec03fb962021-12-21 10:39:54.161root 11241100x8000000000000000401750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.161{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748023f4f78c781e2021-12-21 10:39:54.161root 11241100x8000000000000000401751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.161{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f42b709215b2822021-12-21 10:39:54.161root 11241100x8000000000000000401752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.161{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3137daa21855f9c52021-12-21 10:39:54.161root 11241100x8000000000000000401753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.161{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61d33672a94461f12021-12-21 10:39:54.161root 11241100x8000000000000000401754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.162{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9ffca135317d142021-12-21 10:39:54.162root 11241100x8000000000000000401755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.162{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8542780e2eadbc992021-12-21 10:39:54.162root 11241100x8000000000000000401756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.162{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d04fd450e18ab1552021-12-21 10:39:54.162root 11241100x8000000000000000401757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.162{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9170d6705c0820f2021-12-21 10:39:54.162root 11241100x8000000000000000401758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.162{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44d3162373a466732021-12-21 10:39:54.162root 11241100x8000000000000000401759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.163{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9373c5d72e7d27ac2021-12-21 10:39:54.163root 11241100x8000000000000000401760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.163{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe8260193f4d9ab92021-12-21 10:39:54.163root 11241100x8000000000000000401761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.163{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e8332e2683a4b82021-12-21 10:39:54.163root 11241100x8000000000000000401762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.163{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f67795873f270b32021-12-21 10:39:54.163root 11241100x8000000000000000401763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.165{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619d85f13a12893a2021-12-21 10:39:54.165root 11241100x8000000000000000401764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.165{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2c8d3fac375387e2021-12-21 10:39:54.165root 11241100x8000000000000000401765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.165{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea3743e7e463d4872021-12-21 10:39:54.165root 11241100x8000000000000000401766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.165{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a533dc58c4e9abc2021-12-21 10:39:54.165root 11241100x8000000000000000401767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.166{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c47729afea4c68c2021-12-21 10:39:54.166root 11241100x8000000000000000401768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.166{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ae8b396c24927652021-12-21 10:39:54.166root 11241100x8000000000000000401769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.166{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96ff8dc5cd29010b2021-12-21 10:39:54.166root 11241100x8000000000000000401770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.166{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.243cb309f1f4d89b2021-12-21 10:39:54.166root 11241100x8000000000000000401771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.166{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e8fa8471843e5182021-12-21 10:39:54.166root 11241100x8000000000000000401772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.166{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f4e356f2e836b292021-12-21 10:39:54.166root 11241100x8000000000000000401773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.166{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca63cff03a0ccb102021-12-21 10:39:54.166root 11241100x8000000000000000401774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.166{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce6610e0c3f1fd122021-12-21 10:39:54.166root 11241100x8000000000000000401775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.167{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d9567d3119cdf882021-12-21 10:39:54.167root 11241100x8000000000000000401776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.167{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d2de999cae40c0d2021-12-21 10:39:54.167root 11241100x8000000000000000401777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.167{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf0efd8e87a03652021-12-21 10:39:54.167root 11241100x8000000000000000401778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.167{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffebbfdff3c57f9a2021-12-21 10:39:54.167root 11241100x8000000000000000401779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.167{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb0e9d80c0119e792021-12-21 10:39:54.167root 11241100x8000000000000000401780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.168{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adecd380d082f75a2021-12-21 10:39:54.168root 11241100x8000000000000000401781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.168{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d965b409dff071a2021-12-21 10:39:54.168root 11241100x8000000000000000401782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.168{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.855af90476f2c3242021-12-21 10:39:54.168root 11241100x8000000000000000401783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.168{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1af52ee3b0f88ab2021-12-21 10:39:54.168root 11241100x8000000000000000401784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.168{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77dfac9573f2b9012021-12-21 10:39:54.168root 11241100x8000000000000000401785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.168{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ef28c811ad60132021-12-21 10:39:54.168root 11241100x8000000000000000401786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.168{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b43bd212dceb4d3f2021-12-21 10:39:54.168root 11241100x8000000000000000401787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.168{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfe9addf9148f99b2021-12-21 10:39:54.168root 11241100x8000000000000000401788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.169{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f47bd203f6369842021-12-21 10:39:54.169root 11241100x8000000000000000401789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.169{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6b76eaf2e9bdbce2021-12-21 10:39:54.169root 11241100x8000000000000000401790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.169{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.216ec4f6748802412021-12-21 10:39:54.169root 11241100x8000000000000000401791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.169{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.682bc09ac56d4da92021-12-21 10:39:54.169root 11241100x8000000000000000401792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.170{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a04fc27ff49051782021-12-21 10:39:54.170root 11241100x8000000000000000401793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.170{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8623d1b9918f550a2021-12-21 10:39:54.170root 11241100x8000000000000000401794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.170{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3a1e1e63c3f240e2021-12-21 10:39:54.170root 11241100x8000000000000000401795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.170{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9abb582b23dd89002021-12-21 10:39:54.170root 11241100x8000000000000000401796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.170{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b86cae582c4d0a52021-12-21 10:39:54.170root 11241100x8000000000000000401797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.171{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cccfcfed19e4a8b42021-12-21 10:39:54.171root 11241100x8000000000000000401798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.171{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1164b51ef8ab98e72021-12-21 10:39:54.171root 11241100x8000000000000000401799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.171{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c4443ae13c240fd2021-12-21 10:39:54.171root 11241100x8000000000000000401800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.171{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.000509a57d6d7bba2021-12-21 10:39:54.171root 11241100x8000000000000000401801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.171{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3906e9e5ad6b77cd2021-12-21 10:39:54.171root 11241100x8000000000000000401802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.171{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e86b88d70124e22021-12-21 10:39:54.171root 11241100x8000000000000000401803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.172{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c2c376615e019022021-12-21 10:39:54.172root 11241100x8000000000000000401804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.172{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b17d201671c04452021-12-21 10:39:54.172root 11241100x8000000000000000401805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.172{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c25f8b4dd6ef2512021-12-21 10:39:54.172root 11241100x8000000000000000401806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52f180965995804d2021-12-21 10:39:54.443root 11241100x8000000000000000401807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a20a5ad751ac53d92021-12-21 10:39:54.443root 11241100x8000000000000000401808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.574ba0495878027f2021-12-21 10:39:54.443root 11241100x8000000000000000401809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.473fe1f8086d4eac2021-12-21 10:39:54.443root 11241100x8000000000000000401810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bae65f80653c1152021-12-21 10:39:54.444root 11241100x8000000000000000401811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb6e4146726ec0d2021-12-21 10:39:54.444root 11241100x8000000000000000401812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c21927b176018c152021-12-21 10:39:54.444root 11241100x8000000000000000401813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cf3a34517f5bae62021-12-21 10:39:54.444root 11241100x8000000000000000401814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5584b7dd1259364e2021-12-21 10:39:54.444root 11241100x8000000000000000401815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12eb29b2bc69e3a32021-12-21 10:39:54.444root 11241100x8000000000000000401816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a78f51e584e5f392021-12-21 10:39:54.444root 11241100x8000000000000000401817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4785418c8bb0bcc02021-12-21 10:39:54.444root 11241100x8000000000000000401818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed3eb46e099d0542021-12-21 10:39:54.444root 11241100x8000000000000000401819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbef039f714966552021-12-21 10:39:54.444root 11241100x8000000000000000401820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10030dbda32ea1c22021-12-21 10:39:54.445root 11241100x8000000000000000401821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a5a75be6107c1fd2021-12-21 10:39:54.445root 11241100x8000000000000000401822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d3ece38b7dbc29e2021-12-21 10:39:54.445root 11241100x8000000000000000401823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e45595a2c0f94e82021-12-21 10:39:54.445root 11241100x8000000000000000401824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.946c4979c532d2902021-12-21 10:39:54.445root 11241100x8000000000000000401825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a24b50abaaf49bba2021-12-21 10:39:54.445root 11241100x8000000000000000401826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.146f798b4eb013b32021-12-21 10:39:54.445root 11241100x8000000000000000401827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a696f4c62f0e17872021-12-21 10:39:54.445root 11241100x8000000000000000401828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b756510bec4bd52021-12-21 10:39:54.445root 11241100x8000000000000000401829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d4d72262f2c197a2021-12-21 10:39:54.445root 11241100x8000000000000000401830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3321579ae0fd86372021-12-21 10:39:54.445root 11241100x8000000000000000401831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab7c32f3ca93331c2021-12-21 10:39:54.446root 11241100x8000000000000000401832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba76285371e75af2021-12-21 10:39:54.446root 11241100x8000000000000000401833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef40dcebf229f2402021-12-21 10:39:54.446root 11241100x8000000000000000401834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2ae9fb3ec7fe0442021-12-21 10:39:54.446root 11241100x8000000000000000401835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6844dab40c9d5f892021-12-21 10:39:54.446root 11241100x8000000000000000401836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a08fad6b27c911282021-12-21 10:39:54.446root 11241100x8000000000000000401837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a79bea62809eb72021-12-21 10:39:54.446root 11241100x8000000000000000401838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bc2fc0ee9e6a5902021-12-21 10:39:54.446root 11241100x8000000000000000401839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70be46e2daa7913d2021-12-21 10:39:54.446root 11241100x8000000000000000401840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dadbadc185e5d2592021-12-21 10:39:54.446root 11241100x8000000000000000401841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c283c77ebf79562021-12-21 10:39:54.943root 11241100x8000000000000000401842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628e6484dd8bec032021-12-21 10:39:54.944root 11241100x8000000000000000401843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d4ad157784f2022021-12-21 10:39:54.944root 11241100x8000000000000000401844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74435dc336430f692021-12-21 10:39:54.944root 11241100x8000000000000000401845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9694810d80cf032021-12-21 10:39:54.944root 11241100x8000000000000000401846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee89d8e4d179a9e32021-12-21 10:39:54.944root 11241100x8000000000000000401847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ef965e2eb7a03672021-12-21 10:39:54.944root 11241100x8000000000000000401848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e15b97d6f1b2ee82021-12-21 10:39:54.944root 11241100x8000000000000000401849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e17c29da7049302021-12-21 10:39:54.944root 11241100x8000000000000000401850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1730377dca26c6762021-12-21 10:39:54.944root 11241100x8000000000000000401851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ac369f3b6b41982021-12-21 10:39:54.945root 11241100x8000000000000000401852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e268a373cc1202cd2021-12-21 10:39:54.945root 11241100x8000000000000000401853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d26d0b139df827452021-12-21 10:39:54.945root 11241100x8000000000000000401854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f0b76c1a83c9742021-12-21 10:39:54.945root 11241100x8000000000000000401855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b84117ee6b600c872021-12-21 10:39:54.945root 11241100x8000000000000000401856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a172b706344bebcc2021-12-21 10:39:54.945root 11241100x8000000000000000401857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae39265d35771832021-12-21 10:39:54.945root 11241100x8000000000000000401858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57f910f9aa4abc842021-12-21 10:39:54.945root 11241100x8000000000000000401859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce334487f3fbb982021-12-21 10:39:54.945root 11241100x8000000000000000401860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8310a26baa03c84e2021-12-21 10:39:54.945root 11241100x8000000000000000401861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ed260e8db6fd222021-12-21 10:39:54.945root 11241100x8000000000000000401862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd068ffbde994c0d2021-12-21 10:39:54.945root 11241100x8000000000000000401863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e5fde124ebb33132021-12-21 10:39:54.946root 11241100x8000000000000000401864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f824bec55e53e56d2021-12-21 10:39:54.946root 11241100x8000000000000000401865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3861d14bfd8808e72021-12-21 10:39:54.946root 11241100x8000000000000000401866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b17e76b313c2a6572021-12-21 10:39:54.946root 11241100x8000000000000000401867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9147d51004879fb92021-12-21 10:39:54.946root 11241100x8000000000000000401868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e550d1fe0b8a0302021-12-21 10:39:54.946root 11241100x8000000000000000401869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d173cf6648c9192021-12-21 10:39:54.946root 11241100x8000000000000000401870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5573cdac5112c9b92021-12-21 10:39:54.946root 11241100x8000000000000000401871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a38582f193320d952021-12-21 10:39:54.946root 11241100x8000000000000000401872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06acd55c79e64ad22021-12-21 10:39:54.946root 11241100x8000000000000000401873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb0da88332802b382021-12-21 10:39:54.946root 11241100x8000000000000000401874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e6773f0ede83a82021-12-21 10:39:54.946root 11241100x8000000000000000401875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a964027c913e3f2021-12-21 10:39:54.946root 11241100x8000000000000000401876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b83d50d60bbd8f402021-12-21 10:39:54.947root 11241100x8000000000000000401877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ef9b98528b8b0d2021-12-21 10:39:54.947root 11241100x8000000000000000401878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a2a039579896ec92021-12-21 10:39:54.947root 11241100x8000000000000000401879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:54.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa1238b6ef6648b2021-12-21 10:39:54.947root 11241100x8000000000000000401880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07dba2ba139e8d152021-12-21 10:39:55.443root 11241100x8000000000000000401881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcf6e70d5ce58bec2021-12-21 10:39:55.444root 11241100x8000000000000000401882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.211c2e504c9bcb132021-12-21 10:39:55.444root 11241100x8000000000000000401883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff3ecb0c6febaf3e2021-12-21 10:39:55.444root 11241100x8000000000000000401884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7aa3bdaf0d52e12021-12-21 10:39:55.444root 11241100x8000000000000000401885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29dc2b0dd65529d32021-12-21 10:39:55.444root 11241100x8000000000000000401886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7cad89160bfadd62021-12-21 10:39:55.445root 11241100x8000000000000000401887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9132e4d145405e992021-12-21 10:39:55.445root 11241100x8000000000000000401888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a83d1a54d7e683ab2021-12-21 10:39:55.445root 11241100x8000000000000000401889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.417a50f4634508c22021-12-21 10:39:55.445root 11241100x8000000000000000401890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a790e1f3bc4addb2021-12-21 10:39:55.445root 11241100x8000000000000000401891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6c42d20e0e69542021-12-21 10:39:55.445root 11241100x8000000000000000401892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da2c9f63b334c62e2021-12-21 10:39:55.445root 11241100x8000000000000000401893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b258b4fb3695d5662021-12-21 10:39:55.445root 11241100x8000000000000000401894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd0fc4714e81ea112021-12-21 10:39:55.445root 11241100x8000000000000000401895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd8ff626403afce2021-12-21 10:39:55.445root 11241100x8000000000000000401896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d32542433b65ef12021-12-21 10:39:55.445root 11241100x8000000000000000401897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.549f5cca48e287d02021-12-21 10:39:55.445root 11241100x8000000000000000401898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf92bde1c3f6b642021-12-21 10:39:55.445root 11241100x8000000000000000401899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee76614c47355ab2021-12-21 10:39:55.446root 11241100x8000000000000000401900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4900cea6886e029b2021-12-21 10:39:55.446root 11241100x8000000000000000401901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.570dbeb9b6070cb72021-12-21 10:39:55.446root 11241100x8000000000000000401902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.893b1f45f04d741d2021-12-21 10:39:55.446root 11241100x8000000000000000401903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d70df098de2aaa832021-12-21 10:39:55.446root 11241100x8000000000000000401904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca126758106083a52021-12-21 10:39:55.446root 11241100x8000000000000000401905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f3ec3e10204d582021-12-21 10:39:55.446root 11241100x8000000000000000401906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.885dd96c0320d3072021-12-21 10:39:55.446root 11241100x8000000000000000401907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adb283e8b7b6ac522021-12-21 10:39:55.446root 11241100x8000000000000000401908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18144bddb3942572021-12-21 10:39:55.446root 11241100x8000000000000000401909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ae633696bd7e5772021-12-21 10:39:55.447root 11241100x8000000000000000401910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b65fff06748ed93f2021-12-21 10:39:55.447root 11241100x8000000000000000401911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00940bd6c8b52fc22021-12-21 10:39:55.447root 11241100x8000000000000000401912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fabd70591c8244ca2021-12-21 10:39:55.447root 11241100x8000000000000000401913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e010be36ffa50c2021-12-21 10:39:55.447root 11241100x8000000000000000401914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17e50cfe394f3fa42021-12-21 10:39:55.447root 11241100x8000000000000000401915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ff9915264d29222021-12-21 10:39:55.943root 11241100x8000000000000000401916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ae592a3116103f72021-12-21 10:39:55.943root 11241100x8000000000000000401917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b8888720a72b5922021-12-21 10:39:55.943root 11241100x8000000000000000401918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfeeb97cb9a196b12021-12-21 10:39:55.943root 11241100x8000000000000000401919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f6f3bef024b8f302021-12-21 10:39:55.943root 11241100x8000000000000000401920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d2e1e831954adf42021-12-21 10:39:55.944root 11241100x8000000000000000401921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb33e4faa88e09d2021-12-21 10:39:55.944root 11241100x8000000000000000401922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e15a25e3c66202782021-12-21 10:39:55.944root 11241100x8000000000000000401923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a3d989648878fd22021-12-21 10:39:55.944root 11241100x8000000000000000401924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce1149a7b15cbc82021-12-21 10:39:55.944root 11241100x8000000000000000401925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e25907368ffd7582021-12-21 10:39:55.944root 11241100x8000000000000000401926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a41cc686781985af2021-12-21 10:39:55.944root 11241100x8000000000000000401927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55cc0518db71689d2021-12-21 10:39:55.944root 11241100x8000000000000000401928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c286b96ab1185dcc2021-12-21 10:39:55.944root 11241100x8000000000000000401929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cfbf7f8e7db4cab2021-12-21 10:39:55.944root 11241100x8000000000000000401930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2524889c4de4d9d92021-12-21 10:39:55.945root 11241100x8000000000000000401931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db6900e6e84b4bc82021-12-21 10:39:55.945root 11241100x8000000000000000401932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40fa99ef8c9223f32021-12-21 10:39:55.945root 11241100x8000000000000000401933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed4fc87c5029a0222021-12-21 10:39:55.945root 11241100x8000000000000000401934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a3d33e2f4973b92021-12-21 10:39:55.945root 11241100x8000000000000000401935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.906e63d4333c2a272021-12-21 10:39:55.945root 11241100x8000000000000000401936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4938fd3ac1e17f9d2021-12-21 10:39:55.945root 11241100x8000000000000000401937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8680e336fd877f22021-12-21 10:39:55.945root 11241100x8000000000000000401938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6b1ab9756fb16c32021-12-21 10:39:55.946root 11241100x8000000000000000401939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a41e87a197aff3d2021-12-21 10:39:55.946root 11241100x8000000000000000401940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1441a12e1b8d9a7a2021-12-21 10:39:55.946root 11241100x8000000000000000401941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5644e09236e6325b2021-12-21 10:39:55.946root 11241100x8000000000000000401942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcd9299e3f3db5b22021-12-21 10:39:55.946root 11241100x8000000000000000401943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e31f072257b5a8062021-12-21 10:39:55.947root 11241100x8000000000000000401944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b303c33f8be1d312021-12-21 10:39:55.947root 11241100x8000000000000000401945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6bb2da8b6cc02582021-12-21 10:39:55.947root 11241100x8000000000000000401946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.196044db045cdb662021-12-21 10:39:55.947root 11241100x8000000000000000401947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ab00c67fc300ab2021-12-21 10:39:55.947root 11241100x8000000000000000401948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc8342092d6f0e772021-12-21 10:39:55.947root 11241100x8000000000000000401949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93932f79a92273f2021-12-21 10:39:55.947root 11241100x8000000000000000401950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a447f421a72e50c2021-12-21 10:39:55.948root 11241100x8000000000000000401951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.985215137ef362bb2021-12-21 10:39:55.948root 11241100x8000000000000000401952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:55.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be6a28ac4c980eca2021-12-21 10:39:55.948root 11241100x8000000000000000401953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdade92cd444f31f2021-12-21 10:39:56.443root 11241100x8000000000000000401954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb8957194881e3a2021-12-21 10:39:56.443root 11241100x8000000000000000401955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cd39c84ef288b2e2021-12-21 10:39:56.443root 11241100x8000000000000000401956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec23dc49fa398962021-12-21 10:39:56.443root 11241100x8000000000000000401957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db2f3785131a97c72021-12-21 10:39:56.443root 11241100x8000000000000000401958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d429a1401fec062021-12-21 10:39:56.444root 11241100x8000000000000000401959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.933960c46cf1266f2021-12-21 10:39:56.444root 11241100x8000000000000000401960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.646053e8a595a66e2021-12-21 10:39:56.444root 11241100x8000000000000000401961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c178350bc494192021-12-21 10:39:56.444root 11241100x8000000000000000401962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f49364fe821883c2021-12-21 10:39:56.444root 11241100x8000000000000000401963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c467b588f566a22021-12-21 10:39:56.445root 11241100x8000000000000000401964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b5ad171a97acb652021-12-21 10:39:56.445root 11241100x8000000000000000401965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde0f8916c34f5ea2021-12-21 10:39:56.445root 11241100x8000000000000000401966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0475289bbb97e6052021-12-21 10:39:56.445root 11241100x8000000000000000401967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5731bc9d193ea662021-12-21 10:39:56.445root 11241100x8000000000000000401968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2c4bfe17455dc792021-12-21 10:39:56.446root 11241100x8000000000000000401969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.795d2ef5d0dd1f562021-12-21 10:39:56.446root 11241100x8000000000000000401970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce216882e2fac3632021-12-21 10:39:56.446root 11241100x8000000000000000401971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d10e153078972282021-12-21 10:39:56.446root 11241100x8000000000000000401972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c65b6eff1ebe91a2021-12-21 10:39:56.446root 11241100x8000000000000000401973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50acc806b814ebc42021-12-21 10:39:56.446root 11241100x8000000000000000401974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77acd721ee98528e2021-12-21 10:39:56.446root 11241100x8000000000000000401975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d50355e5c839e922021-12-21 10:39:56.447root 11241100x8000000000000000401976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5af55dcbcce9d3d82021-12-21 10:39:56.447root 11241100x8000000000000000401977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.697b7f869423c1012021-12-21 10:39:56.447root 11241100x8000000000000000401978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd0479ab7c75bc02021-12-21 10:39:56.447root 11241100x8000000000000000401979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc18110d848f42b2021-12-21 10:39:56.447root 11241100x8000000000000000401980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7564d25fbde0add42021-12-21 10:39:56.448root 11241100x8000000000000000401981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d2c90a5edfe1a332021-12-21 10:39:56.448root 11241100x8000000000000000401982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f6b8b99a598cbd2021-12-21 10:39:56.449root 11241100x8000000000000000401983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.733bf2bd1ce6009f2021-12-21 10:39:56.449root 11241100x8000000000000000401984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8796f01a186dcf9a2021-12-21 10:39:56.449root 11241100x8000000000000000401985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9832f56d8ebf554b2021-12-21 10:39:56.449root 11241100x8000000000000000401986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b16a67f58dfbe5a2021-12-21 10:39:56.449root 11241100x8000000000000000401987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2b91d38e89c43212021-12-21 10:39:56.450root 11241100x8000000000000000401988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.313def1295c9c6242021-12-21 10:39:56.450root 11241100x8000000000000000401989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab6f5ecc91b69162021-12-21 10:39:56.450root 11241100x8000000000000000401990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de66cf57d288ca862021-12-21 10:39:56.450root 11241100x8000000000000000401991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a99d00f306a84d12021-12-21 10:39:56.450root 11241100x8000000000000000401992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d6461c05c3891d2021-12-21 10:39:56.450root 11241100x8000000000000000401993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828677588618a9fc2021-12-21 10:39:56.450root 11241100x8000000000000000401994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92484654773aaf0c2021-12-21 10:39:56.450root 11241100x8000000000000000401995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b32d5b3a152bb2b2021-12-21 10:39:56.451root 11241100x8000000000000000401996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92c44a6e6cd5867e2021-12-21 10:39:56.451root 11241100x8000000000000000401997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeecd10c81e71b4a2021-12-21 10:39:56.451root 11241100x8000000000000000401998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ce6836ba7c8fa582021-12-21 10:39:56.943root 11241100x8000000000000000401999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a807f782f6d8b6c72021-12-21 10:39:56.943root 11241100x8000000000000000402000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a89cfe32abe456432021-12-21 10:39:56.943root 11241100x8000000000000000402001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c41d84ff48a9a392021-12-21 10:39:56.944root 11241100x8000000000000000402002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1e189016830f3ba2021-12-21 10:39:56.944root 11241100x8000000000000000402003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db3c4217bd400b2a2021-12-21 10:39:56.944root 11241100x8000000000000000402004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.067dd72d1718acbb2021-12-21 10:39:56.944root 11241100x8000000000000000402005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e96161aad8351f2021-12-21 10:39:56.944root 11241100x8000000000000000402006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e80e4b27a335dac72021-12-21 10:39:56.944root 11241100x8000000000000000402007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb53405791ba48432021-12-21 10:39:56.944root 11241100x8000000000000000402008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8aa2614a2c117392021-12-21 10:39:56.944root 11241100x8000000000000000402009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb9ebc80616359f32021-12-21 10:39:56.944root 11241100x8000000000000000402010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.217e83c8c2951a3b2021-12-21 10:39:56.944root 11241100x8000000000000000402011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4f63c851032db942021-12-21 10:39:56.944root 11241100x8000000000000000402012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d595c796d67e4c12021-12-21 10:39:56.944root 11241100x8000000000000000402013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46fecee44f6cbe82021-12-21 10:39:56.945root 11241100x8000000000000000402014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6991071f047636d2021-12-21 10:39:56.945root 11241100x8000000000000000402015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887009f4d11752252021-12-21 10:39:56.945root 11241100x8000000000000000402016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ced231fddb8547c2021-12-21 10:39:56.945root 11241100x8000000000000000402017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d9e3fa6b322cbc82021-12-21 10:39:56.945root 11241100x8000000000000000402018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e85332631abb59a42021-12-21 10:39:56.945root 11241100x8000000000000000402019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51a18bc9327b59472021-12-21 10:39:56.945root 11241100x8000000000000000402020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a4113cd2abda5992021-12-21 10:39:56.945root 11241100x8000000000000000402021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a3f44d38a6a3b22021-12-21 10:39:56.945root 11241100x8000000000000000402022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.450bfe901bba93352021-12-21 10:39:56.945root 11241100x8000000000000000402023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89211a76ee582e6d2021-12-21 10:39:56.945root 11241100x8000000000000000402024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f368b078e4d56d342021-12-21 10:39:56.946root 11241100x8000000000000000402025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f27e383cc40d48f2021-12-21 10:39:56.946root 11241100x8000000000000000402026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ee8837c9ac58bed2021-12-21 10:39:56.946root 11241100x8000000000000000402027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c59925b212b1bbdc2021-12-21 10:39:56.946root 11241100x8000000000000000402028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35683ab5a5c7f8202021-12-21 10:39:56.946root 11241100x8000000000000000402029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea23eab778e51042021-12-21 10:39:56.946root 11241100x8000000000000000402030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f90ac7f1e750dbbf2021-12-21 10:39:56.946root 11241100x8000000000000000402031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b083e14f953b22db2021-12-21 10:39:56.946root 11241100x8000000000000000402032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec2561a80f47f272021-12-21 10:39:56.946root 11241100x8000000000000000402033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae0b1d929277cba2021-12-21 10:39:56.946root 11241100x8000000000000000402034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8499f9c0395061312021-12-21 10:39:56.946root 11241100x8000000000000000402035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335a9efe71e409472021-12-21 10:39:57.443root 11241100x8000000000000000402036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7750910cdbb843e32021-12-21 10:39:57.443root 11241100x8000000000000000402037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e28b147163af46a2021-12-21 10:39:57.443root 11241100x8000000000000000402038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ed44e88eda93c802021-12-21 10:39:57.443root 11241100x8000000000000000402039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc7a35f0559eb7dd2021-12-21 10:39:57.444root 11241100x8000000000000000402040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa9a6d058185fe412021-12-21 10:39:57.444root 11241100x8000000000000000402041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede823856b1478c72021-12-21 10:39:57.444root 11241100x8000000000000000402042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96fb4a056dedf2c62021-12-21 10:39:57.444root 11241100x8000000000000000402043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d907004dece3c892021-12-21 10:39:57.444root 11241100x8000000000000000402044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f7cf5a4ce2ebaf2021-12-21 10:39:57.444root 11241100x8000000000000000402045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.222edba83561da3e2021-12-21 10:39:57.444root 11241100x8000000000000000402046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf2f1e99b2812c062021-12-21 10:39:57.444root 11241100x8000000000000000402047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9faac766074be7c2021-12-21 10:39:57.444root 11241100x8000000000000000402048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d2b4078e7edae312021-12-21 10:39:57.444root 11241100x8000000000000000402049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa396256edcbd47f2021-12-21 10:39:57.444root 11241100x8000000000000000402050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3144373bee06419f2021-12-21 10:39:57.444root 11241100x8000000000000000402051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f85aa57fc832ca52021-12-21 10:39:57.444root 11241100x8000000000000000402052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd73df9655f627ed2021-12-21 10:39:57.445root 11241100x8000000000000000402053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e9d99b52a2c50382021-12-21 10:39:57.445root 11241100x8000000000000000402054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac9bdd3c87c68552021-12-21 10:39:57.445root 11241100x8000000000000000402055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9189f03093a8dab2021-12-21 10:39:57.445root 11241100x8000000000000000402056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.113673bee89a08df2021-12-21 10:39:57.445root 11241100x8000000000000000402057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1131f0ad1a82940a2021-12-21 10:39:57.445root 11241100x8000000000000000402058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a2e24d47283785c2021-12-21 10:39:57.446root 11241100x8000000000000000402059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.779d3f8a470350d62021-12-21 10:39:57.446root 11241100x8000000000000000402060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4f83bff3f504c42021-12-21 10:39:57.446root 11241100x8000000000000000402061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69157f1305768472021-12-21 10:39:57.446root 11241100x8000000000000000402062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4922535aee3c3b942021-12-21 10:39:57.446root 11241100x8000000000000000402063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5149914eed2074b2021-12-21 10:39:57.446root 11241100x8000000000000000402064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9fd878bc0db79d52021-12-21 10:39:57.447root 11241100x8000000000000000402065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.587bfce36a49cf322021-12-21 10:39:57.447root 11241100x8000000000000000402066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7793eeb15fb593612021-12-21 10:39:57.447root 11241100x8000000000000000402067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9af42dbc1dff26252021-12-21 10:39:57.447root 11241100x8000000000000000402068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.924fdfffd7fc41542021-12-21 10:39:57.447root 11241100x8000000000000000402069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b618cbbd3ab5e9d62021-12-21 10:39:57.447root 11241100x8000000000000000402070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad96c1b7012757382021-12-21 10:39:57.447root 11241100x8000000000000000402071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eaa277ae9901db52021-12-21 10:39:57.447root 11241100x8000000000000000402072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f80cd114ea81352021-12-21 10:39:57.447root 11241100x8000000000000000402073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.304bdfb341eb94d22021-12-21 10:39:57.447root 11241100x8000000000000000402074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04fa8a345e7a5a7b2021-12-21 10:39:57.447root 11241100x8000000000000000402075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a4983406d5e5322021-12-21 10:39:57.943root 11241100x8000000000000000402076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf9dd0da8490d052021-12-21 10:39:57.943root 11241100x8000000000000000402077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e0ef7f2e3b1fde42021-12-21 10:39:57.944root 11241100x8000000000000000402078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.682578b82a22dd5d2021-12-21 10:39:57.944root 11241100x8000000000000000402079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c46c9feecf8387d2021-12-21 10:39:57.944root 11241100x8000000000000000402080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c512e9fb4b96fe1d2021-12-21 10:39:57.944root 11241100x8000000000000000402081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.876f598a746c9afc2021-12-21 10:39:57.944root 11241100x8000000000000000402082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5340d78b774bf1092021-12-21 10:39:57.944root 11241100x8000000000000000402083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ca4d263195bddd2021-12-21 10:39:57.945root 11241100x8000000000000000402084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e73e0ff386a3bbb2021-12-21 10:39:57.945root 11241100x8000000000000000402085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e75944ed532c892021-12-21 10:39:57.945root 11241100x8000000000000000402086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef008a2aae30ab32021-12-21 10:39:57.945root 11241100x8000000000000000402087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c029eba3b55c1c212021-12-21 10:39:57.945root 11241100x8000000000000000402088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e135db25cc4c47a2021-12-21 10:39:57.945root 11241100x8000000000000000402089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ac2211e543dd2ff2021-12-21 10:39:57.945root 11241100x8000000000000000402090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb27b20c1ca90f72021-12-21 10:39:57.946root 11241100x8000000000000000402091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242b29fb43f86cff2021-12-21 10:39:57.946root 11241100x8000000000000000402092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6485de66cb57c65f2021-12-21 10:39:57.946root 11241100x8000000000000000402093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ad5409efcfa53492021-12-21 10:39:57.946root 11241100x8000000000000000402094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24523e95b8f560742021-12-21 10:39:57.946root 11241100x8000000000000000402095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4782a47ce65bb25d2021-12-21 10:39:57.946root 11241100x8000000000000000402096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d53a33abcfe7efd2021-12-21 10:39:57.946root 11241100x8000000000000000402097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad20f0d5d2ce4ecd2021-12-21 10:39:57.947root 11241100x8000000000000000402098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b534b1ac81aee4972021-12-21 10:39:57.947root 11241100x8000000000000000402099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4100a0e3efc75d522021-12-21 10:39:57.947root 11241100x8000000000000000402100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c309fcc2955cd8c2021-12-21 10:39:57.948root 11241100x8000000000000000402101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4883e5d8450370df2021-12-21 10:39:57.948root 11241100x8000000000000000402102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25d34a291b65ad62021-12-21 10:39:57.948root 11241100x8000000000000000402103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13e426ad56f8661c2021-12-21 10:39:57.948root 11241100x8000000000000000402104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c49c8099ca5003fa2021-12-21 10:39:57.949root 11241100x8000000000000000402105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74125a98295ca4782021-12-21 10:39:57.949root 11241100x8000000000000000402106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f1f88aa44c07bd2021-12-21 10:39:57.949root 11241100x8000000000000000402107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d83c542dacb482982021-12-21 10:39:57.950root 11241100x8000000000000000402108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf19f2e6392e556f2021-12-21 10:39:57.950root 11241100x8000000000000000402109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cd45fb04ad28e3d2021-12-21 10:39:57.950root 11241100x8000000000000000402110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.010ed27aaf1ca3f02021-12-21 10:39:57.950root 11241100x8000000000000000402111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b696b35f0e6f90d32021-12-21 10:39:57.951root 11241100x8000000000000000402112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f48eeb81e062ee02021-12-21 10:39:57.951root 11241100x8000000000000000402113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e3d5ee3b7f26132021-12-21 10:39:57.951root 11241100x8000000000000000402114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.851518656d6bb8672021-12-21 10:39:57.951root 11241100x8000000000000000402115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:57.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c74abe9e8397682021-12-21 10:39:57.952root 11241100x8000000000000000402116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aad1b1cafa429c02021-12-21 10:39:58.443root 11241100x8000000000000000402117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8108334c273c64482021-12-21 10:39:58.443root 11241100x8000000000000000402118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.266ff12ca5e83dc12021-12-21 10:39:58.443root 11241100x8000000000000000402119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.150ed5379384cf122021-12-21 10:39:58.444root 11241100x8000000000000000402120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43163409035e17d32021-12-21 10:39:58.444root 11241100x8000000000000000402121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbbed21f92aa72d72021-12-21 10:39:58.444root 11241100x8000000000000000402122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a2be1b07851e41f2021-12-21 10:39:58.444root 11241100x8000000000000000402123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa464bb22fc92fbc2021-12-21 10:39:58.444root 11241100x8000000000000000402124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df4ee98a6f563992021-12-21 10:39:58.444root 11241100x8000000000000000402125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.026260aea2649ca32021-12-21 10:39:58.444root 11241100x8000000000000000402126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f45e05d83aeedb52021-12-21 10:39:58.444root 11241100x8000000000000000402127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54042fd2c8f757a22021-12-21 10:39:58.445root 11241100x8000000000000000402128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3dc67c373505a12021-12-21 10:39:58.445root 11241100x8000000000000000402129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e9746aa0b58e96c2021-12-21 10:39:58.445root 11241100x8000000000000000402130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c8795fbab66e8312021-12-21 10:39:58.446root 11241100x8000000000000000402131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91069da1a7ce09a42021-12-21 10:39:58.446root 11241100x8000000000000000402132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28edaaebca71d0372021-12-21 10:39:58.447root 11241100x8000000000000000402133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a2c288005519242021-12-21 10:39:58.447root 11241100x8000000000000000402134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.276c93c20fac43c82021-12-21 10:39:58.447root 11241100x8000000000000000402135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec2c4af82c2275252021-12-21 10:39:58.448root 11241100x8000000000000000402136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8884bb6f31fb67a72021-12-21 10:39:58.448root 11241100x8000000000000000402137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c0f012e1fdc62742021-12-21 10:39:58.448root 11241100x8000000000000000402138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31708bba4df3deda2021-12-21 10:39:58.448root 11241100x8000000000000000402139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf34b86ebe5a1a2d2021-12-21 10:39:58.448root 11241100x8000000000000000402140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53584c0dba9f5ee22021-12-21 10:39:58.448root 11241100x8000000000000000402141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1ce460d3e2e24f32021-12-21 10:39:58.448root 11241100x8000000000000000402142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.419d8ceba724422c2021-12-21 10:39:58.448root 11241100x8000000000000000402143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1697641336d1848c2021-12-21 10:39:58.448root 11241100x8000000000000000402144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82a37dc5bc2133ee2021-12-21 10:39:58.448root 11241100x8000000000000000402145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.764408b51be551942021-12-21 10:39:58.448root 11241100x8000000000000000402146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a5c139647fe0082021-12-21 10:39:58.448root 11241100x8000000000000000402147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.968fbd5982c2721b2021-12-21 10:39:58.448root 11241100x8000000000000000402148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfbb8ee6d0e3f65e2021-12-21 10:39:58.448root 11241100x8000000000000000402149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e02d681d9cfda8d12021-12-21 10:39:58.449root 11241100x8000000000000000402150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d6874179d44f8f2021-12-21 10:39:58.449root 11241100x8000000000000000402151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6369364119a4dbd22021-12-21 10:39:58.943root 11241100x8000000000000000402152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.294b6b4c4b176efc2021-12-21 10:39:58.943root 11241100x8000000000000000402153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f601de351bc812db2021-12-21 10:39:58.943root 11241100x8000000000000000402154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb5435f0dff6afa2021-12-21 10:39:58.943root 11241100x8000000000000000402155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8f07458859307e12021-12-21 10:39:58.943root 11241100x8000000000000000402156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac33b70efb9f37342021-12-21 10:39:58.943root 11241100x8000000000000000402157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0183a36a182e4e082021-12-21 10:39:58.943root 11241100x8000000000000000402158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1d77548e9629b7e2021-12-21 10:39:58.943root 11241100x8000000000000000402159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fc74607bd3941332021-12-21 10:39:58.944root 11241100x8000000000000000402160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ea2fa76e5131672021-12-21 10:39:58.944root 11241100x8000000000000000402161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.298322899ce6cffb2021-12-21 10:39:58.944root 11241100x8000000000000000402162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d580639c4fab5d7a2021-12-21 10:39:58.944root 11241100x8000000000000000402163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.647999d79f53188b2021-12-21 10:39:58.944root 11241100x8000000000000000402164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21af47cb9139d3022021-12-21 10:39:58.944root 11241100x8000000000000000402165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e2c7b584277b16e2021-12-21 10:39:58.944root 11241100x8000000000000000402166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f0dbea7d84ae7792021-12-21 10:39:58.944root 11241100x8000000000000000402167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe4ee18450ad4192021-12-21 10:39:58.944root 11241100x8000000000000000402168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.241d2d5b4d9ff27c2021-12-21 10:39:58.944root 11241100x8000000000000000402169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56e556678cc5afc2021-12-21 10:39:58.944root 11241100x8000000000000000402170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a69492ec0fa9de572021-12-21 10:39:58.944root 11241100x8000000000000000402171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f245588292d1e1d72021-12-21 10:39:58.944root 11241100x8000000000000000402172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f58baebfe36aac2021-12-21 10:39:58.944root 11241100x8000000000000000402173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c714165577b5ba602021-12-21 10:39:58.944root 11241100x8000000000000000402174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.263955a2e20f9b242021-12-21 10:39:58.944root 11241100x8000000000000000402175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b54b99bddb723892021-12-21 10:39:58.945root 11241100x8000000000000000402176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d96d667b9016d3fd2021-12-21 10:39:58.945root 11241100x8000000000000000402177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a5e4a1376e9ef02021-12-21 10:39:58.945root 11241100x8000000000000000402178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1534a9adb203d7352021-12-21 10:39:58.945root 11241100x8000000000000000402179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae3842846c8b543f2021-12-21 10:39:58.945root 11241100x8000000000000000402180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d213597a871d2532021-12-21 10:39:58.945root 11241100x8000000000000000402181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ef069b1b38361482021-12-21 10:39:58.945root 11241100x8000000000000000402182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.072e6024ecc290d12021-12-21 10:39:58.945root 11241100x8000000000000000402183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e8cfd263d0f2a0e2021-12-21 10:39:58.945root 11241100x8000000000000000402184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903f2ff6868fdf802021-12-21 10:39:58.945root 11241100x8000000000000000402185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ae348588545c722021-12-21 10:39:58.945root 11241100x8000000000000000402186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f4315746d9ca8502021-12-21 10:39:58.945root 11241100x8000000000000000402187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b46be91b4a280f2021-12-21 10:39:59.443root 11241100x8000000000000000402188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a2f9d83fbf2fd5a2021-12-21 10:39:59.443root 11241100x8000000000000000402189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce0ef43cd5784ac12021-12-21 10:39:59.443root 11241100x8000000000000000402190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb1f572772257c32021-12-21 10:39:59.443root 11241100x8000000000000000402191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de6e9430a393ec22021-12-21 10:39:59.444root 11241100x8000000000000000402192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad90b85373805f2f2021-12-21 10:39:59.444root 11241100x8000000000000000402193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.585728fd8b01875a2021-12-21 10:39:59.444root 11241100x8000000000000000402194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fda72d295925262d2021-12-21 10:39:59.444root 11241100x8000000000000000402195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d115f5c92e26f62021-12-21 10:39:59.444root 11241100x8000000000000000402196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fe62c0c9f10c2bd2021-12-21 10:39:59.444root 11241100x8000000000000000402197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.909af14044f482912021-12-21 10:39:59.444root 11241100x8000000000000000402198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba985afd625144f2021-12-21 10:39:59.444root 11241100x8000000000000000402199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86aeb3ac6671a19e2021-12-21 10:39:59.444root 11241100x8000000000000000402200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a671f56fbcb58f92021-12-21 10:39:59.444root 11241100x8000000000000000402201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4008b518abd1ce962021-12-21 10:39:59.444root 11241100x8000000000000000402202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463575c565b882722021-12-21 10:39:59.444root 11241100x8000000000000000402203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2d0cb9396245912021-12-21 10:39:59.444root 11241100x8000000000000000402204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b4306501f6662f62021-12-21 10:39:59.444root 11241100x8000000000000000402205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b588f4c7b7061ac2021-12-21 10:39:59.444root 11241100x8000000000000000402206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd33b15294fc7932021-12-21 10:39:59.444root 11241100x8000000000000000402207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a8d32e99e3a610b2021-12-21 10:39:59.445root 11241100x8000000000000000402208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d2f0ec3406535372021-12-21 10:39:59.445root 11241100x8000000000000000402209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.342ed2772c495fa12021-12-21 10:39:59.445root 11241100x8000000000000000402210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3afe19291054344e2021-12-21 10:39:59.445root 11241100x8000000000000000402211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b554c033a16aea2021-12-21 10:39:59.445root 11241100x8000000000000000402212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84031b7519e7cd5d2021-12-21 10:39:59.445root 11241100x8000000000000000402213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62fe903129e250f52021-12-21 10:39:59.445root 11241100x8000000000000000402214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c7aa7abad145f02021-12-21 10:39:59.445root 11241100x8000000000000000402215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4784dbbb0c00f252021-12-21 10:39:59.445root 11241100x8000000000000000402216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.172920084f5a3a2c2021-12-21 10:39:59.445root 11241100x8000000000000000402217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f144b52f7acbff002021-12-21 10:39:59.445root 11241100x8000000000000000402218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888b1c970b3099a62021-12-21 10:39:59.445root 11241100x8000000000000000402219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a947b87968e550b92021-12-21 10:39:59.445root 11241100x8000000000000000402220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2f3febac38c14372021-12-21 10:39:59.445root 11241100x8000000000000000402221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e231278c4bf630a2021-12-21 10:39:59.445root 11241100x8000000000000000402222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.913e93f625f4e9e12021-12-21 10:39:59.445root 11241100x8000000000000000402223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f1849f5295cc5cf2021-12-21 10:39:59.446root 11241100x8000000000000000402224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.216c796e382e35112021-12-21 10:39:59.446root 11241100x8000000000000000402225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd6491c1a9a88102021-12-21 10:39:59.446root 11241100x8000000000000000402226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73741e41b5c7132b2021-12-21 10:39:59.446root 11241100x8000000000000000402227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aacd89c9f11e93be2021-12-21 10:39:59.446root 11241100x8000000000000000402228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.913e74a20e96effd2021-12-21 10:39:59.943root 11241100x8000000000000000402229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29ffc9fb6f6501df2021-12-21 10:39:59.943root 11241100x8000000000000000402230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ecb39f65e478d5f2021-12-21 10:39:59.943root 11241100x8000000000000000402231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c699fddfa4d4c1dc2021-12-21 10:39:59.943root 11241100x8000000000000000402232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.161a7d0d063d22122021-12-21 10:39:59.943root 11241100x8000000000000000402233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63993303f4f88ead2021-12-21 10:39:59.943root 11241100x8000000000000000402234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d50bd7e4f1f095482021-12-21 10:39:59.943root 11241100x8000000000000000402235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.589b63b1c0ec11cd2021-12-21 10:39:59.943root 11241100x8000000000000000402236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7149efcd96ddcf292021-12-21 10:39:59.943root 11241100x8000000000000000402237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4f5390067771b62021-12-21 10:39:59.944root 11241100x8000000000000000402238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb9a8af8b26dfb7b2021-12-21 10:39:59.944root 11241100x8000000000000000402239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abe1c82c31bc2e6b2021-12-21 10:39:59.944root 11241100x8000000000000000402240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b73fa82ba5fa5ca92021-12-21 10:39:59.944root 11241100x8000000000000000402241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d1cb06bc5f43b5a2021-12-21 10:39:59.944root 11241100x8000000000000000402242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf163a78005c6b02021-12-21 10:39:59.945root 11241100x8000000000000000402243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b7c5b43c4f77052021-12-21 10:39:59.945root 11241100x8000000000000000402244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8354c17a15c0052e2021-12-21 10:39:59.945root 11241100x8000000000000000402245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bfe78b1efc85e292021-12-21 10:39:59.945root 11241100x8000000000000000402246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9d640449eb568bd2021-12-21 10:39:59.945root 11241100x8000000000000000402247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae0aadc186766d7d2021-12-21 10:39:59.945root 11241100x8000000000000000402248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.044ebe68a3f478e12021-12-21 10:39:59.945root 11241100x8000000000000000402249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d2eb18d5632e0862021-12-21 10:39:59.945root 11241100x8000000000000000402250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f6be7c2493c70b2021-12-21 10:39:59.945root 11241100x8000000000000000402251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a7302e445866dfa2021-12-21 10:39:59.945root 11241100x8000000000000000402252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc33951eefb913572021-12-21 10:39:59.946root 11241100x8000000000000000402253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a71eb298e4215b922021-12-21 10:39:59.946root 11241100x8000000000000000402254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de231ad68b079752021-12-21 10:39:59.946root 11241100x8000000000000000402255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8258437d2a2e9042021-12-21 10:39:59.946root 11241100x8000000000000000402256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.502970d811bd54452021-12-21 10:39:59.946root 11241100x8000000000000000402257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eccc55d3ace5e462021-12-21 10:39:59.946root 11241100x8000000000000000402258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe275231cfb47b42021-12-21 10:39:59.946root 11241100x8000000000000000402259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19571aaf84d449602021-12-21 10:39:59.946root 11241100x8000000000000000402260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dca523d12cc176d2021-12-21 10:39:59.946root 11241100x8000000000000000402261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.863b2d032974908b2021-12-21 10:39:59.946root 11241100x8000000000000000402262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1953d619a9835ec32021-12-21 10:39:59.946root 11241100x8000000000000000402263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fad43f43126a11d02021-12-21 10:39:59.947root 11241100x8000000000000000402264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7b16af17160ec92021-12-21 10:39:59.947root 11241100x8000000000000000402265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cfaaa25dbda5a8a2021-12-21 10:39:59.947root 11241100x8000000000000000402266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b3f44e12e7573c62021-12-21 10:39:59.947root 11241100x8000000000000000402267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9365533071f2e7132021-12-21 10:39:59.947root 11241100x8000000000000000402268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.337c176974a82e9f2021-12-21 10:39:59.948root 11241100x8000000000000000402269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a69f8be3257f32942021-12-21 10:39:59.948root 11241100x8000000000000000402270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.899565fea54f22b12021-12-21 10:39:59.948root 11241100x8000000000000000402271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77270f1b92971cb82021-12-21 10:39:59.948root 11241100x8000000000000000402272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e9f9d6d5642a6d2021-12-21 10:39:59.948root 11241100x8000000000000000402273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b0aafe934f8fd202021-12-21 10:39:59.948root 11241100x8000000000000000402274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e13e8409ab49892021-12-21 10:39:59.948root 11241100x8000000000000000402275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8644d266e041e9eb2021-12-21 10:39:59.948root 11241100x8000000000000000402276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa9f1d69b48f610c2021-12-21 10:39:59.948root 11241100x8000000000000000402277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0718d90a1251e9d72021-12-21 10:39:59.948root 11241100x8000000000000000402278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ead64cc4324583582021-12-21 10:39:59.949root 11241100x8000000000000000402279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc4bf43a97f5cc1e2021-12-21 10:39:59.949root 11241100x8000000000000000402280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7feffcf68d4f22c42021-12-21 10:39:59.949root 11241100x8000000000000000402281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00ac48ea634419dc2021-12-21 10:39:59.949root 11241100x8000000000000000402282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a45c82cd85210b12021-12-21 10:39:59.949root 11241100x8000000000000000402283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a309e0dec86a6f822021-12-21 10:39:59.949root 11241100x8000000000000000402284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f2be3dc53472812021-12-21 10:39:59.949root 11241100x8000000000000000402285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56cf298a18d2f5362021-12-21 10:39:59.949root 11241100x8000000000000000402286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c75512509e7f55e22021-12-21 10:39:59.949root 11241100x8000000000000000402287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb2f0bb89256cc112021-12-21 10:39:59.949root 11241100x8000000000000000402288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fae8c6dc099b8c792021-12-21 10:39:59.949root 11241100x8000000000000000402289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.157794a7de9704ee2021-12-21 10:39:59.949root 11241100x8000000000000000402290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f3f09eec43b21df2021-12-21 10:39:59.950root 11241100x8000000000000000402291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e0c968d12cd86192021-12-21 10:39:59.950root 11241100x8000000000000000402292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.077286cc7bc9a3d52021-12-21 10:39:59.950root 11241100x8000000000000000402293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e67681bcad8852b2021-12-21 10:39:59.951root 11241100x8000000000000000402294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f44d558efb6a894d2021-12-21 10:39:59.951root 11241100x8000000000000000402295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63d6f5ee023212652021-12-21 10:39:59.951root 11241100x8000000000000000402296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576d0285c0939e992021-12-21 10:39:59.951root 11241100x8000000000000000402297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1b74595e2c8d5c2021-12-21 10:39:59.951root 11241100x8000000000000000402298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1289631402d589c22021-12-21 10:39:59.951root 11241100x8000000000000000402299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59eb54bbf53e63ae2021-12-21 10:39:59.951root 11241100x8000000000000000402300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:39:59.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49454ee3aee651692021-12-21 10:39:59.951root 354300x8000000000000000402301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.016{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47426-false10.0.1.12-8000- 11241100x8000000000000000402302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b17eb696dfa2c942021-12-21 10:40:00.443root 11241100x8000000000000000402303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d8ef48bed797f7c2021-12-21 10:40:00.443root 11241100x8000000000000000402304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c3d6db6cd893292021-12-21 10:40:00.443root 11241100x8000000000000000402305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2c6619cf6ede5a2021-12-21 10:40:00.444root 11241100x8000000000000000402306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c3941c431892b3d2021-12-21 10:40:00.444root 11241100x8000000000000000402307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39bb5c79310361852021-12-21 10:40:00.444root 11241100x8000000000000000402308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f79ac3962094e15d2021-12-21 10:40:00.444root 11241100x8000000000000000402309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.961e7be35d55e0dd2021-12-21 10:40:00.445root 11241100x8000000000000000402310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc05d8c25a5474992021-12-21 10:40:00.445root 11241100x8000000000000000402311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c1ca6d1cf2450a2021-12-21 10:40:00.445root 11241100x8000000000000000402312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bb8c4eda7dfa07f2021-12-21 10:40:00.445root 11241100x8000000000000000402313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4df2281ca48f28e2021-12-21 10:40:00.446root 11241100x8000000000000000402314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.421dba09a1368a3c2021-12-21 10:40:00.446root 11241100x8000000000000000402315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b654148c641ebd902021-12-21 10:40:00.446root 11241100x8000000000000000402316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5452d3c96ccdc04a2021-12-21 10:40:00.446root 11241100x8000000000000000402317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f1965c9b67e6e32021-12-21 10:40:00.446root 11241100x8000000000000000402318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de02d3f144734c462021-12-21 10:40:00.446root 11241100x8000000000000000402319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61aaf9858fffd3392021-12-21 10:40:00.446root 11241100x8000000000000000402320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4029e99d165c339b2021-12-21 10:40:00.446root 11241100x8000000000000000402321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb7b4e7f06ced4f22021-12-21 10:40:00.446root 11241100x8000000000000000402322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c8ad50dfbcce872021-12-21 10:40:00.446root 11241100x8000000000000000402323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a356192e3e5ecd2021-12-21 10:40:00.446root 11241100x8000000000000000402324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d14f6e94aa621402021-12-21 10:40:00.446root 11241100x8000000000000000402325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e909c40281e7ebe32021-12-21 10:40:00.447root 11241100x8000000000000000402326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93fc5c222b35bb502021-12-21 10:40:00.447root 11241100x8000000000000000402327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e031e4dea5875612021-12-21 10:40:00.447root 11241100x8000000000000000402328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b37be526d267482021-12-21 10:40:00.447root 11241100x8000000000000000402329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3414529dad2078d42021-12-21 10:40:00.447root 11241100x8000000000000000402330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.797322040e64fe772021-12-21 10:40:00.447root 11241100x8000000000000000402331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65858778aaa1bdac2021-12-21 10:40:00.447root 11241100x8000000000000000402332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c946d3ec7b3d752021-12-21 10:40:00.447root 11241100x8000000000000000402333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752a39071b4c71652021-12-21 10:40:00.447root 11241100x8000000000000000402334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b65c9ea0b663752021-12-21 10:40:00.447root 11241100x8000000000000000402335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16cda82e3fd3c0af2021-12-21 10:40:00.447root 11241100x8000000000000000402336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7196c5234e22f0852021-12-21 10:40:00.447root 11241100x8000000000000000402337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05adf5eaae96ebb12021-12-21 10:40:00.447root 11241100x8000000000000000402338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.663b70ca8da535a42021-12-21 10:40:00.447root 11241100x8000000000000000402339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.affe1945cef3db562021-12-21 10:40:00.448root 11241100x8000000000000000402340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14cb65a7a0e24452021-12-21 10:40:00.448root 11241100x8000000000000000402341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195e629adbae7ac92021-12-21 10:40:00.448root 11241100x8000000000000000402342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0028c3753d05128a2021-12-21 10:40:00.448root 11241100x8000000000000000402343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe577fb100d79982021-12-21 10:40:00.448root 11241100x8000000000000000402344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e2a44445e567b72021-12-21 10:40:00.448root 11241100x8000000000000000402345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09273da4b88d5a3d2021-12-21 10:40:00.448root 11241100x8000000000000000402346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23da79f5e52241292021-12-21 10:40:00.448root 11241100x8000000000000000402347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3edca528c8c03c202021-12-21 10:40:00.448root 11241100x8000000000000000402348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df98e0d7206e95f42021-12-21 10:40:00.943root 11241100x8000000000000000402349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.208cd4962e980dd72021-12-21 10:40:00.943root 11241100x8000000000000000402350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afcc5cddb0bc3baa2021-12-21 10:40:00.943root 11241100x8000000000000000402351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33509fbfa7eff97b2021-12-21 10:40:00.943root 11241100x8000000000000000402352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b4aad5a0463add2021-12-21 10:40:00.943root 11241100x8000000000000000402353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5b640701e88f34a2021-12-21 10:40:00.943root 11241100x8000000000000000402354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83f62ef883d7f4572021-12-21 10:40:00.943root 11241100x8000000000000000402355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbffd838d5c619642021-12-21 10:40:00.944root 11241100x8000000000000000402356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc1d809afd1a7e3b2021-12-21 10:40:00.944root 11241100x8000000000000000402357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f83d434f143a4092021-12-21 10:40:00.944root 11241100x8000000000000000402358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.607cbdfa77294de82021-12-21 10:40:00.944root 11241100x8000000000000000402359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e6b7c12401fd8472021-12-21 10:40:00.944root 11241100x8000000000000000402360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d233d3e6c0113a662021-12-21 10:40:00.944root 11241100x8000000000000000402361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2148052dd6bf7492021-12-21 10:40:00.944root 11241100x8000000000000000402362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.598ca16e478d59b62021-12-21 10:40:00.944root 11241100x8000000000000000402363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc0daa4bbf8487542021-12-21 10:40:00.944root 11241100x8000000000000000402364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e734c73aff020002021-12-21 10:40:00.945root 11241100x8000000000000000402365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c41f7f0d5656c282021-12-21 10:40:00.945root 11241100x8000000000000000402366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49944edddaa60b8e2021-12-21 10:40:00.945root 11241100x8000000000000000402367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd85717c47f181e82021-12-21 10:40:00.945root 11241100x8000000000000000402368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.681ce1739f2453572021-12-21 10:40:00.945root 11241100x8000000000000000402369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8454ebc0ccd9e922021-12-21 10:40:00.945root 11241100x8000000000000000402370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d41c2e7fd075460b2021-12-21 10:40:00.945root 11241100x8000000000000000402371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ef03cab2bf412382021-12-21 10:40:00.945root 11241100x8000000000000000402372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d99723c8549a66952021-12-21 10:40:00.945root 11241100x8000000000000000402373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24adab36776ab0672021-12-21 10:40:00.945root 11241100x8000000000000000402374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489fcbc800d477112021-12-21 10:40:00.945root 11241100x8000000000000000402375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b324abb4bc71be092021-12-21 10:40:00.945root 11241100x8000000000000000402376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e60801ae5c6999a2021-12-21 10:40:00.946root 11241100x8000000000000000402377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b4faafe44fcf01c2021-12-21 10:40:00.946root 11241100x8000000000000000402378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1e266aecaeffe12021-12-21 10:40:00.946root 11241100x8000000000000000402379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.729b4882069e9a1e2021-12-21 10:40:00.946root 11241100x8000000000000000402380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523df3e9f671794c2021-12-21 10:40:00.946root 11241100x8000000000000000402381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b46c65be947f4e9d2021-12-21 10:40:00.946root 11241100x8000000000000000402382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55be06dc01f02e922021-12-21 10:40:00.946root 11241100x8000000000000000402383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c42c16945f5b932021-12-21 10:40:00.946root 11241100x8000000000000000402384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4188fd5463302f82021-12-21 10:40:00.947root 11241100x8000000000000000402385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.673e753a6edae9c62021-12-21 10:40:00.947root 11241100x8000000000000000402386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84072f5c101e65c82021-12-21 10:40:00.947root 11241100x8000000000000000402387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a9da0fe36723b072021-12-21 10:40:00.947root 11241100x8000000000000000402388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbbda81120fb1b392021-12-21 10:40:00.947root 11241100x8000000000000000402389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd1b2ef877ae0e972021-12-21 10:40:00.947root 11241100x8000000000000000402390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4408e0a79816bce82021-12-21 10:40:00.947root 11241100x8000000000000000402391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8216b92a6634b20a2021-12-21 10:40:00.947root 11241100x8000000000000000402392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1157a5f5c119c0fd2021-12-21 10:40:00.947root 11241100x8000000000000000402393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.606cd663a5541f162021-12-21 10:40:00.948root 11241100x8000000000000000402394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.443ba6522d36c3cf2021-12-21 10:40:00.948root 11241100x8000000000000000402395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a54d9755fdf40202021-12-21 10:40:00.948root 11241100x8000000000000000402396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea514a2e1ae90ca92021-12-21 10:40:00.948root 11241100x8000000000000000402397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a703fca3970fb5d92021-12-21 10:40:00.948root 11241100x8000000000000000402398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f9693e90f9920ac2021-12-21 10:40:00.948root 11241100x8000000000000000402399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e83150fe841cb3f2021-12-21 10:40:00.948root 11241100x8000000000000000402400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74507de426151aba2021-12-21 10:40:00.948root 11241100x8000000000000000402401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71997231863dcd4d2021-12-21 10:40:00.948root 11241100x8000000000000000402402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f494bc08012fce2021-12-21 10:40:00.948root 11241100x8000000000000000402403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24453fcbade489492021-12-21 10:40:00.949root 11241100x8000000000000000402404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:00.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5fcdd9572c4b3cb2021-12-21 10:40:00.949root 11241100x8000000000000000402405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe7f0466a9b6fc92021-12-21 10:40:01.443root 11241100x8000000000000000402406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16b8d20508e364ab2021-12-21 10:40:01.443root 11241100x8000000000000000402407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b94973d7bf4211b2021-12-21 10:40:01.443root 11241100x8000000000000000402408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c7445a9c07dcd1d2021-12-21 10:40:01.443root 11241100x8000000000000000402409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ec75dd04d19f122021-12-21 10:40:01.444root 11241100x8000000000000000402410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bdf9f4f50194bf62021-12-21 10:40:01.444root 11241100x8000000000000000402411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93047be1b405071e2021-12-21 10:40:01.444root 11241100x8000000000000000402412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bff3a246a96ed312021-12-21 10:40:01.444root 11241100x8000000000000000402413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e6aa79af46d6daf2021-12-21 10:40:01.444root 11241100x8000000000000000402414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd3ee3023ac96522021-12-21 10:40:01.444root 11241100x8000000000000000402415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67cdfed32b9f7da72021-12-21 10:40:01.444root 11241100x8000000000000000402416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52329dba2f8c39c52021-12-21 10:40:01.444root 11241100x8000000000000000402417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d268ee9fdc9d1c652021-12-21 10:40:01.444root 11241100x8000000000000000402418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d01ad486b8988c72021-12-21 10:40:01.444root 11241100x8000000000000000402419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2cdbf7f6f8910752021-12-21 10:40:01.444root 11241100x8000000000000000402420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37db076176e94182021-12-21 10:40:01.444root 11241100x8000000000000000402421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7020648eb2f1bb1d2021-12-21 10:40:01.444root 11241100x8000000000000000402422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31165f79853886692021-12-21 10:40:01.444root 11241100x8000000000000000402423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57fa0bd657d5ec262021-12-21 10:40:01.445root 11241100x8000000000000000402424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3bdf53777edaecd2021-12-21 10:40:01.445root 11241100x8000000000000000402425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.465d33cba3826b522021-12-21 10:40:01.445root 11241100x8000000000000000402426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0856c362bd23aa122021-12-21 10:40:01.445root 11241100x8000000000000000402427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04169b3fc78e4dce2021-12-21 10:40:01.445root 11241100x8000000000000000402428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4da140e7c4e5dd32021-12-21 10:40:01.445root 11241100x8000000000000000402429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1423ec38a296bad22021-12-21 10:40:01.445root 11241100x8000000000000000402430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ecafe01d9f1030c2021-12-21 10:40:01.445root 11241100x8000000000000000402431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c723f675e088776e2021-12-21 10:40:01.445root 11241100x8000000000000000402432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d7d7265a2832902021-12-21 10:40:01.445root 11241100x8000000000000000402433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc92a6f3f64db5ca2021-12-21 10:40:01.445root 11241100x8000000000000000402434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd947a47bd893222021-12-21 10:40:01.445root 11241100x8000000000000000402435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e7acf68221116ec2021-12-21 10:40:01.445root 11241100x8000000000000000402436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b738d206348e7fb2021-12-21 10:40:01.445root 11241100x8000000000000000402437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c67bc55e5f7977f2021-12-21 10:40:01.445root 11241100x8000000000000000402438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c9cb76646f3f5002021-12-21 10:40:01.445root 11241100x8000000000000000402439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4faf72c6523f6b412021-12-21 10:40:01.446root 11241100x8000000000000000402440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.716ab569ec30cf852021-12-21 10:40:01.446root 11241100x8000000000000000402441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8532d0b8753efa5e2021-12-21 10:40:01.446root 11241100x8000000000000000402442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a440bf01c8594982021-12-21 10:40:01.446root 11241100x8000000000000000402443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ae7d4a107ce9d72021-12-21 10:40:01.446root 11241100x8000000000000000402444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d30cda3d2b0962692021-12-21 10:40:01.446root 11241100x8000000000000000402445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6ffadcbc8ac3fb22021-12-21 10:40:01.446root 11241100x8000000000000000402446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4477f33917a761b02021-12-21 10:40:01.945root 11241100x8000000000000000402447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e9f8054dc780642021-12-21 10:40:01.945root 11241100x8000000000000000402448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.226d842ade48c4282021-12-21 10:40:01.945root 11241100x8000000000000000402449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f6cae290d6c527f2021-12-21 10:40:01.946root 11241100x8000000000000000402450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c03eb462a7172432021-12-21 10:40:01.946root 11241100x8000000000000000402451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f543a9b7c495e462021-12-21 10:40:01.946root 11241100x8000000000000000402452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81fe139bfa1441b62021-12-21 10:40:01.946root 11241100x8000000000000000402453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f2092cd694fd9262021-12-21 10:40:01.946root 11241100x8000000000000000402454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62627da67c5d38512021-12-21 10:40:01.946root 11241100x8000000000000000402455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6849db3e467cad2f2021-12-21 10:40:01.946root 11241100x8000000000000000402456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c7c507a9702c2162021-12-21 10:40:01.946root 11241100x8000000000000000402457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1b6af5a25d8a6e52021-12-21 10:40:01.946root 11241100x8000000000000000402458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7578dd3172310c82021-12-21 10:40:01.946root 11241100x8000000000000000402459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1747a59ce388203b2021-12-21 10:40:01.946root 11241100x8000000000000000402460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a8acab3df07605b2021-12-21 10:40:01.946root 11241100x8000000000000000402461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f2e82104c197e22021-12-21 10:40:01.946root 11241100x8000000000000000402462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6200a53161561dab2021-12-21 10:40:01.947root 11241100x8000000000000000402463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f60510468ca7ee882021-12-21 10:40:01.947root 11241100x8000000000000000402464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.553333412e43428e2021-12-21 10:40:01.947root 11241100x8000000000000000402465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c883af89f761e9742021-12-21 10:40:01.947root 11241100x8000000000000000402466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f467e2edc95d9c2021-12-21 10:40:01.947root 11241100x8000000000000000402467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b79667f1ee82002021-12-21 10:40:01.947root 11241100x8000000000000000402468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2753c6d7d15d22f42021-12-21 10:40:01.947root 11241100x8000000000000000402469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff84df7d6bd4655d2021-12-21 10:40:01.947root 11241100x8000000000000000402470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.305db08545ebb2c92021-12-21 10:40:01.947root 11241100x8000000000000000402471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85328074d50b980f2021-12-21 10:40:01.947root 11241100x8000000000000000402472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c62dae9d6914c612021-12-21 10:40:01.947root 11241100x8000000000000000402473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19bf0654e3aa4cfb2021-12-21 10:40:01.947root 11241100x8000000000000000402474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35506fd1410d66172021-12-21 10:40:01.947root 11241100x8000000000000000402475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d16480a669698fe2021-12-21 10:40:01.947root 11241100x8000000000000000402476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae631bf6b2504352021-12-21 10:40:01.947root 11241100x8000000000000000402477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5656a30217e23c5b2021-12-21 10:40:01.948root 11241100x8000000000000000402478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.568e180664ceecab2021-12-21 10:40:01.948root 11241100x8000000000000000402479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef0ec741c31956942021-12-21 10:40:01.948root 11241100x8000000000000000402480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.790e585c1a25ea252021-12-21 10:40:01.948root 11241100x8000000000000000402481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05fd0fcf95df87ff2021-12-21 10:40:01.948root 11241100x8000000000000000402482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e16eb3c3479616e2021-12-21 10:40:01.948root 11241100x8000000000000000402483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24f373c5675a5abe2021-12-21 10:40:01.948root 11241100x8000000000000000402484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a4dbbb509c74eee2021-12-21 10:40:01.948root 11241100x8000000000000000402485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6aba691aacde0292021-12-21 10:40:01.948root 11241100x8000000000000000402486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b32dc0446a45f6d2021-12-21 10:40:01.948root 11241100x8000000000000000402487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0c7448c6be119142021-12-21 10:40:01.948root 11241100x8000000000000000402488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d92f33cb7638d6942021-12-21 10:40:01.948root 11241100x8000000000000000402489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c19e88784b56f3e12021-12-21 10:40:01.948root 11241100x8000000000000000402490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed0e845ff58576792021-12-21 10:40:01.948root 11241100x8000000000000000402491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0761215b3f6bfce92021-12-21 10:40:01.948root 11241100x8000000000000000402492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b92cc581a087f62021-12-21 10:40:01.949root 11241100x8000000000000000402493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30127248875b66162021-12-21 10:40:01.949root 11241100x8000000000000000402494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cc8e313c5954e452021-12-21 10:40:01.949root 11241100x8000000000000000402495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78757399021999ff2021-12-21 10:40:01.949root 11241100x8000000000000000402496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.043d5ee393543e5a2021-12-21 10:40:01.949root 11241100x8000000000000000402497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9fd70d591145f02021-12-21 10:40:01.949root 11241100x8000000000000000402498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8625a5d241bfe2672021-12-21 10:40:01.949root 11241100x8000000000000000402499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfce7a69022adaf32021-12-21 10:40:01.949root 11241100x8000000000000000402500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1946a82eea0ef85f2021-12-21 10:40:01.949root 11241100x8000000000000000402501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.350f4039bc83a36d2021-12-21 10:40:01.949root 11241100x8000000000000000402502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.790b5d3b65fbec8f2021-12-21 10:40:01.949root 11241100x8000000000000000402503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.675f6468664e7d472021-12-21 10:40:01.950root 11241100x8000000000000000402504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11be11990f8807372021-12-21 10:40:01.950root 11241100x8000000000000000402505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.604e04a5848a17522021-12-21 10:40:01.950root 11241100x8000000000000000402506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fdb56139804d87e2021-12-21 10:40:01.950root 11241100x8000000000000000402507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a43fad3d35968bc62021-12-21 10:40:01.950root 11241100x8000000000000000402508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54969be33a9bf74c2021-12-21 10:40:01.950root 11241100x8000000000000000402509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2c11f0cf9fa8cf42021-12-21 10:40:01.950root 11241100x8000000000000000402510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bc21615d7b361392021-12-21 10:40:01.950root 11241100x8000000000000000402511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc4824b70e23e142021-12-21 10:40:01.950root 11241100x8000000000000000402512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e96ba18ffdce2712021-12-21 10:40:01.950root 11241100x8000000000000000402513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:01.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6371fb42fab07ebe2021-12-21 10:40:01.950root 11241100x8000000000000000402514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.391e113625e597b92021-12-21 10:40:02.443root 11241100x8000000000000000402515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f9172dd0b1a811c2021-12-21 10:40:02.443root 11241100x8000000000000000402516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f99d31e9d553f59c2021-12-21 10:40:02.443root 11241100x8000000000000000402517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c93414b74be11a52021-12-21 10:40:02.443root 11241100x8000000000000000402518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a43424265f2ee7842021-12-21 10:40:02.444root 11241100x8000000000000000402519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c48b436ac9e3692021-12-21 10:40:02.444root 11241100x8000000000000000402520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d44f96631a017c62021-12-21 10:40:02.444root 11241100x8000000000000000402521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f7e47e3871fe432021-12-21 10:40:02.444root 11241100x8000000000000000402522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e2084dbbd3029d2021-12-21 10:40:02.444root 11241100x8000000000000000402523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd204a12ec71ef8d2021-12-21 10:40:02.444root 11241100x8000000000000000402524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fb773f7f194658c2021-12-21 10:40:02.444root 11241100x8000000000000000402525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90bcc473258da2622021-12-21 10:40:02.444root 11241100x8000000000000000402526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f407c60565f865bb2021-12-21 10:40:02.444root 11241100x8000000000000000402527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62b2d10facdc1d282021-12-21 10:40:02.444root 11241100x8000000000000000402528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f8ff1ed5d74698e2021-12-21 10:40:02.444root 11241100x8000000000000000402529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea407cd77ec0d952021-12-21 10:40:02.444root 11241100x8000000000000000402530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de24c14c84b7a9d22021-12-21 10:40:02.444root 11241100x8000000000000000402531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9680e5a91c75a25f2021-12-21 10:40:02.444root 11241100x8000000000000000402532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a8d1615a662d052021-12-21 10:40:02.445root 11241100x8000000000000000402533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15129b9ebfbe08fa2021-12-21 10:40:02.445root 11241100x8000000000000000402534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea27799fb0d1663f2021-12-21 10:40:02.445root 11241100x8000000000000000402535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f80b604394e833b42021-12-21 10:40:02.445root 11241100x8000000000000000402536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce25dd4599830a3c2021-12-21 10:40:02.445root 11241100x8000000000000000402537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26750cf3c9bb5c092021-12-21 10:40:02.445root 11241100x8000000000000000402538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f1e305a1c7b5ed2021-12-21 10:40:02.445root 11241100x8000000000000000402539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15b04eb2f4c6aa702021-12-21 10:40:02.445root 11241100x8000000000000000402540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71495e8b98c15d612021-12-21 10:40:02.445root 11241100x8000000000000000402541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953988ab66582ca12021-12-21 10:40:02.445root 11241100x8000000000000000402542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6bb5ae3532a8332021-12-21 10:40:02.446root 11241100x8000000000000000402543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef862d5e2e3316d62021-12-21 10:40:02.446root 11241100x8000000000000000402544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d850e51b11aee312021-12-21 10:40:02.446root 11241100x8000000000000000402545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b092ebc2930969672021-12-21 10:40:02.446root 11241100x8000000000000000402546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f9088baf12320552021-12-21 10:40:02.446root 11241100x8000000000000000402547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5d4149d20012412021-12-21 10:40:02.446root 11241100x8000000000000000402548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5f6fc5948263132021-12-21 10:40:02.446root 11241100x8000000000000000402549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb66e484d1bb01b2021-12-21 10:40:02.446root 11241100x8000000000000000402550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d61da232fe07452021-12-21 10:40:02.446root 11241100x8000000000000000402551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce4b40a757ecad92021-12-21 10:40:02.446root 11241100x8000000000000000402552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1d4eb4b8dedc2772021-12-21 10:40:02.447root 11241100x8000000000000000402553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.257940aec29c755e2021-12-21 10:40:02.447root 11241100x8000000000000000402554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2043733aeba34d2a2021-12-21 10:40:02.447root 11241100x8000000000000000402555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36cbc7fd8a140952021-12-21 10:40:02.447root 11241100x8000000000000000402556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dbb8f7f9f951a392021-12-21 10:40:02.447root 11241100x8000000000000000402557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b088f30074154bb2021-12-21 10:40:02.943root 11241100x8000000000000000402558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2adc2698818ed6bd2021-12-21 10:40:02.943root 11241100x8000000000000000402559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b161c7786e5129822021-12-21 10:40:02.943root 11241100x8000000000000000402560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7783052070924f2021-12-21 10:40:02.944root 11241100x8000000000000000402561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb737d50a8823792021-12-21 10:40:02.944root 11241100x8000000000000000402562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1a7f6a5ee5d03072021-12-21 10:40:02.944root 11241100x8000000000000000402563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cabf4f5309c5b1422021-12-21 10:40:02.944root 11241100x8000000000000000402564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4e0de41b1184742021-12-21 10:40:02.944root 11241100x8000000000000000402565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f04861c7492a712021-12-21 10:40:02.944root 11241100x8000000000000000402566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebe817fd2863b6402021-12-21 10:40:02.944root 11241100x8000000000000000402567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f9ba1c106833062021-12-21 10:40:02.944root 11241100x8000000000000000402568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc94b0a7a6ead6d2021-12-21 10:40:02.944root 11241100x8000000000000000402569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c363d5c37f9feeb62021-12-21 10:40:02.944root 11241100x8000000000000000402570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f02feb39f884d772021-12-21 10:40:02.944root 11241100x8000000000000000402571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51eb88879f2399f02021-12-21 10:40:02.944root 11241100x8000000000000000402572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bf32e36f48332792021-12-21 10:40:02.944root 11241100x8000000000000000402573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f5c266f9161fece2021-12-21 10:40:02.944root 11241100x8000000000000000402574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f6d761041ddd9f2021-12-21 10:40:02.944root 11241100x8000000000000000402575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc5fef691c19a9b2021-12-21 10:40:02.945root 11241100x8000000000000000402576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1baaa68d3fdd11d2021-12-21 10:40:02.945root 11241100x8000000000000000402577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a3888b8bb75eed2021-12-21 10:40:02.945root 11241100x8000000000000000402578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aafefae5e7372212021-12-21 10:40:02.945root 11241100x8000000000000000402579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b1935b364e1578c2021-12-21 10:40:02.945root 11241100x8000000000000000402580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e4d163af13e3ff2021-12-21 10:40:02.945root 11241100x8000000000000000402581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fbc14bbe5f9632e2021-12-21 10:40:02.945root 11241100x8000000000000000402582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5578bb23251977d62021-12-21 10:40:02.945root 11241100x8000000000000000402583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae608ea233a7c382021-12-21 10:40:02.945root 11241100x8000000000000000402584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87926e4ca3ec165a2021-12-21 10:40:02.945root 11241100x8000000000000000402585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.107f0ddccd4a8c372021-12-21 10:40:02.945root 11241100x8000000000000000402586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8fc561d63ef88112021-12-21 10:40:02.945root 11241100x8000000000000000402587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d36f11fbc2d8f02021-12-21 10:40:02.945root 11241100x8000000000000000402588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84251cae1faefb552021-12-21 10:40:02.946root 11241100x8000000000000000402589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.353794e150f08faf2021-12-21 10:40:02.946root 11241100x8000000000000000402590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.395d4e715e0fd6a32021-12-21 10:40:02.946root 11241100x8000000000000000402591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.486f32c2712e2a222021-12-21 10:40:02.946root 11241100x8000000000000000402592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8cc0db5b6ff67b52021-12-21 10:40:02.946root 11241100x8000000000000000402593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f220209cd2fa43e52021-12-21 10:40:02.946root 11241100x8000000000000000402594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8201c6363d842402021-12-21 10:40:03.443root 11241100x8000000000000000402595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a979f8d2e24df4c22021-12-21 10:40:03.443root 11241100x8000000000000000402596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a7ee8e93444a6542021-12-21 10:40:03.443root 11241100x8000000000000000402597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b09cb530835fe092021-12-21 10:40:03.443root 11241100x8000000000000000402598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bdd6ff7371efe902021-12-21 10:40:03.443root 11241100x8000000000000000402599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d164b15ba9b9acf2021-12-21 10:40:03.443root 11241100x8000000000000000402600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4399e6f1b107fa4d2021-12-21 10:40:03.443root 11241100x8000000000000000402601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd9250bfd2c09f122021-12-21 10:40:03.443root 11241100x8000000000000000402602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b0d13feb2e51e7b2021-12-21 10:40:03.444root 11241100x8000000000000000402603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6080346f9bcf099e2021-12-21 10:40:03.444root 11241100x8000000000000000402604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f3e5a0cc7a69f52021-12-21 10:40:03.444root 11241100x8000000000000000402605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081875c5eb4d668a2021-12-21 10:40:03.444root 11241100x8000000000000000402606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99932dd10d03c7262021-12-21 10:40:03.444root 11241100x8000000000000000402607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177b1aded8a950b32021-12-21 10:40:03.444root 11241100x8000000000000000402608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d516898b771ba042021-12-21 10:40:03.444root 11241100x8000000000000000402609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e67681babd2e5c2021-12-21 10:40:03.444root 11241100x8000000000000000402610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38aa3efdf539b6b02021-12-21 10:40:03.444root 11241100x8000000000000000402611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d31d2dfa38db0a4e2021-12-21 10:40:03.445root 11241100x8000000000000000402612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3f10331bae4f3b2021-12-21 10:40:03.445root 11241100x8000000000000000402613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f26de5295d169e7c2021-12-21 10:40:03.445root 11241100x8000000000000000402614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14800d36095bb8552021-12-21 10:40:03.445root 11241100x8000000000000000402615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa9ef08f6fd949682021-12-21 10:40:03.445root 11241100x8000000000000000402616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a33ddff71c767532021-12-21 10:40:03.445root 11241100x8000000000000000402617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f0741a31e99d0872021-12-21 10:40:03.445root 11241100x8000000000000000402618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce55a473a22112422021-12-21 10:40:03.445root 11241100x8000000000000000402619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee2b5126607114b12021-12-21 10:40:03.445root 11241100x8000000000000000402620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c3804b8eaf8ae72021-12-21 10:40:03.445root 11241100x8000000000000000402621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695006d45e41c0302021-12-21 10:40:03.445root 11241100x8000000000000000402622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b13d2b6c7275472021-12-21 10:40:03.445root 11241100x8000000000000000402623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc746eab022cd3022021-12-21 10:40:03.445root 11241100x8000000000000000402624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f6978b4a25a2ad92021-12-21 10:40:03.445root 11241100x8000000000000000402625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f1edb51bce9891a2021-12-21 10:40:03.445root 11241100x8000000000000000402626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5248b82a9180b4a62021-12-21 10:40:03.445root 11241100x8000000000000000402627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf1e1aa5533d4fa2021-12-21 10:40:03.446root 11241100x8000000000000000402628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3dae010f087dafd2021-12-21 10:40:03.446root 11241100x8000000000000000402629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fab7ec5f0334541c2021-12-21 10:40:03.446root 11241100x8000000000000000402630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.754c2bd7f802beb62021-12-21 10:40:03.446root 11241100x8000000000000000402631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cd57f69cb3fa1612021-12-21 10:40:03.446root 11241100x8000000000000000402632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e2288bf8b1d6e4e2021-12-21 10:40:03.943root 11241100x8000000000000000402633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc9695d4423935b2021-12-21 10:40:03.943root 11241100x8000000000000000402634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d43b340d9cc0eca22021-12-21 10:40:03.943root 11241100x8000000000000000402635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc913f95e5a9fd8a2021-12-21 10:40:03.943root 11241100x8000000000000000402636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b9802c7aeb9f8682021-12-21 10:40:03.943root 11241100x8000000000000000402637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27deb89b5d4513812021-12-21 10:40:03.943root 11241100x8000000000000000402638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e988ad3a1f4fb22021-12-21 10:40:03.943root 11241100x8000000000000000402639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cdd430abfcbe0762021-12-21 10:40:03.943root 11241100x8000000000000000402640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef3fc8e1388dfcac2021-12-21 10:40:03.943root 11241100x8000000000000000402641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e4c931c67c8b6ce2021-12-21 10:40:03.943root 11241100x8000000000000000402642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0af7511ac0f5ab32021-12-21 10:40:03.944root 11241100x8000000000000000402643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d2f66e314a1b8f02021-12-21 10:40:03.944root 11241100x8000000000000000402644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e315d0620e160aa72021-12-21 10:40:03.944root 11241100x8000000000000000402645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02ddcdb97587a78a2021-12-21 10:40:03.944root 11241100x8000000000000000402646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a290a1e597f9a4992021-12-21 10:40:03.944root 11241100x8000000000000000402647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee12d17835067762021-12-21 10:40:03.944root 11241100x8000000000000000402648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ee609f9cc41d4f2021-12-21 10:40:03.944root 11241100x8000000000000000402649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c157a4e220bc4e722021-12-21 10:40:03.944root 11241100x8000000000000000402650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b89c4067d48aa1f62021-12-21 10:40:03.944root 11241100x8000000000000000402651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fc6128f81ff8f922021-12-21 10:40:03.944root 11241100x8000000000000000402652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d5bc89bfeba5032021-12-21 10:40:03.944root 11241100x8000000000000000402653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e36e811af169dad72021-12-21 10:40:03.944root 11241100x8000000000000000402654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f011c19bec64722021-12-21 10:40:03.945root 11241100x8000000000000000402655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72806374fe963a8a2021-12-21 10:40:03.945root 11241100x8000000000000000402656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f1c8ce35e166382021-12-21 10:40:03.945root 11241100x8000000000000000402657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a00cbef78aa4f2182021-12-21 10:40:03.945root 11241100x8000000000000000402658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73584cfe5316f1ff2021-12-21 10:40:03.945root 11241100x8000000000000000402659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a2fe6cacd5e95ed2021-12-21 10:40:03.945root 11241100x8000000000000000402660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d628e4483d4cd9a72021-12-21 10:40:03.945root 11241100x8000000000000000402661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf4a2877154f3df2021-12-21 10:40:03.945root 11241100x8000000000000000402662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b43932ee2fbace2e2021-12-21 10:40:03.945root 11241100x8000000000000000402663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7121ed8296d3634a2021-12-21 10:40:03.945root 11241100x8000000000000000402664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a538441e269e7b2021-12-21 10:40:03.945root 11241100x8000000000000000402665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f62e7d4e15ac4272021-12-21 10:40:03.945root 11241100x8000000000000000402666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.044fb4b5f40240052021-12-21 10:40:03.946root 11241100x8000000000000000402667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbdcb8c462c25d252021-12-21 10:40:03.946root 11241100x8000000000000000402668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f24de4f3bfe6d22021-12-21 10:40:03.946root 11241100x8000000000000000402669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5cce04782b6bae42021-12-21 10:40:03.947root 11241100x8000000000000000402670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89c12d2a2a913fd42021-12-21 10:40:04.443root 11241100x8000000000000000402671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a3ec30b302103a2021-12-21 10:40:04.443root 11241100x8000000000000000402672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f95772cdd3b37f452021-12-21 10:40:04.443root 11241100x8000000000000000402673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22144afa6f11e2c22021-12-21 10:40:04.444root 11241100x8000000000000000402674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1c86c06c93825b2021-12-21 10:40:04.444root 11241100x8000000000000000402675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9035209c8091bc822021-12-21 10:40:04.444root 11241100x8000000000000000402676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43057ab1f9faf0c52021-12-21 10:40:04.444root 11241100x8000000000000000402677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7edf95ef54a46802021-12-21 10:40:04.444root 11241100x8000000000000000402678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a77f3feca641242021-12-21 10:40:04.444root 11241100x8000000000000000402679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0704d97c9b51bdc42021-12-21 10:40:04.444root 11241100x8000000000000000402680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.806006891371844f2021-12-21 10:40:04.444root 11241100x8000000000000000402681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f62a8ec8806a8212021-12-21 10:40:04.444root 11241100x8000000000000000402682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e0ae671eeccd2c02021-12-21 10:40:04.444root 11241100x8000000000000000402683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced1e4a4b3590bf52021-12-21 10:40:04.444root 11241100x8000000000000000402684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881f3529bba7109f2021-12-21 10:40:04.444root 11241100x8000000000000000402685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c410c30942ac08ab2021-12-21 10:40:04.444root 11241100x8000000000000000402686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24537abac16fab4d2021-12-21 10:40:04.444root 11241100x8000000000000000402687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1926890af1d16bd62021-12-21 10:40:04.444root 11241100x8000000000000000402688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c55053dbee89c1892021-12-21 10:40:04.444root 11241100x8000000000000000402689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b3231e14b3539d2021-12-21 10:40:04.445root 11241100x8000000000000000402690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c87c71c80d98d2b02021-12-21 10:40:04.445root 11241100x8000000000000000402691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a1b220cf5d05da2021-12-21 10:40:04.445root 11241100x8000000000000000402692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dcfe42408edce4d2021-12-21 10:40:04.445root 11241100x8000000000000000402693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab5a015c94c042092021-12-21 10:40:04.445root 11241100x8000000000000000402694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4de6aad04bb6308d2021-12-21 10:40:04.445root 11241100x8000000000000000402695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7f01dd1633d45632021-12-21 10:40:04.445root 11241100x8000000000000000402696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4bbaf20fcf5a19c2021-12-21 10:40:04.445root 11241100x8000000000000000402697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a799a25da3dd59f62021-12-21 10:40:04.445root 11241100x8000000000000000402698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d647f459255f98b2021-12-21 10:40:04.445root 11241100x8000000000000000402699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b6508ae79e646252021-12-21 10:40:04.445root 11241100x8000000000000000402700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b495e1c156119d2021-12-21 10:40:04.445root 11241100x8000000000000000402701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f586bdaf3d0d862021-12-21 10:40:04.445root 11241100x8000000000000000402702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4576c0e3428e1ac2021-12-21 10:40:04.445root 11241100x8000000000000000402703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd2eee2c60dce6812021-12-21 10:40:04.445root 11241100x8000000000000000402704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f7afef9e5804fc2021-12-21 10:40:04.445root 11241100x8000000000000000402705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08cd6316648f50372021-12-21 10:40:04.446root 11241100x8000000000000000402706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e2bc78b49f1c1e02021-12-21 10:40:04.446root 11241100x8000000000000000402707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c4f7051e2a97c72021-12-21 10:40:04.446root 11241100x8000000000000000402708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0488537ab614a2742021-12-21 10:40:04.446root 11241100x8000000000000000402709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43d208f912072ce02021-12-21 10:40:04.446root 11241100x8000000000000000402710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07b269b8747d729a2021-12-21 10:40:04.446root 11241100x8000000000000000402711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0813d8868dd7ad4e2021-12-21 10:40:04.446root 11241100x8000000000000000402712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86afd954265efe9f2021-12-21 10:40:04.446root 11241100x8000000000000000402713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b04b07ba81cf2f2021-12-21 10:40:04.446root 11241100x8000000000000000402714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.169d1084dc1e45fe2021-12-21 10:40:04.446root 11241100x8000000000000000402715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dee26338dfb691c2021-12-21 10:40:04.447root 11241100x8000000000000000402716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.472bc3c99aceed242021-12-21 10:40:04.447root 11241100x8000000000000000402717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf37518024915bfd2021-12-21 10:40:04.943root 11241100x8000000000000000402718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7848418e0f7a452021-12-21 10:40:04.943root 11241100x8000000000000000402719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7772c62505d63792021-12-21 10:40:04.943root 11241100x8000000000000000402720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e58d047e97aa51712021-12-21 10:40:04.943root 11241100x8000000000000000402721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f2f3c11f6b6eb7b2021-12-21 10:40:04.943root 11241100x8000000000000000402722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec0250d89490e242021-12-21 10:40:04.944root 11241100x8000000000000000402723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe02190d96c81b812021-12-21 10:40:04.944root 11241100x8000000000000000402724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7064afcb2f7f92622021-12-21 10:40:04.944root 11241100x8000000000000000402725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a945975ed77cefd72021-12-21 10:40:04.944root 11241100x8000000000000000402726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bff7ac858ccd5dc2021-12-21 10:40:04.944root 11241100x8000000000000000402727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9808fa0acc19c462021-12-21 10:40:04.944root 11241100x8000000000000000402728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d0725c5288239c2021-12-21 10:40:04.944root 11241100x8000000000000000402729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f22c7ef71b2e08bc2021-12-21 10:40:04.944root 11241100x8000000000000000402730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa5077734dbc84412021-12-21 10:40:04.944root 11241100x8000000000000000402731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44804c8e72c22f782021-12-21 10:40:04.944root 11241100x8000000000000000402732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1220e94f0f303012021-12-21 10:40:04.944root 11241100x8000000000000000402733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f97202e62cd564d2021-12-21 10:40:04.944root 11241100x8000000000000000402734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f05730d0a2a6d12021-12-21 10:40:04.944root 11241100x8000000000000000402735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2239f9e0479f33f22021-12-21 10:40:04.944root 11241100x8000000000000000402736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b247efaf2263b32021-12-21 10:40:04.944root 11241100x8000000000000000402737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d03b975624f20d2021-12-21 10:40:04.944root 11241100x8000000000000000402738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9fe063f0c80ceda2021-12-21 10:40:04.945root 11241100x8000000000000000402739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97462aebfcbd48392021-12-21 10:40:04.945root 11241100x8000000000000000402740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b7b0d5b9d559fce2021-12-21 10:40:04.945root 11241100x8000000000000000402741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baeac2a5906415002021-12-21 10:40:04.945root 11241100x8000000000000000402742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d709b4b62885802021-12-21 10:40:04.945root 11241100x8000000000000000402743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.291be36012f30b3c2021-12-21 10:40:04.945root 11241100x8000000000000000402744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e978c8819397c522021-12-21 10:40:04.945root 11241100x8000000000000000402745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13e98e30a5f4d06d2021-12-21 10:40:04.945root 11241100x8000000000000000402746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1282beeac5297272021-12-21 10:40:04.945root 11241100x8000000000000000402747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc554d78998414d2021-12-21 10:40:04.945root 11241100x8000000000000000402748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c814f339388acdbe2021-12-21 10:40:04.945root 11241100x8000000000000000402749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c218cdb6e3ae1a382021-12-21 10:40:04.945root 11241100x8000000000000000402750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67677cf543eacdb62021-12-21 10:40:04.945root 11241100x8000000000000000402751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.930091c4d1acc5b12021-12-21 10:40:04.945root 11241100x8000000000000000402752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a98d46376f521cdd2021-12-21 10:40:04.945root 11241100x8000000000000000402753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f925c7fda577f2ac2021-12-21 10:40:04.945root 11241100x8000000000000000402754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc85cdf3ebeea4772021-12-21 10:40:04.946root 11241100x8000000000000000402755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e32ffbbeb870ba242021-12-21 10:40:04.946root 354300x8000000000000000402756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.191{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47428-false10.0.1.12-8000- 11241100x8000000000000000402757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.852be8635b727a7b2021-12-21 10:40:05.443root 11241100x8000000000000000402758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c2ea1b457600802021-12-21 10:40:05.443root 11241100x8000000000000000402759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.757a167bdf543c532021-12-21 10:40:05.444root 11241100x8000000000000000402760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f2f3e68980b6652021-12-21 10:40:05.444root 11241100x8000000000000000402761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f109a69a4986062021-12-21 10:40:05.444root 11241100x8000000000000000402762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da5c70618a05fb362021-12-21 10:40:05.444root 11241100x8000000000000000402763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb153500490c6eb2021-12-21 10:40:05.445root 11241100x8000000000000000402764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c8f0919e60e9d662021-12-21 10:40:05.445root 11241100x8000000000000000402765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4406f830a398e2462021-12-21 10:40:05.445root 11241100x8000000000000000402766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5319325ee3398fb2021-12-21 10:40:05.445root 11241100x8000000000000000402767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165f4fc679952c372021-12-21 10:40:05.445root 11241100x8000000000000000402768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7609db8dcc6325eb2021-12-21 10:40:05.445root 11241100x8000000000000000402769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c7af04e9ae3cf382021-12-21 10:40:05.445root 11241100x8000000000000000402770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a223438fd68a997a2021-12-21 10:40:05.445root 11241100x8000000000000000402771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfdd27db3c6c97342021-12-21 10:40:05.445root 11241100x8000000000000000402772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b6a942931ef7e92021-12-21 10:40:05.445root 11241100x8000000000000000402773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c16b5e4a4ea43f7f2021-12-21 10:40:05.445root 11241100x8000000000000000402774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edd00b348c1d15eb2021-12-21 10:40:05.445root 11241100x8000000000000000402775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a5b988bc4d53212021-12-21 10:40:05.445root 11241100x8000000000000000402776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.153c131f55434c8b2021-12-21 10:40:05.446root 11241100x8000000000000000402777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5793d68b7948fec92021-12-21 10:40:05.446root 11241100x8000000000000000402778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.010f527459570ab92021-12-21 10:40:05.446root 11241100x8000000000000000402779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cf17ba939a63ac52021-12-21 10:40:05.446root 11241100x8000000000000000402780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52c248e242926ea02021-12-21 10:40:05.446root 11241100x8000000000000000402781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28ce8b51e404ac9c2021-12-21 10:40:05.446root 11241100x8000000000000000402782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ec1faade94e08b2021-12-21 10:40:05.446root 11241100x8000000000000000402783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b3fd167922410f2021-12-21 10:40:05.446root 11241100x8000000000000000402784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f1e648ea35d6542021-12-21 10:40:05.446root 11241100x8000000000000000402785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670b6a22b60993082021-12-21 10:40:05.446root 11241100x8000000000000000402786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c3c42a3a269b652021-12-21 10:40:05.446root 11241100x8000000000000000402787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7be7978666692852021-12-21 10:40:05.446root 11241100x8000000000000000402788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab79e2790611c132021-12-21 10:40:05.446root 11241100x8000000000000000402789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.306ffd3b2dbda7cd2021-12-21 10:40:05.447root 11241100x8000000000000000402790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5f68ef0072d0f52021-12-21 10:40:05.447root 11241100x8000000000000000402791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.045e1a72ca0462a12021-12-21 10:40:05.447root 11241100x8000000000000000402792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3213119f5ecdf902021-12-21 10:40:05.447root 11241100x8000000000000000402793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63ebda004fc46b182021-12-21 10:40:05.447root 11241100x8000000000000000402794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e9d79b5dcadd0d2021-12-21 10:40:05.447root 11241100x8000000000000000402795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a52c8c36412ef33b2021-12-21 10:40:05.447root 11241100x8000000000000000402796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb26932aa373ad912021-12-21 10:40:05.447root 11241100x8000000000000000402797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378e2d5ad97c1d082021-12-21 10:40:05.447root 11241100x8000000000000000402798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a490704bda14402021-12-21 10:40:05.943root 11241100x8000000000000000402799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba6290b894fc8332021-12-21 10:40:05.943root 11241100x8000000000000000402800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde6205b7c8b26d42021-12-21 10:40:05.943root 11241100x8000000000000000402801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.238ee785c702bea32021-12-21 10:40:05.943root 11241100x8000000000000000402802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea2ee1f66867ffc2021-12-21 10:40:05.943root 11241100x8000000000000000402803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a603d6d37fd949e2021-12-21 10:40:05.943root 11241100x8000000000000000402804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35100840f0ec13db2021-12-21 10:40:05.943root 11241100x8000000000000000402805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c88df5ff7159922021-12-21 10:40:05.943root 11241100x8000000000000000402806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ba04f0e7f27511e2021-12-21 10:40:05.943root 11241100x8000000000000000402807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb3d74baa0b902cf2021-12-21 10:40:05.943root 11241100x8000000000000000402808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d411e660784d3622021-12-21 10:40:05.943root 11241100x8000000000000000402809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f8e84c5ce377f662021-12-21 10:40:05.944root 11241100x8000000000000000402810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7de37155a57feb12021-12-21 10:40:05.944root 11241100x8000000000000000402811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e6ead81b2d856ab2021-12-21 10:40:05.944root 11241100x8000000000000000402812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c4677cc651fae3c2021-12-21 10:40:05.944root 11241100x8000000000000000402813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46cda69830cf4b12021-12-21 10:40:05.944root 11241100x8000000000000000402814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55eacf15b943b3b32021-12-21 10:40:05.944root 11241100x8000000000000000402815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.268abe49a66ddbaf2021-12-21 10:40:05.944root 11241100x8000000000000000402816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3a9bc7bb32431922021-12-21 10:40:05.944root 11241100x8000000000000000402817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.478d858374c2ad6e2021-12-21 10:40:05.944root 11241100x8000000000000000402818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.494959ca9d61b30e2021-12-21 10:40:05.944root 11241100x8000000000000000402819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68cdc6aa668182112021-12-21 10:40:05.944root 11241100x8000000000000000402820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b79f45bf1244a6842021-12-21 10:40:05.944root 11241100x8000000000000000402821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6fe9a2b02fe123f2021-12-21 10:40:05.944root 11241100x8000000000000000402822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13046e496a16c2c92021-12-21 10:40:05.944root 11241100x8000000000000000402823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b2b345818429532021-12-21 10:40:05.944root 11241100x8000000000000000402824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa754b4f0426bf72021-12-21 10:40:05.944root 11241100x8000000000000000402825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7991d44975a573152021-12-21 10:40:05.945root 11241100x8000000000000000402826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41209dea163f95ee2021-12-21 10:40:05.945root 11241100x8000000000000000402827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.334fc5cdd43e299c2021-12-21 10:40:05.945root 11241100x8000000000000000402828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.632bd3f72838ec0a2021-12-21 10:40:05.945root 11241100x8000000000000000402829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da6c868dfd8d09be2021-12-21 10:40:05.945root 11241100x8000000000000000402830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd76b66731780ed2021-12-21 10:40:05.945root 11241100x8000000000000000402831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da0f62d4af532a7b2021-12-21 10:40:05.945root 11241100x8000000000000000402832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f78568f1b6bdfab62021-12-21 10:40:05.945root 11241100x8000000000000000402833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c342f4dc8042cff62021-12-21 10:40:05.945root 11241100x8000000000000000402834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.943847adb00a2f232021-12-21 10:40:05.945root 11241100x8000000000000000402835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84110630d9a5b6982021-12-21 10:40:05.945root 11241100x8000000000000000402836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d98c1429fb7f2a8d2021-12-21 10:40:05.945root 11241100x8000000000000000402837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c6c93c224927b6b2021-12-21 10:40:05.946root 11241100x8000000000000000402838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef002172974287912021-12-21 10:40:05.946root 11241100x8000000000000000402839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72fe64d48ca0590c2021-12-21 10:40:05.946root 11241100x8000000000000000402840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce9770737f37a77c2021-12-21 10:40:05.946root 11241100x8000000000000000402841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.345{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 10:40:06.345root 11241100x8000000000000000402842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3bc87083d85d4892021-12-21 10:40:06.346root 11241100x8000000000000000402843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc96cd29c51b03b52021-12-21 10:40:06.346root 11241100x8000000000000000402844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ed19f34829d7882021-12-21 10:40:06.346root 11241100x8000000000000000402845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b19177a4c963cce42021-12-21 10:40:06.346root 11241100x8000000000000000402846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e590b521af3a3f92021-12-21 10:40:06.346root 11241100x8000000000000000402847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.347{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf37f36b46230e8b2021-12-21 10:40:06.347root 11241100x8000000000000000402848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.347{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22099d8ae8bea4f92021-12-21 10:40:06.347root 11241100x8000000000000000402849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.347{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4379d7823ca21cc02021-12-21 10:40:06.347root 11241100x8000000000000000402850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.347{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e424b122a39b5f282021-12-21 10:40:06.347root 11241100x8000000000000000402851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.347{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b86c0993076b1e72021-12-21 10:40:06.347root 11241100x8000000000000000402852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.347{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.243f2b4cf351a2d62021-12-21 10:40:06.347root 11241100x8000000000000000402853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.347{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.971fbaa9bbc3c0122021-12-21 10:40:06.347root 11241100x8000000000000000402854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca149dac98962e822021-12-21 10:40:06.348root 11241100x8000000000000000402855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c6c59e37449d9b12021-12-21 10:40:06.348root 11241100x8000000000000000402856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bfe12bb9ac1cd122021-12-21 10:40:06.348root 11241100x8000000000000000402857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ee544248c75fbb62021-12-21 10:40:06.348root 11241100x8000000000000000402858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e966f306b3302a0d2021-12-21 10:40:06.348root 11241100x8000000000000000402859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a54a35727f02df2021-12-21 10:40:06.348root 11241100x8000000000000000402860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deb48ce23111444d2021-12-21 10:40:06.348root 11241100x8000000000000000402861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c64fcab9bc77758b2021-12-21 10:40:06.348root 11241100x8000000000000000402862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af8df7036fc424302021-12-21 10:40:06.348root 11241100x8000000000000000402863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11ce20dbeb79e0ec2021-12-21 10:40:06.348root 11241100x8000000000000000402864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7daa4a522cd538b2021-12-21 10:40:06.348root 11241100x8000000000000000402865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f1b072aec34cb42021-12-21 10:40:06.348root 11241100x8000000000000000402866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0717e19174f8882021-12-21 10:40:06.348root 11241100x8000000000000000402867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e5f7d031a4fc6c2021-12-21 10:40:06.348root 11241100x8000000000000000402868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6674cf9961bbaa62021-12-21 10:40:06.348root 11241100x8000000000000000402869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5fa9f41d2d8c7f62021-12-21 10:40:06.348root 11241100x8000000000000000402870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a20440648a5a09592021-12-21 10:40:06.349root 11241100x8000000000000000402871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d15f48dd96237d2021-12-21 10:40:06.349root 11241100x8000000000000000402872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.450a1faba0dbf95f2021-12-21 10:40:06.349root 11241100x8000000000000000402873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fda5fd2e3fdecc62021-12-21 10:40:06.349root 11241100x8000000000000000402874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a887ea3ac9c7a12021-12-21 10:40:06.349root 11241100x8000000000000000402875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c09b5e208ce8c1e2021-12-21 10:40:06.349root 11241100x8000000000000000402876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.328e1a2d87cf82012021-12-21 10:40:06.349root 11241100x8000000000000000402877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd5d382ddb3990942021-12-21 10:40:06.349root 11241100x8000000000000000402878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fdf6656a7bdacf42021-12-21 10:40:06.349root 11241100x8000000000000000402879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f6f0c4888a931a2021-12-21 10:40:06.349root 11241100x8000000000000000402880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.810f276a10a34c662021-12-21 10:40:06.349root 11241100x8000000000000000402881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed3fe6dbdd6988dc2021-12-21 10:40:06.349root 11241100x8000000000000000402882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d4b1c28203c97a72021-12-21 10:40:06.349root 11241100x8000000000000000402883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef42079ca7b1b602021-12-21 10:40:06.349root 11241100x8000000000000000402884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bd073aa2a8417842021-12-21 10:40:06.349root 11241100x8000000000000000402885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1dc87ab3cbd87892021-12-21 10:40:06.350root 11241100x8000000000000000402886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c015a3f628c6fc612021-12-21 10:40:06.350root 11241100x8000000000000000402887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5326bb0e3c2c5ed2021-12-21 10:40:06.351root 11241100x8000000000000000402888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ea291b57ef6f732021-12-21 10:40:06.693root 11241100x8000000000000000402889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a943d8007f923e2021-12-21 10:40:06.693root 11241100x8000000000000000402890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1fdc8d449b67c802021-12-21 10:40:06.693root 11241100x8000000000000000402891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0caa151882d5f622021-12-21 10:40:06.693root 11241100x8000000000000000402892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42594b1844a50b0e2021-12-21 10:40:06.693root 11241100x8000000000000000402893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb672f5275d14c182021-12-21 10:40:06.693root 11241100x8000000000000000402894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.475936e25a8814d22021-12-21 10:40:06.693root 11241100x8000000000000000402895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e65a4551ed624da2021-12-21 10:40:06.693root 11241100x8000000000000000402896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.436f3c27203e9c422021-12-21 10:40:06.694root 11241100x8000000000000000402897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99da35503c1363c12021-12-21 10:40:06.694root 11241100x8000000000000000402898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1a319583eebc5da2021-12-21 10:40:06.694root 11241100x8000000000000000402899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6ed8b8652d3e34c2021-12-21 10:40:06.694root 11241100x8000000000000000402900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ac69bb008a68792021-12-21 10:40:06.694root 11241100x8000000000000000402901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ec7af869a4723f2021-12-21 10:40:06.694root 11241100x8000000000000000402902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f098f5165b3fcc82021-12-21 10:40:06.694root 11241100x8000000000000000402903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6bb6a9ca01fb55d2021-12-21 10:40:06.694root 11241100x8000000000000000402904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd9d94afed8cb5682021-12-21 10:40:06.694root 11241100x8000000000000000402905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d6f8ef76956fdb2021-12-21 10:40:06.695root 11241100x8000000000000000402906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f001822b8385afc62021-12-21 10:40:06.695root 11241100x8000000000000000402907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64aa5a950e682f492021-12-21 10:40:06.695root 11241100x8000000000000000402908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.196db3382d31a0032021-12-21 10:40:06.695root 11241100x8000000000000000402909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f2564f877992ed72021-12-21 10:40:06.695root 11241100x8000000000000000402910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5756bfa68c068f2021-12-21 10:40:06.695root 11241100x8000000000000000402911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6176027ab43766b02021-12-21 10:40:06.695root 11241100x8000000000000000402912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bdd7b996b57a5c12021-12-21 10:40:06.695root 11241100x8000000000000000402913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69dadc7d7bda55d92021-12-21 10:40:06.695root 11241100x8000000000000000402914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36fb19f2e38ebe5e2021-12-21 10:40:06.696root 11241100x8000000000000000402915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c1f6a3cead4e4362021-12-21 10:40:06.696root 11241100x8000000000000000402916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fb1bc5f59072e202021-12-21 10:40:06.696root 11241100x8000000000000000402917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa960f8232953da2021-12-21 10:40:06.696root 11241100x8000000000000000402918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43cfa0c9f9cd18e52021-12-21 10:40:06.696root 11241100x8000000000000000402919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e70db7ce3be664e92021-12-21 10:40:06.696root 11241100x8000000000000000402920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8405be5fe3ef5d2b2021-12-21 10:40:06.696root 11241100x8000000000000000402921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d9b061b4150bf4e2021-12-21 10:40:06.696root 11241100x8000000000000000402922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb063cb2ee7bf4e22021-12-21 10:40:06.697root 11241100x8000000000000000402923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b755ab37b9967912021-12-21 10:40:06.697root 11241100x8000000000000000402924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdbfee3cf3b33ec22021-12-21 10:40:06.697root 11241100x8000000000000000402925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b30c096e3f15ab722021-12-21 10:40:06.697root 11241100x8000000000000000402926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88c1266eb69fe8b72021-12-21 10:40:06.697root 11241100x8000000000000000402927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea04c1f520a4da92021-12-21 10:40:07.193root 11241100x8000000000000000402928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99735a268a551b9f2021-12-21 10:40:07.194root 11241100x8000000000000000402929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f30ee8bac96b3b7f2021-12-21 10:40:07.194root 11241100x8000000000000000402930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab57353ebdf02b612021-12-21 10:40:07.194root 11241100x8000000000000000402931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3be4009b164d7a202021-12-21 10:40:07.194root 11241100x8000000000000000402932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f60be8ad1717fc62021-12-21 10:40:07.194root 11241100x8000000000000000402933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c88cbb7379e251332021-12-21 10:40:07.194root 11241100x8000000000000000402934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a672f4592bd4ee2021-12-21 10:40:07.194root 11241100x8000000000000000402935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a39f9fe32b637412021-12-21 10:40:07.194root 11241100x8000000000000000402936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f5df4214ce030742021-12-21 10:40:07.194root 11241100x8000000000000000402937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f56f66e3f283262021-12-21 10:40:07.194root 11241100x8000000000000000402938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4286f766d77d77282021-12-21 10:40:07.194root 11241100x8000000000000000402939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c45f9b8fd326408c2021-12-21 10:40:07.195root 11241100x8000000000000000402940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3603a9b1b2e4bac2021-12-21 10:40:07.195root 11241100x8000000000000000402941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53be71bfce355732021-12-21 10:40:07.195root 11241100x8000000000000000402942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46c881959d3f7b602021-12-21 10:40:07.195root 11241100x8000000000000000402943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44115270166c1e572021-12-21 10:40:07.195root 11241100x8000000000000000402944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18977cbe9734eaf62021-12-21 10:40:07.195root 11241100x8000000000000000402945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df9b4d3c3130b8a02021-12-21 10:40:07.195root 11241100x8000000000000000402946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9194576a6dc79beb2021-12-21 10:40:07.195root 11241100x8000000000000000402947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f435c0a88e563f2021-12-21 10:40:07.195root 11241100x8000000000000000402948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e41c0e58cee3c1d82021-12-21 10:40:07.195root 11241100x8000000000000000402949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2878facbb816048a2021-12-21 10:40:07.195root 11241100x8000000000000000402950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faa68ed2f55976eb2021-12-21 10:40:07.195root 11241100x8000000000000000402951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66106c8f5ca894982021-12-21 10:40:07.195root 11241100x8000000000000000402952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0157d0f42f463e252021-12-21 10:40:07.195root 11241100x8000000000000000402953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4223683891300a9a2021-12-21 10:40:07.195root 11241100x8000000000000000402954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adc134610aa81c4c2021-12-21 10:40:07.196root 11241100x8000000000000000402955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea367a81b8aac4e42021-12-21 10:40:07.196root 11241100x8000000000000000402956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128647da806849be2021-12-21 10:40:07.196root 11241100x8000000000000000402957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49182f279d02c53b2021-12-21 10:40:07.196root 11241100x8000000000000000402958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c13f6a19fac07f2021-12-21 10:40:07.196root 11241100x8000000000000000402959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e44be008685df42021-12-21 10:40:07.196root 11241100x8000000000000000402960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfeb263a923f064c2021-12-21 10:40:07.196root 11241100x8000000000000000402961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34808e8b1251eb072021-12-21 10:40:07.196root 11241100x8000000000000000402962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.710188dc93a4f0ad2021-12-21 10:40:07.196root 11241100x8000000000000000402963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d4455c196faf32e2021-12-21 10:40:07.196root 11241100x8000000000000000402964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89da39c5fb66173a2021-12-21 10:40:07.196root 11241100x8000000000000000402965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e191b6da5a49f3e42021-12-21 10:40:07.693root 11241100x8000000000000000402966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c0324b043d4e152021-12-21 10:40:07.693root 11241100x8000000000000000402967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.032585cf98cdeedf2021-12-21 10:40:07.694root 11241100x8000000000000000402968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0278576a801540f02021-12-21 10:40:07.694root 11241100x8000000000000000402969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f5a1b667cfff25c2021-12-21 10:40:07.694root 11241100x8000000000000000402970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b8385e72bbd0fd2021-12-21 10:40:07.694root 11241100x8000000000000000402971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e65eff01dba6282021-12-21 10:40:07.694root 11241100x8000000000000000402972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d42f30426b0d112021-12-21 10:40:07.694root 11241100x8000000000000000402973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e53c01e5c84fdad2021-12-21 10:40:07.694root 11241100x8000000000000000402974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d876f7e37e6a3d82021-12-21 10:40:07.694root 11241100x8000000000000000402975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7459061975d6c0f32021-12-21 10:40:07.694root 11241100x8000000000000000402976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82ec8638d5adebdf2021-12-21 10:40:07.694root 11241100x8000000000000000402977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f543b39f0bee0fc2021-12-21 10:40:07.694root 11241100x8000000000000000402978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02e4c0b1e8297ad12021-12-21 10:40:07.694root 11241100x8000000000000000402979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c07672ec9812df192021-12-21 10:40:07.694root 11241100x8000000000000000402980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dca3c5eb887a2082021-12-21 10:40:07.695root 11241100x8000000000000000402981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.359a47e70ce78f732021-12-21 10:40:07.695root 11241100x8000000000000000402982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d10908ff61d3782021-12-21 10:40:07.695root 11241100x8000000000000000402983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7490d921b9466202021-12-21 10:40:07.695root 11241100x8000000000000000402984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506e442afa66d0c12021-12-21 10:40:07.695root 11241100x8000000000000000402985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dc14ec07e91641d2021-12-21 10:40:07.695root 11241100x8000000000000000402986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3581c0245b4b9382021-12-21 10:40:07.695root 11241100x8000000000000000402987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4bfcaf6b96364f72021-12-21 10:40:07.695root 11241100x8000000000000000402988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa17a7a5c332649e2021-12-21 10:40:07.695root 11241100x8000000000000000402989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de7282597c3fb03e2021-12-21 10:40:07.695root 11241100x8000000000000000402990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b74ead1ded5d29f72021-12-21 10:40:07.695root 11241100x8000000000000000402991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd9efaaeeee96402021-12-21 10:40:07.695root 11241100x8000000000000000402992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0adec58a750246952021-12-21 10:40:07.695root 11241100x8000000000000000402993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ce50530fe02da82021-12-21 10:40:07.695root 11241100x8000000000000000402994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2635e45319d13a592021-12-21 10:40:07.696root 11241100x8000000000000000402995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1642621c5545a27e2021-12-21 10:40:07.696root 11241100x8000000000000000402996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.586c8ce584e213652021-12-21 10:40:07.696root 11241100x8000000000000000402997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.680962b2b7d139572021-12-21 10:40:07.696root 11241100x8000000000000000402998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bdc932cd817edcb2021-12-21 10:40:07.696root 11241100x8000000000000000402999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a831515bf2983f312021-12-21 10:40:07.696root 11241100x8000000000000000403000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d143b579f23336282021-12-21 10:40:07.696root 11241100x8000000000000000403001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7483895617c4a3042021-12-21 10:40:07.696root 11241100x8000000000000000403002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e32cef0d3bda262021-12-21 10:40:07.696root 11241100x8000000000000000403003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d497dc1b4a3a05f2021-12-21 10:40:08.193root 11241100x8000000000000000403004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b8f31864728ee6d2021-12-21 10:40:08.193root 11241100x8000000000000000403005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cb5153314c66a9a2021-12-21 10:40:08.193root 11241100x8000000000000000403006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b9d529b86bd71042021-12-21 10:40:08.193root 11241100x8000000000000000403007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfcb536c2db8cbce2021-12-21 10:40:08.193root 11241100x8000000000000000403008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49239852f93c83d92021-12-21 10:40:08.193root 11241100x8000000000000000403009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2c4cabdb91bb35d2021-12-21 10:40:08.193root 11241100x8000000000000000403010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99966a50de1da7102021-12-21 10:40:08.194root 11241100x8000000000000000403011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6100328a4a8fee372021-12-21 10:40:08.194root 11241100x8000000000000000403012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6308ec074fd5ba972021-12-21 10:40:08.194root 11241100x8000000000000000403013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f93370513549492021-12-21 10:40:08.194root 11241100x8000000000000000403014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.829d9734e987ae832021-12-21 10:40:08.194root 11241100x8000000000000000403015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e5f124439c7d0be2021-12-21 10:40:08.194root 11241100x8000000000000000403016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea632deb975cc9fd2021-12-21 10:40:08.194root 11241100x8000000000000000403017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b0ca97283e7a192021-12-21 10:40:08.194root 11241100x8000000000000000403018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dc5e93df3cd311d2021-12-21 10:40:08.194root 11241100x8000000000000000403019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af6216dfb3dbf002021-12-21 10:40:08.194root 11241100x8000000000000000403020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1851395145d4167c2021-12-21 10:40:08.194root 11241100x8000000000000000403021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97902ba0a02f2d6b2021-12-21 10:40:08.194root 11241100x8000000000000000403022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb5bbd3f9d378002021-12-21 10:40:08.194root 11241100x8000000000000000403023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d6c8f128cf112f12021-12-21 10:40:08.195root 11241100x8000000000000000403024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c76b109fae1a22572021-12-21 10:40:08.195root 11241100x8000000000000000403025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf2030e0cf36d5d2021-12-21 10:40:08.195root 11241100x8000000000000000403026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fc520bd7a164b682021-12-21 10:40:08.195root 11241100x8000000000000000403027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ecd72a3e385a8162021-12-21 10:40:08.195root 11241100x8000000000000000403028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44aeec2dbe86a0242021-12-21 10:40:08.195root 11241100x8000000000000000403029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e67fe225068078a2021-12-21 10:40:08.195root 11241100x8000000000000000403030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a01bdc7d646dfd0d2021-12-21 10:40:08.195root 11241100x8000000000000000403031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d79cd6a1e47543912021-12-21 10:40:08.195root 11241100x8000000000000000403032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3318e5db991cc1ff2021-12-21 10:40:08.195root 11241100x8000000000000000403033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df9f40bb347be742021-12-21 10:40:08.195root 11241100x8000000000000000403034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4ef34f38169a862021-12-21 10:40:08.195root 11241100x8000000000000000403035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af68da75189742382021-12-21 10:40:08.195root 11241100x8000000000000000403036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff2dbcfb6b133fc2021-12-21 10:40:08.196root 11241100x8000000000000000403037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be2c9683ed77c09a2021-12-21 10:40:08.196root 11241100x8000000000000000403038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d68e0a9d977878622021-12-21 10:40:08.196root 11241100x8000000000000000403039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c73b2223c6d619c2021-12-21 10:40:08.196root 11241100x8000000000000000403040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8646369462ac08122021-12-21 10:40:08.196root 11241100x8000000000000000403041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0194dfcf8d62eff2021-12-21 10:40:08.196root 11241100x8000000000000000403042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b902c5eaaed7b89c2021-12-21 10:40:08.693root 11241100x8000000000000000403043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a5c4241d44fe022021-12-21 10:40:08.693root 11241100x8000000000000000403044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b246ac27daee47152021-12-21 10:40:08.694root 11241100x8000000000000000403045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f8e119be6d5d102021-12-21 10:40:08.694root 11241100x8000000000000000403046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1cd1558f716b24d2021-12-21 10:40:08.694root 11241100x8000000000000000403047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8266fb7b68bde552021-12-21 10:40:08.694root 11241100x8000000000000000403048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a493160aaf70d7d2021-12-21 10:40:08.694root 11241100x8000000000000000403049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54cdd71875abbdd42021-12-21 10:40:08.694root 11241100x8000000000000000403050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5de9f4ffd9897972021-12-21 10:40:08.694root 11241100x8000000000000000403051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.577a4b9b5ef348772021-12-21 10:40:08.694root 11241100x8000000000000000403052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0197834d798d7fa2021-12-21 10:40:08.694root 11241100x8000000000000000403053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ee08f56fc076052021-12-21 10:40:08.694root 11241100x8000000000000000403054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e373fdb9f4445ca72021-12-21 10:40:08.694root 11241100x8000000000000000403055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d7c2a2774f8ea92021-12-21 10:40:08.694root 11241100x8000000000000000403056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d8568d1fd4032732021-12-21 10:40:08.694root 11241100x8000000000000000403057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6895378f98b722502021-12-21 10:40:08.694root 11241100x8000000000000000403058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92b25f6fdec4b2a82021-12-21 10:40:08.694root 11241100x8000000000000000403059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8162fee1cb07ef4a2021-12-21 10:40:08.695root 11241100x8000000000000000403060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27696129d4fc3a0c2021-12-21 10:40:08.695root 11241100x8000000000000000403061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e29fe241ae1feee52021-12-21 10:40:08.695root 11241100x8000000000000000403062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3260ef370d70df92021-12-21 10:40:08.695root 11241100x8000000000000000403063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.995000bdbce983422021-12-21 10:40:08.695root 11241100x8000000000000000403064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f5fde783a44a7ea2021-12-21 10:40:08.695root 11241100x8000000000000000403065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd47c4a7fee6f5c2021-12-21 10:40:08.695root 11241100x8000000000000000403066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1121389c9c8914f62021-12-21 10:40:08.695root 11241100x8000000000000000403067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ede9c7658286de2021-12-21 10:40:08.695root 11241100x8000000000000000403068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a987633afd328f0c2021-12-21 10:40:08.695root 11241100x8000000000000000403069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce08d182ec8640032021-12-21 10:40:08.695root 11241100x8000000000000000403070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.696acdd963f424952021-12-21 10:40:08.695root 11241100x8000000000000000403071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0194b000be73e81b2021-12-21 10:40:08.695root 11241100x8000000000000000403072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3861dc841cbfb0dd2021-12-21 10:40:08.696root 11241100x8000000000000000403073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a91d2197f971ad972021-12-21 10:40:08.696root 11241100x8000000000000000403074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.093a13913507aeec2021-12-21 10:40:08.696root 11241100x8000000000000000403075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c4979ed82b45fa2021-12-21 10:40:08.696root 11241100x8000000000000000403076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c87e1d2ad7cb459f2021-12-21 10:40:08.696root 11241100x8000000000000000403077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f332d30a6b3d4bb62021-12-21 10:40:08.696root 11241100x8000000000000000403078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b842676f0467312021-12-21 10:40:08.696root 11241100x8000000000000000403079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4a984dd2cf7e362021-12-21 10:40:08.696root 23542300x8000000000000000403080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.186{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000403081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b4471b8210d24872021-12-21 10:40:09.187root 11241100x8000000000000000403082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae3b5b561a2daa472021-12-21 10:40:09.187root 11241100x8000000000000000403083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a50775347ca7c7622021-12-21 10:40:09.187root 11241100x8000000000000000403084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef7b42f764a83c1e2021-12-21 10:40:09.187root 11241100x8000000000000000403085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de7938b7821da7e2021-12-21 10:40:09.187root 11241100x8000000000000000403086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb99722587a560142021-12-21 10:40:09.187root 11241100x8000000000000000403087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14693098b743da152021-12-21 10:40:09.187root 11241100x8000000000000000403088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b4d3818f4186282021-12-21 10:40:09.187root 11241100x8000000000000000403089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdfba69b73e84ca32021-12-21 10:40:09.187root 11241100x8000000000000000403090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.660dc4be55770f4b2021-12-21 10:40:09.187root 11241100x8000000000000000403091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.188{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ece6f43dc3c72d9d2021-12-21 10:40:09.188root 11241100x8000000000000000403092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.188{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07b17f82868057df2021-12-21 10:40:09.188root 11241100x8000000000000000403093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.188{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06fc61a571a42b2b2021-12-21 10:40:09.188root 11241100x8000000000000000403094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.188{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.596d530c5dd33c812021-12-21 10:40:09.188root 11241100x8000000000000000403095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.188{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370440b9c5d650162021-12-21 10:40:09.188root 11241100x8000000000000000403096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.188{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d56a2bf382fd392021-12-21 10:40:09.188root 11241100x8000000000000000403097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.188{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8bc5d7bf0513ccf2021-12-21 10:40:09.188root 11241100x8000000000000000403098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.188{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aeebbe4f9294d302021-12-21 10:40:09.188root 11241100x8000000000000000403099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.188{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.152d8d34249a06e92021-12-21 10:40:09.188root 11241100x8000000000000000403100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.188{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb12da7507fa1caf2021-12-21 10:40:09.188root 11241100x8000000000000000403101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.188{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e22a9873e527d3142021-12-21 10:40:09.188root 11241100x8000000000000000403102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.188{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb415a9f3bc8fcd2021-12-21 10:40:09.188root 11241100x8000000000000000403103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.188{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e944a65ff31be372021-12-21 10:40:09.188root 11241100x8000000000000000403104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.188{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62c2f7af7f1babf42021-12-21 10:40:09.188root 11241100x8000000000000000403105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.188{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d40ee01e0f470c2021-12-21 10:40:09.188root 11241100x8000000000000000403106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.188{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6857dda94359643f2021-12-21 10:40:09.188root 11241100x8000000000000000403107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.189{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eaecc3adf10097f2021-12-21 10:40:09.189root 11241100x8000000000000000403108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.189{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dec55b1451079522021-12-21 10:40:09.189root 11241100x8000000000000000403109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.189{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2892e070c7ab110d2021-12-21 10:40:09.189root 11241100x8000000000000000403110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.189{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85502df108fa310c2021-12-21 10:40:09.189root 11241100x8000000000000000403111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.189{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.113c92bdbd7831af2021-12-21 10:40:09.189root 11241100x8000000000000000403112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.189{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0dafc399c36dabe2021-12-21 10:40:09.189root 11241100x8000000000000000403113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.189{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.776d9ef9494cdeeb2021-12-21 10:40:09.189root 11241100x8000000000000000403114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.189{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11bdd48c361218c62021-12-21 10:40:09.189root 11241100x8000000000000000403115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.189{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fb225c0a259284e2021-12-21 10:40:09.189root 11241100x8000000000000000403116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.189{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8085b1101f3c426a2021-12-21 10:40:09.189root 11241100x8000000000000000403117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.189{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560fc1846f9fd5fe2021-12-21 10:40:09.189root 11241100x8000000000000000403118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.189{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9077dcffe23b86d2021-12-21 10:40:09.189root 11241100x8000000000000000403119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.189{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc1169113ca5ecc92021-12-21 10:40:09.189root 11241100x8000000000000000403120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.189{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e859e8beb18dc42021-12-21 10:40:09.189root 11241100x8000000000000000403121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.190{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e7f6b4b3eeb1d702021-12-21 10:40:09.190root 11241100x8000000000000000403122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.190{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3150e6ba97fda82b2021-12-21 10:40:09.190root 11241100x8000000000000000403123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.190{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d66953f46da452392021-12-21 10:40:09.190root 11241100x8000000000000000403124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.190{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10b1f3ec8daebd12021-12-21 10:40:09.190root 11241100x8000000000000000403125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.190{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dca6d39031610bac2021-12-21 10:40:09.190root 11241100x8000000000000000403126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.190{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.369762d069a365e92021-12-21 10:40:09.190root 11241100x8000000000000000403127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.190{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0c5d01d2434ae8f2021-12-21 10:40:09.190root 11241100x8000000000000000403128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.190{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c7d79ce501cecc72021-12-21 10:40:09.190root 11241100x8000000000000000403129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.190{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee993a10100ca5b2021-12-21 10:40:09.190root 11241100x8000000000000000403130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.190{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7559bc34ea24c82a2021-12-21 10:40:09.190root 11241100x8000000000000000403131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.190{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9887b45a2764adbb2021-12-21 10:40:09.190root 11241100x8000000000000000403132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.190{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0ce08d88e62c9fa2021-12-21 10:40:09.190root 11241100x8000000000000000403133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.190{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74dc4afa3179f2192021-12-21 10:40:09.190root 11241100x8000000000000000403134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.190{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6468f7788e4bdd6c2021-12-21 10:40:09.190root 11241100x8000000000000000403135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.190{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f55eeb87e4fa002021-12-21 10:40:09.190root 11241100x8000000000000000403136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.191{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f7724ecdde143472021-12-21 10:40:09.191root 11241100x8000000000000000403137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.191{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8393e581b31ac6c62021-12-21 10:40:09.191root 11241100x8000000000000000403138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.191{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a948e483cff06f6e2021-12-21 10:40:09.191root 11241100x8000000000000000403139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.191{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.540efeaf7d4912ef2021-12-21 10:40:09.191root 11241100x8000000000000000403140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.191{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4adba5ee34acdc112021-12-21 10:40:09.191root 11241100x8000000000000000403141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.191{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f680771ade493ff2021-12-21 10:40:09.191root 11241100x8000000000000000403142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.191{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44de040f5088eb152021-12-21 10:40:09.191root 11241100x8000000000000000403143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.191{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd5d0ac8abfa5382021-12-21 10:40:09.191root 11241100x8000000000000000403144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc59865003e8eba92021-12-21 10:40:09.192root 11241100x8000000000000000403145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb8ef0ab6e0cf1f2021-12-21 10:40:09.192root 11241100x8000000000000000403146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c212e8793ba5677d2021-12-21 10:40:09.192root 11241100x8000000000000000403147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c303243ab9aaed52021-12-21 10:40:09.443root 11241100x8000000000000000403148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4dd8cc3c5687eae2021-12-21 10:40:09.443root 11241100x8000000000000000403149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335ab89fdb8521902021-12-21 10:40:09.443root 11241100x8000000000000000403150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2907cf24aa3e6fb2021-12-21 10:40:09.443root 11241100x8000000000000000403151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.482bdea4a2c7f3fa2021-12-21 10:40:09.444root 11241100x8000000000000000403152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a27d692d40460162021-12-21 10:40:09.444root 11241100x8000000000000000403153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5cf44784da2caa32021-12-21 10:40:09.444root 11241100x8000000000000000403154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21cd573056b8d4522021-12-21 10:40:09.444root 11241100x8000000000000000403155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb77ba9dacb8ebfb2021-12-21 10:40:09.445root 11241100x8000000000000000403156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a4342bf42127dde2021-12-21 10:40:09.445root 11241100x8000000000000000403157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cfd5463f2f5723a2021-12-21 10:40:09.445root 11241100x8000000000000000403158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2089cfef1f9709302021-12-21 10:40:09.445root 11241100x8000000000000000403159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9441a596ddbc1b172021-12-21 10:40:09.445root 11241100x8000000000000000403160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6950445280fbad2a2021-12-21 10:40:09.445root 11241100x8000000000000000403161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f1fac4cc38d3c22021-12-21 10:40:09.445root 11241100x8000000000000000403162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a8531cf3fc15762021-12-21 10:40:09.445root 11241100x8000000000000000403163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6224f40c7bdaba52021-12-21 10:40:09.446root 11241100x8000000000000000403164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a57d927b942a02b2021-12-21 10:40:09.446root 11241100x8000000000000000403165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb97a894f94038a32021-12-21 10:40:09.446root 11241100x8000000000000000403166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3407c10c54ef33462021-12-21 10:40:09.446root 11241100x8000000000000000403167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad8ce8ff9f428e492021-12-21 10:40:09.446root 11241100x8000000000000000403168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e8b61d27d9879e2021-12-21 10:40:09.446root 11241100x8000000000000000403169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b127d98e8cde232021-12-21 10:40:09.447root 11241100x8000000000000000403170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.738441f84acc93472021-12-21 10:40:09.447root 11241100x8000000000000000403171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45678855b25504432021-12-21 10:40:09.447root 11241100x8000000000000000403172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0992bf2bd78a06812021-12-21 10:40:09.447root 11241100x8000000000000000403173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6472c15125202852021-12-21 10:40:09.447root 11241100x8000000000000000403174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b824eb8a9f9fbb2021-12-21 10:40:09.447root 11241100x8000000000000000403175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b9abcfd4c2be0002021-12-21 10:40:09.447root 11241100x8000000000000000403176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.340ed5255d2062ee2021-12-21 10:40:09.448root 11241100x8000000000000000403177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5424397322b6b102021-12-21 10:40:09.448root 11241100x8000000000000000403178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e14f72a98d5c1a2021-12-21 10:40:09.448root 11241100x8000000000000000403179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f529ff73d96a01da2021-12-21 10:40:09.448root 11241100x8000000000000000403180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17dabdbc920756b02021-12-21 10:40:09.448root 11241100x8000000000000000403181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b2645768e6c7842021-12-21 10:40:09.449root 11241100x8000000000000000403182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4557af38d8e96f612021-12-21 10:40:09.451root 11241100x8000000000000000403183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bd653c6621ecf0c2021-12-21 10:40:09.451root 11241100x8000000000000000403184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f41aea1364b485552021-12-21 10:40:09.452root 11241100x8000000000000000403185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c7f1995389ba0f2021-12-21 10:40:09.452root 11241100x8000000000000000403186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4342c73bd3a095082021-12-21 10:40:09.452root 11241100x8000000000000000403187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7e5c9ae0e0676d2021-12-21 10:40:09.452root 11241100x8000000000000000403188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adfa0ba93edcc42e2021-12-21 10:40:09.452root 11241100x8000000000000000403189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f2afba8acd5aa322021-12-21 10:40:09.453root 11241100x8000000000000000403190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ece3109a485b9a12021-12-21 10:40:09.453root 11241100x8000000000000000403191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e40e958631a6942021-12-21 10:40:09.453root 11241100x8000000000000000403192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.730a9c0f8410a0cb2021-12-21 10:40:09.943root 11241100x8000000000000000403193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2deb79c84cbc72cd2021-12-21 10:40:09.943root 11241100x8000000000000000403194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f31afed83781172021-12-21 10:40:09.943root 11241100x8000000000000000403195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da61f358033cb3482021-12-21 10:40:09.943root 11241100x8000000000000000403196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a27b3102d79a5182021-12-21 10:40:09.944root 11241100x8000000000000000403197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a5f342206fcba92021-12-21 10:40:09.944root 11241100x8000000000000000403198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba2f3f077388033a2021-12-21 10:40:09.944root 11241100x8000000000000000403199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81959f96f1a841412021-12-21 10:40:09.944root 11241100x8000000000000000403200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca8a7af2323662c2021-12-21 10:40:09.944root 11241100x8000000000000000403201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad0440aa662d48542021-12-21 10:40:09.944root 11241100x8000000000000000403202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbfe05e3bd5f38cb2021-12-21 10:40:09.944root 11241100x8000000000000000403203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00afe59df99ee8d82021-12-21 10:40:09.944root 11241100x8000000000000000403204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60c9413fad24bc352021-12-21 10:40:09.944root 11241100x8000000000000000403205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f14e78bebf4137622021-12-21 10:40:09.944root 11241100x8000000000000000403206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b8b79889cc278782021-12-21 10:40:09.944root 11241100x8000000000000000403207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4439b8ee8adcdb772021-12-21 10:40:09.944root 11241100x8000000000000000403208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.648263a5df6aaa542021-12-21 10:40:09.944root 11241100x8000000000000000403209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3960e61fa6cccb3f2021-12-21 10:40:09.944root 11241100x8000000000000000403210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e47b7fef53d781e42021-12-21 10:40:09.944root 11241100x8000000000000000403211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c896f7717d12512021-12-21 10:40:09.945root 11241100x8000000000000000403212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59b25860aa63eea12021-12-21 10:40:09.945root 11241100x8000000000000000403213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a20abefe6033f7ab2021-12-21 10:40:09.945root 11241100x8000000000000000403214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c738081f3be137f2021-12-21 10:40:09.945root 11241100x8000000000000000403215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cbbfbeab975576f2021-12-21 10:40:09.945root 11241100x8000000000000000403216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf7e2d5157781312021-12-21 10:40:09.945root 11241100x8000000000000000403217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce0790654f102a1f2021-12-21 10:40:09.945root 11241100x8000000000000000403218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d70e2a3e5245a0912021-12-21 10:40:09.945root 11241100x8000000000000000403219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d6800dc5274dbc2021-12-21 10:40:09.945root 11241100x8000000000000000403220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ebb14381fe3db932021-12-21 10:40:09.945root 11241100x8000000000000000403221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d708aa8d1e8e37222021-12-21 10:40:09.946root 11241100x8000000000000000403222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d4bb936512ea172021-12-21 10:40:09.946root 11241100x8000000000000000403223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b2fa4c09bfd88d72021-12-21 10:40:09.946root 11241100x8000000000000000403224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af2d11780ba9b5d02021-12-21 10:40:09.946root 11241100x8000000000000000403225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80151a8850f374622021-12-21 10:40:09.946root 11241100x8000000000000000403226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e37cd5a5a179f3f62021-12-21 10:40:09.946root 11241100x8000000000000000403227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94879b0bafb7f5ec2021-12-21 10:40:09.946root 11241100x8000000000000000403228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f303872d3a6fd82d2021-12-21 10:40:09.946root 11241100x8000000000000000403229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1acbe1a1d4b0c90b2021-12-21 10:40:09.946root 11241100x8000000000000000403230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0ebf6d1a1f5988f2021-12-21 10:40:09.946root 11241100x8000000000000000403231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:09.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a06ff1ac62d0b482021-12-21 10:40:09.946root 11241100x8000000000000000403232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a574ca9e2f17bdac2021-12-21 10:40:10.443root 11241100x8000000000000000403233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c484858ea011d4982021-12-21 10:40:10.443root 11241100x8000000000000000403234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1dffc5cf966f5d32021-12-21 10:40:10.443root 11241100x8000000000000000403235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c045fa4201ea0a322021-12-21 10:40:10.443root 11241100x8000000000000000403236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df50eec34f283a462021-12-21 10:40:10.444root 11241100x8000000000000000403237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd1bee828d7ebf292021-12-21 10:40:10.444root 11241100x8000000000000000403238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ab37e1eeae73442021-12-21 10:40:10.444root 11241100x8000000000000000403239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d420253f83c323b2021-12-21 10:40:10.444root 11241100x8000000000000000403240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a05b537b8703acb2021-12-21 10:40:10.444root 11241100x8000000000000000403241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e79506bc7c76bc2021-12-21 10:40:10.444root 11241100x8000000000000000403242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63e14e985683caab2021-12-21 10:40:10.444root 11241100x8000000000000000403243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa318ac097ba26b2021-12-21 10:40:10.444root 11241100x8000000000000000403244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b30a06a85ef27e22021-12-21 10:40:10.444root 11241100x8000000000000000403245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.620a25dd9b58f6fc2021-12-21 10:40:10.444root 11241100x8000000000000000403246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dfc5dc90fd3061a2021-12-21 10:40:10.444root 11241100x8000000000000000403247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec0e10ab7fccb0052021-12-21 10:40:10.444root 11241100x8000000000000000403248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d3904a5c13f9092021-12-21 10:40:10.444root 11241100x8000000000000000403249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d0b4ffd3c015f672021-12-21 10:40:10.444root 11241100x8000000000000000403250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ca96821f23049d2021-12-21 10:40:10.444root 11241100x8000000000000000403251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc3a83554c434772021-12-21 10:40:10.444root 11241100x8000000000000000403252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed873611852325152021-12-21 10:40:10.445root 11241100x8000000000000000403253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a645648210efe4732021-12-21 10:40:10.445root 11241100x8000000000000000403254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9261a26a91ea26162021-12-21 10:40:10.445root 11241100x8000000000000000403255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a260e89578fb0c2021-12-21 10:40:10.445root 11241100x8000000000000000403256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfb4ddb1f1c72f392021-12-21 10:40:10.445root 11241100x8000000000000000403257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd42a4780f529072021-12-21 10:40:10.445root 11241100x8000000000000000403258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f3851dd0b6568012021-12-21 10:40:10.445root 11241100x8000000000000000403259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15dda8fce9d58db42021-12-21 10:40:10.445root 11241100x8000000000000000403260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d326fd1fafd9fc672021-12-21 10:40:10.445root 11241100x8000000000000000403261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64161255b65381d42021-12-21 10:40:10.445root 11241100x8000000000000000403262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae4c71fe264812b2021-12-21 10:40:10.445root 11241100x8000000000000000403263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bd7e23d71abe14c2021-12-21 10:40:10.445root 11241100x8000000000000000403264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d278f9cb66653952021-12-21 10:40:10.445root 11241100x8000000000000000403265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0da7a69cb62ec302021-12-21 10:40:10.445root 11241100x8000000000000000403266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a39518276a6225192021-12-21 10:40:10.445root 11241100x8000000000000000403267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43816ca3eccbbf732021-12-21 10:40:10.445root 11241100x8000000000000000403268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04d91b9baae04d6e2021-12-21 10:40:10.446root 11241100x8000000000000000403269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.396e38722d15bfaf2021-12-21 10:40:10.446root 11241100x8000000000000000403270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5409e76fe19f842021-12-21 10:40:10.446root 11241100x8000000000000000403271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39c242fc2f3d9bc52021-12-21 10:40:10.446root 11241100x8000000000000000403272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6123760ea6b219342021-12-21 10:40:10.446root 11241100x8000000000000000403273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f64fe1552ff9ea2021-12-21 10:40:10.942root 11241100x8000000000000000403274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5846354758239e752021-12-21 10:40:10.943root 11241100x8000000000000000403275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e63293af059202312021-12-21 10:40:10.943root 11241100x8000000000000000403276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.920091b8f957dcf92021-12-21 10:40:10.943root 11241100x8000000000000000403277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9f6bd566f31e382021-12-21 10:40:10.943root 11241100x8000000000000000403278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8a8409e885aff62021-12-21 10:40:10.944root 11241100x8000000000000000403279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54fe824952631adf2021-12-21 10:40:10.944root 11241100x8000000000000000403280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b548e223e7b3cb22021-12-21 10:40:10.944root 11241100x8000000000000000403281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f6e8963bd96cd4f2021-12-21 10:40:10.944root 11241100x8000000000000000403282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.332c40666c22227d2021-12-21 10:40:10.944root 11241100x8000000000000000403283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14248c87c541bca2021-12-21 10:40:10.944root 11241100x8000000000000000403284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.673df789b70cf73b2021-12-21 10:40:10.944root 11241100x8000000000000000403285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.271fed568723983c2021-12-21 10:40:10.944root 11241100x8000000000000000403286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.258e25468c72afdf2021-12-21 10:40:10.944root 11241100x8000000000000000403287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57cfab1de60ecc7a2021-12-21 10:40:10.944root 11241100x8000000000000000403288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b80d512e6ab9a6b12021-12-21 10:40:10.944root 11241100x8000000000000000403289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4347f48fba2621b52021-12-21 10:40:10.944root 11241100x8000000000000000403290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb4e2f69c6f7a00e2021-12-21 10:40:10.945root 11241100x8000000000000000403291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d011ea8d0ba3a00e2021-12-21 10:40:10.945root 11241100x8000000000000000403292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0646d06fa0bb3ba32021-12-21 10:40:10.945root 11241100x8000000000000000403293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40605c6cd3d750c52021-12-21 10:40:10.945root 11241100x8000000000000000403294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a1ab81512310e7a2021-12-21 10:40:10.945root 11241100x8000000000000000403295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.734a670c4bc3d3342021-12-21 10:40:10.946root 11241100x8000000000000000403296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d36374006f913f92021-12-21 10:40:10.946root 11241100x8000000000000000403297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc2d4a7ef71b6c2c2021-12-21 10:40:10.946root 11241100x8000000000000000403298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6c31cf4cfdd54ed2021-12-21 10:40:10.946root 11241100x8000000000000000403299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caed649c8b38d5a62021-12-21 10:40:10.946root 11241100x8000000000000000403300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3feb3e18a5bac77e2021-12-21 10:40:10.946root 11241100x8000000000000000403301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8b5d32f02c5a0d82021-12-21 10:40:10.946root 11241100x8000000000000000403302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31b84584895aa0b32021-12-21 10:40:10.946root 11241100x8000000000000000403303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b7f4f2d0c3aa1b02021-12-21 10:40:10.946root 11241100x8000000000000000403304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c86a448435ed78092021-12-21 10:40:10.946root 11241100x8000000000000000403305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c370b5320503cf372021-12-21 10:40:10.946root 11241100x8000000000000000403306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14873a639e2546cf2021-12-21 10:40:10.946root 11241100x8000000000000000403307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77fe24b7a8cabd662021-12-21 10:40:10.946root 11241100x8000000000000000403308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b250a3ec49a8ec2021-12-21 10:40:10.947root 11241100x8000000000000000403309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15b006cd59964a752021-12-21 10:40:10.947root 11241100x8000000000000000403310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e73b53074aa8702b2021-12-21 10:40:10.947root 11241100x8000000000000000403311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f935df633de55a652021-12-21 10:40:10.947root 11241100x8000000000000000403312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.310c656a2c7780192021-12-21 10:40:10.947root 11241100x8000000000000000403313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2f5923598409b402021-12-21 10:40:10.948root 11241100x8000000000000000403314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69df6f08dfed34e72021-12-21 10:40:10.948root 11241100x8000000000000000403315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e4261e4e73ba1d2021-12-21 10:40:10.948root 11241100x8000000000000000403316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74c48f0b5966dce22021-12-21 10:40:10.948root 11241100x8000000000000000403317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:10.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76925120e50f54eb2021-12-21 10:40:10.948root 354300x8000000000000000403318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.068{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47430-false10.0.1.12-8000- 11241100x8000000000000000403319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d6e22d42f858fb2021-12-21 10:40:11.443root 11241100x8000000000000000403320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76621ea42bf57a7f2021-12-21 10:40:11.443root 11241100x8000000000000000403321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.291840f66417cb102021-12-21 10:40:11.444root 11241100x8000000000000000403322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eef60af6e86a5be2021-12-21 10:40:11.444root 11241100x8000000000000000403323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d6adc8a2760460b2021-12-21 10:40:11.444root 11241100x8000000000000000403324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.024ece7e4fe986822021-12-21 10:40:11.444root 11241100x8000000000000000403325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d239a1b8ab5b8092021-12-21 10:40:11.444root 11241100x8000000000000000403326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b9040dc3f20589f2021-12-21 10:40:11.444root 11241100x8000000000000000403327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ba340cf433d0d732021-12-21 10:40:11.445root 11241100x8000000000000000403328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507d4adc7c184c732021-12-21 10:40:11.445root 11241100x8000000000000000403329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d5301580d5446d42021-12-21 10:40:11.445root 11241100x8000000000000000403330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99f0bf29c7763382021-12-21 10:40:11.445root 11241100x8000000000000000403331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df6473591f50c4762021-12-21 10:40:11.445root 11241100x8000000000000000403332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85571788a71b57aa2021-12-21 10:40:11.445root 11241100x8000000000000000403333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da60673358777652021-12-21 10:40:11.445root 11241100x8000000000000000403334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c606ef50e6652a0f2021-12-21 10:40:11.445root 11241100x8000000000000000403335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dcdc5559ace0e8b2021-12-21 10:40:11.446root 11241100x8000000000000000403336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d9a6c4d1edd34852021-12-21 10:40:11.446root 11241100x8000000000000000403337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf3dff956fabf4d2021-12-21 10:40:11.446root 11241100x8000000000000000403338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.563edd5cea1985832021-12-21 10:40:11.446root 11241100x8000000000000000403339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b504a0b13721d12021-12-21 10:40:11.446root 11241100x8000000000000000403340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71e6f8ae1758e3782021-12-21 10:40:11.446root 11241100x8000000000000000403341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c77c0bfd63a4af2021-12-21 10:40:11.446root 11241100x8000000000000000403342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576157b604b4b1fa2021-12-21 10:40:11.447root 11241100x8000000000000000403343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.193214c964cce47b2021-12-21 10:40:11.447root 11241100x8000000000000000403344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5983e45b4fa694b2021-12-21 10:40:11.447root 11241100x8000000000000000403345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6234146ffcb00c2021-12-21 10:40:11.447root 11241100x8000000000000000403346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1291829c041ff742021-12-21 10:40:11.447root 11241100x8000000000000000403347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8467f7ac7b48fc42021-12-21 10:40:11.447root 11241100x8000000000000000403348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bf999b2b27db4f12021-12-21 10:40:11.447root 11241100x8000000000000000403349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b188f9d2b8f46fa2021-12-21 10:40:11.448root 11241100x8000000000000000403350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.643560cd36fff7172021-12-21 10:40:11.448root 11241100x8000000000000000403351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a01bb7c347df8abf2021-12-21 10:40:11.448root 11241100x8000000000000000403352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f05ca1b19d23d8252021-12-21 10:40:11.448root 11241100x8000000000000000403353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5bde39d38ba236e2021-12-21 10:40:11.448root 11241100x8000000000000000403354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb672529d6f735652021-12-21 10:40:11.448root 11241100x8000000000000000403355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10265b36ea1316e82021-12-21 10:40:11.448root 11241100x8000000000000000403356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb07909e3a1bb20a2021-12-21 10:40:11.448root 11241100x8000000000000000403357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91094b3ed2365ca62021-12-21 10:40:11.448root 11241100x8000000000000000403358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.568c00cff647814f2021-12-21 10:40:11.449root 11241100x8000000000000000403359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d8eef5cd0fb27742021-12-21 10:40:11.449root 11241100x8000000000000000403360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd89e6b90a567a8c2021-12-21 10:40:11.449root 11241100x8000000000000000403361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22b74f94449f60f22021-12-21 10:40:11.449root 11241100x8000000000000000403362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da61050b21943d412021-12-21 10:40:11.449root 11241100x8000000000000000403363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f211db1991e879c72021-12-21 10:40:11.449root 11241100x8000000000000000403364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9200d660a76c261c2021-12-21 10:40:11.943root 11241100x8000000000000000403365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c097b1647e66b572021-12-21 10:40:11.943root 11241100x8000000000000000403366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41232b5803665cf12021-12-21 10:40:11.943root 11241100x8000000000000000403367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99f158376536f472021-12-21 10:40:11.943root 11241100x8000000000000000403368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac572a0d5bf8ff592021-12-21 10:40:11.943root 11241100x8000000000000000403369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a248557059bcfeb22021-12-21 10:40:11.943root 11241100x8000000000000000403370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d285399314bf0962021-12-21 10:40:11.943root 11241100x8000000000000000403371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f51c30325ef5736a2021-12-21 10:40:11.944root 11241100x8000000000000000403372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.714eab2f0917f63a2021-12-21 10:40:11.944root 11241100x8000000000000000403373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b213702ae4df29552021-12-21 10:40:11.944root 11241100x8000000000000000403374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2891f81d4f9c412d2021-12-21 10:40:11.944root 11241100x8000000000000000403375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e486ed56c08d70a2021-12-21 10:40:11.944root 11241100x8000000000000000403376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.923daeff6f8a11ca2021-12-21 10:40:11.944root 11241100x8000000000000000403377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b92d84ca3ec85a5e2021-12-21 10:40:11.944root 11241100x8000000000000000403378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b046c304b934302021-12-21 10:40:11.944root 11241100x8000000000000000403379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fdee1ae2793a9e02021-12-21 10:40:11.944root 11241100x8000000000000000403380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb5d76d3228914a2021-12-21 10:40:11.944root 11241100x8000000000000000403381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1276ff35d0733bc82021-12-21 10:40:11.944root 11241100x8000000000000000403382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c927e51a55ac6e42021-12-21 10:40:11.944root 11241100x8000000000000000403383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6db4466dfadfe312021-12-21 10:40:11.945root 11241100x8000000000000000403384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.082d7c4e5d76e17c2021-12-21 10:40:11.945root 11241100x8000000000000000403385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb3188d96c0d69132021-12-21 10:40:11.945root 11241100x8000000000000000403386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d60e9fad0e8710142021-12-21 10:40:11.945root 11241100x8000000000000000403387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b7d10a6d4f3e5482021-12-21 10:40:11.945root 11241100x8000000000000000403388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a9ac1e1d08b28d2021-12-21 10:40:11.945root 11241100x8000000000000000403389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef205745bb9c02ff2021-12-21 10:40:11.945root 11241100x8000000000000000403390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4607d00fac8c112021-12-21 10:40:11.945root 11241100x8000000000000000403391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.880de626886717462021-12-21 10:40:11.945root 11241100x8000000000000000403392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93bbd9d212e98e392021-12-21 10:40:11.945root 11241100x8000000000000000403393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38c969879e7c2a262021-12-21 10:40:11.945root 11241100x8000000000000000403394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104c6f43a1cdaabf2021-12-21 10:40:11.945root 11241100x8000000000000000403395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0441ddcb105905ba2021-12-21 10:40:11.945root 11241100x8000000000000000403396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990773d9765384fb2021-12-21 10:40:11.945root 11241100x8000000000000000403397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.044fb9cd37cfc45b2021-12-21 10:40:11.945root 11241100x8000000000000000403398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b47da25520ea822021-12-21 10:40:11.946root 11241100x8000000000000000403399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8585d48582e5c0bf2021-12-21 10:40:11.946root 11241100x8000000000000000403400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e59fca689e49e3df2021-12-21 10:40:11.946root 11241100x8000000000000000403401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a1096dd536479f52021-12-21 10:40:11.946root 11241100x8000000000000000403402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a5a4503f5185c02021-12-21 10:40:11.946root 11241100x8000000000000000403403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be582cf2d832cb772021-12-21 10:40:11.946root 11241100x8000000000000000403404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a265711a38f58e6b2021-12-21 10:40:11.946root 11241100x8000000000000000403405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d6ac0c5100d3c32021-12-21 10:40:12.443root 11241100x8000000000000000403406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c70647be07a8957f2021-12-21 10:40:12.443root 11241100x8000000000000000403407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f783468ff526f0f2021-12-21 10:40:12.443root 11241100x8000000000000000403408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6bd8513571c1fe22021-12-21 10:40:12.443root 11241100x8000000000000000403409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c08414ee5b75312021-12-21 10:40:12.443root 11241100x8000000000000000403410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd759567cb05727c2021-12-21 10:40:12.443root 11241100x8000000000000000403411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f75a9d0277e85ff2021-12-21 10:40:12.443root 11241100x8000000000000000403412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.255412f5508ba2162021-12-21 10:40:12.443root 11241100x8000000000000000403413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e0cbc95f27fae82021-12-21 10:40:12.444root 11241100x8000000000000000403414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aa16162b2991d462021-12-21 10:40:12.444root 11241100x8000000000000000403415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee37e40f3ec05582021-12-21 10:40:12.444root 11241100x8000000000000000403416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9788103b9c9822972021-12-21 10:40:12.444root 11241100x8000000000000000403417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87bdeab80282bcb82021-12-21 10:40:12.444root 11241100x8000000000000000403418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0545f4b44d763b02021-12-21 10:40:12.444root 11241100x8000000000000000403419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee5da47c45041822021-12-21 10:40:12.444root 11241100x8000000000000000403420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8c942b92a1887172021-12-21 10:40:12.444root 11241100x8000000000000000403421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0d7631ac4a703f2021-12-21 10:40:12.444root 11241100x8000000000000000403422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04f4dfac22455f462021-12-21 10:40:12.444root 11241100x8000000000000000403423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7000355a52e614e12021-12-21 10:40:12.444root 11241100x8000000000000000403424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ea3b63035f1bd62021-12-21 10:40:12.445root 11241100x8000000000000000403425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a6bd04150df00c22021-12-21 10:40:12.445root 11241100x8000000000000000403426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e43e2d4f4f6a8452021-12-21 10:40:12.445root 11241100x8000000000000000403427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05c2dfa8bfc4c1872021-12-21 10:40:12.445root 11241100x8000000000000000403428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f195e54af2a2642021-12-21 10:40:12.445root 11241100x8000000000000000403429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d68fe0c9af7f96f02021-12-21 10:40:12.445root 11241100x8000000000000000403430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91fd76f4b5f41b612021-12-21 10:40:12.445root 11241100x8000000000000000403431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e85de0480951e32021-12-21 10:40:12.445root 11241100x8000000000000000403432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.badcc6f4eff7762c2021-12-21 10:40:12.445root 11241100x8000000000000000403433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27ca3dbce641890f2021-12-21 10:40:12.445root 11241100x8000000000000000403434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.912905cd280072592021-12-21 10:40:12.445root 11241100x8000000000000000403435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81f30bda5e47aea12021-12-21 10:40:12.445root 11241100x8000000000000000403436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf4bc576d0cbad52021-12-21 10:40:12.445root 11241100x8000000000000000403437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.754bd943ce31e8772021-12-21 10:40:12.446root 11241100x8000000000000000403438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd7b628e15c3b3052021-12-21 10:40:12.446root 11241100x8000000000000000403439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.831f58fea50aace32021-12-21 10:40:12.446root 11241100x8000000000000000403440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f76bfdffe8e6892021-12-21 10:40:12.446root 11241100x8000000000000000403441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c1b607846f16c22021-12-21 10:40:12.446root 11241100x8000000000000000403442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.294ad55218ddad462021-12-21 10:40:12.446root 11241100x8000000000000000403443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d176d1227ab563b52021-12-21 10:40:12.446root 11241100x8000000000000000403444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d90693b5f6fe822021-12-21 10:40:12.446root 11241100x8000000000000000403445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d81645ecdac7212021-12-21 10:40:12.446root 11241100x8000000000000000403446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ada7806d30b93a2021-12-21 10:40:12.446root 11241100x8000000000000000403447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6850883eaf99198c2021-12-21 10:40:12.446root 11241100x8000000000000000403448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba454f7b6f68be4a2021-12-21 10:40:12.446root 11241100x8000000000000000403449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63884e8be169dfc42021-12-21 10:40:12.446root 11241100x8000000000000000403450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752eb64248af0b602021-12-21 10:40:12.446root 11241100x8000000000000000403451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ab33a4d12c154c82021-12-21 10:40:12.446root 11241100x8000000000000000403452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88910c1043baa4962021-12-21 10:40:12.446root 11241100x8000000000000000403453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcd78c19097304d42021-12-21 10:40:12.943root 11241100x8000000000000000403454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eaf3261f6c59d302021-12-21 10:40:12.943root 11241100x8000000000000000403455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.539d5d003c7386ca2021-12-21 10:40:12.943root 11241100x8000000000000000403456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.298608048f1c8e452021-12-21 10:40:12.943root 11241100x8000000000000000403457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc8d410ea7b06bdd2021-12-21 10:40:12.944root 11241100x8000000000000000403458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01f09f97e0dbf9842021-12-21 10:40:12.944root 11241100x8000000000000000403459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aebc34e552a43c7c2021-12-21 10:40:12.944root 11241100x8000000000000000403460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aa0c77dd8ad4f482021-12-21 10:40:12.944root 11241100x8000000000000000403461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.447afc96c37e56612021-12-21 10:40:12.944root 11241100x8000000000000000403462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a7818d083adf4d2021-12-21 10:40:12.944root 11241100x8000000000000000403463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13295d10cf856eb42021-12-21 10:40:12.944root 11241100x8000000000000000403464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.892c9e1c96ca62f52021-12-21 10:40:12.944root 11241100x8000000000000000403465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e73d35db022de72021-12-21 10:40:12.944root 11241100x8000000000000000403466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ae49ac19f55fb6e2021-12-21 10:40:12.944root 11241100x8000000000000000403467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91bbc775ebd1ca692021-12-21 10:40:12.944root 11241100x8000000000000000403468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc1844e2f0738082021-12-21 10:40:12.944root 11241100x8000000000000000403469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ab517941e541ff2021-12-21 10:40:12.944root 11241100x8000000000000000403470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d6ff8c10620b2252021-12-21 10:40:12.944root 11241100x8000000000000000403471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d837fd823d50c8e2021-12-21 10:40:12.944root 11241100x8000000000000000403472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d3b56dd30e894162021-12-21 10:40:12.944root 11241100x8000000000000000403473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d323d0d0929b902021-12-21 10:40:12.944root 11241100x8000000000000000403474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d744e34a425a46792021-12-21 10:40:12.945root 11241100x8000000000000000403475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.152f3999f85328f52021-12-21 10:40:12.945root 11241100x8000000000000000403476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e18a382423b7e7f2021-12-21 10:40:12.945root 11241100x8000000000000000403477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b44f51d1787f892021-12-21 10:40:12.945root 11241100x8000000000000000403478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c05635b466b7da12021-12-21 10:40:12.945root 11241100x8000000000000000403479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3461f2b12a1f47542021-12-21 10:40:12.945root 11241100x8000000000000000403480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca8a372b0ec5ee2a2021-12-21 10:40:12.945root 11241100x8000000000000000403481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c20781ae6da5243c2021-12-21 10:40:12.945root 11241100x8000000000000000403482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.809515c7d17cdd372021-12-21 10:40:12.945root 11241100x8000000000000000403483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67851367f12c05702021-12-21 10:40:12.945root 11241100x8000000000000000403484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6262be42138c1b912021-12-21 10:40:12.945root 11241100x8000000000000000403485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf25874cf1376a72021-12-21 10:40:12.945root 11241100x8000000000000000403486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f375e87d8b92bcda2021-12-21 10:40:12.945root 11241100x8000000000000000403487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d49fbbc442c9fec2021-12-21 10:40:12.945root 11241100x8000000000000000403488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e0d08e1a0ac2d702021-12-21 10:40:12.945root 11241100x8000000000000000403489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd5f1b96970fed502021-12-21 10:40:12.945root 11241100x8000000000000000403490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7f68eafff4797572021-12-21 10:40:12.946root 11241100x8000000000000000403491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7040d150797b20f92021-12-21 10:40:12.946root 11241100x8000000000000000403492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fcb074813336e592021-12-21 10:40:12.946root 11241100x8000000000000000403493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bfe3cf63ad85eae2021-12-21 10:40:12.946root 534500x8000000000000000403494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.443{00000000-0000-0000-0000-000000000000}5726<unknown process>root 11241100x8000000000000000403495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9ae5e674fa673822021-12-21 10:40:13.443root 11241100x8000000000000000403496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af546595e26ffd52021-12-21 10:40:13.443root 11241100x8000000000000000403497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4f5558f4cdcb092021-12-21 10:40:13.443root 11241100x8000000000000000403498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df894ec2f7a6dff2021-12-21 10:40:13.443root 11241100x8000000000000000403499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.596c68b350d71b8a2021-12-21 10:40:13.443root 11241100x8000000000000000403500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b3828801a9dd81d2021-12-21 10:40:13.443root 11241100x8000000000000000403501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f190136c9669a872021-12-21 10:40:13.443root 11241100x8000000000000000403502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be40c3b8c3a0ee232021-12-21 10:40:13.444root 11241100x8000000000000000403503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70fbfd0bc9e1adb72021-12-21 10:40:13.444root 11241100x8000000000000000403504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5629d5cf515f062021-12-21 10:40:13.444root 11241100x8000000000000000403505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ef9280a413f882f2021-12-21 10:40:13.444root 11241100x8000000000000000403506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3ecb033f92bc6e72021-12-21 10:40:13.444root 11241100x8000000000000000403507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6607f01658c142452021-12-21 10:40:13.444root 11241100x8000000000000000403508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2867172c7553ef842021-12-21 10:40:13.444root 11241100x8000000000000000403509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad17a3231817cc222021-12-21 10:40:13.444root 11241100x8000000000000000403510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6b56d96c5a15f042021-12-21 10:40:13.444root 11241100x8000000000000000403511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c16d978f1d23872021-12-21 10:40:13.444root 11241100x8000000000000000403512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98250c0fe76d48922021-12-21 10:40:13.444root 11241100x8000000000000000403513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d3285b6ee1669992021-12-21 10:40:13.444root 11241100x8000000000000000403514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e035d6519b27bae12021-12-21 10:40:13.444root 11241100x8000000000000000403515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c86913199cb6f452021-12-21 10:40:13.445root 11241100x8000000000000000403516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f434c354a69a06212021-12-21 10:40:13.445root 11241100x8000000000000000403517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.057e4c4a03e2d3852021-12-21 10:40:13.445root 11241100x8000000000000000403518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db415da3cd9d26d42021-12-21 10:40:13.445root 11241100x8000000000000000403519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7f7caea3de439f72021-12-21 10:40:13.445root 11241100x8000000000000000403520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.681ca659fbd2eb162021-12-21 10:40:13.445root 11241100x8000000000000000403521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3066e606e2f8546d2021-12-21 10:40:13.445root 11241100x8000000000000000403522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.982bef8f23af5fae2021-12-21 10:40:13.445root 11241100x8000000000000000403523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec71eb6d0ede7cb2021-12-21 10:40:13.445root 11241100x8000000000000000403524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e61848f4743d192021-12-21 10:40:13.445root 11241100x8000000000000000403525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645f5f61c985420a2021-12-21 10:40:13.445root 11241100x8000000000000000403526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.035e3753628ce0df2021-12-21 10:40:13.445root 11241100x8000000000000000403527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff25ba45f79790582021-12-21 10:40:13.445root 11241100x8000000000000000403528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e55c3d4289be792021-12-21 10:40:13.445root 11241100x8000000000000000403529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3e3e380865c50d2021-12-21 10:40:13.445root 11241100x8000000000000000403530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60f92498cad9f0ca2021-12-21 10:40:13.446root 11241100x8000000000000000403531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2592b41e2d51ea612021-12-21 10:40:13.446root 11241100x8000000000000000403532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eef6433dd2ea6a72021-12-21 10:40:13.446root 11241100x8000000000000000403533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b33a46fcf4e7d96f2021-12-21 10:40:13.446root 11241100x8000000000000000403534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.556214084a957a3d2021-12-21 10:40:13.446root 11241100x8000000000000000403535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebe680de96f47e6c2021-12-21 10:40:13.446root 11241100x8000000000000000403536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7151307bb5af49052021-12-21 10:40:13.446root 11241100x8000000000000000403537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91976726ec561ced2021-12-21 10:40:13.446root 11241100x8000000000000000403538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edeeae899ce8c8402021-12-21 10:40:13.446root 11241100x8000000000000000403539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27eb689ee4df88312021-12-21 10:40:13.942root 11241100x8000000000000000403540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8056bff5abb96a072021-12-21 10:40:13.943root 11241100x8000000000000000403541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc42116e11049fdd2021-12-21 10:40:13.943root 11241100x8000000000000000403542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a29a84581d794b042021-12-21 10:40:13.943root 11241100x8000000000000000403543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3e090733362cf882021-12-21 10:40:13.943root 11241100x8000000000000000403544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4163d37a4b5359e2021-12-21 10:40:13.943root 11241100x8000000000000000403545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.604d7b47297eca842021-12-21 10:40:13.943root 11241100x8000000000000000403546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b3b1924f3241be2021-12-21 10:40:13.943root 11241100x8000000000000000403547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d31f5c856c6598d2021-12-21 10:40:13.943root 11241100x8000000000000000403548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd1d4f2f97e1f512021-12-21 10:40:13.943root 11241100x8000000000000000403549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12eda7a3f38c7ed32021-12-21 10:40:13.943root 11241100x8000000000000000403550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81059055ce65f1602021-12-21 10:40:13.943root 11241100x8000000000000000403551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c2aead40e4b99b52021-12-21 10:40:13.943root 11241100x8000000000000000403552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19116dbf542adfc52021-12-21 10:40:13.943root 11241100x8000000000000000403553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b57157b2c4c4fba2021-12-21 10:40:13.944root 11241100x8000000000000000403554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1964b06c4a6f9c392021-12-21 10:40:13.944root 11241100x8000000000000000403555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14c159afb644b4c2021-12-21 10:40:13.944root 11241100x8000000000000000403556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b34b8a6f87d6166c2021-12-21 10:40:13.944root 11241100x8000000000000000403557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad02d13ff434d7422021-12-21 10:40:13.944root 11241100x8000000000000000403558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1803a5ea1ca98ef12021-12-21 10:40:13.944root 11241100x8000000000000000403559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d616dd79b386662021-12-21 10:40:13.944root 11241100x8000000000000000403560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d66d5bc21d513972021-12-21 10:40:13.944root 11241100x8000000000000000403561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a3581ceb286fa912021-12-21 10:40:13.944root 11241100x8000000000000000403562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e0c8afd48fe19e2021-12-21 10:40:13.944root 11241100x8000000000000000403563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42b534caf8dfe59f2021-12-21 10:40:13.944root 11241100x8000000000000000403564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd1601e2eacea1dc2021-12-21 10:40:13.944root 11241100x8000000000000000403565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.207686f577b097192021-12-21 10:40:13.944root 11241100x8000000000000000403566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bef1f3e87ddce312021-12-21 10:40:13.944root 11241100x8000000000000000403567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4ef193950fe36782021-12-21 10:40:13.944root 11241100x8000000000000000403568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12fbda69823551142021-12-21 10:40:13.944root 11241100x8000000000000000403569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95aced6f3175aa3d2021-12-21 10:40:13.945root 11241100x8000000000000000403570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.245342f1e38bd42f2021-12-21 10:40:13.945root 11241100x8000000000000000403571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b7dedb867fce1d2021-12-21 10:40:13.945root 11241100x8000000000000000403572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d73a1fb706802e2021-12-21 10:40:13.945root 11241100x8000000000000000403573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d86c5d5af9d57782021-12-21 10:40:13.945root 11241100x8000000000000000403574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afbb8511c65508692021-12-21 10:40:13.945root 11241100x8000000000000000403575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99fa2d511313eecc2021-12-21 10:40:13.945root 11241100x8000000000000000403576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a76490760911f22021-12-21 10:40:13.945root 11241100x8000000000000000403577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b475ea374db28b2021-12-21 10:40:13.945root 11241100x8000000000000000403578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f55bab0dfc9670762021-12-21 10:40:13.945root 11241100x8000000000000000403579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16201911d9f224172021-12-21 10:40:13.945root 11241100x8000000000000000403580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ffe869735acf372021-12-21 10:40:13.945root 11241100x8000000000000000403581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6f211de763e85a12021-12-21 10:40:13.945root 11241100x8000000000000000403582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4863959c113e41e2021-12-21 10:40:13.945root 11241100x8000000000000000403583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63041362ff1092142021-12-21 10:40:13.945root 11241100x8000000000000000403584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b02714cd79589f2021-12-21 10:40:13.945root 11241100x8000000000000000403585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a103d056ed652f842021-12-21 10:40:13.946root 11241100x8000000000000000403586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae7c56f32c4324f62021-12-21 10:40:13.946root 11241100x8000000000000000403587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb61338329c6a4b2021-12-21 10:40:13.946root 11241100x8000000000000000403588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.787b4a3f80182ad32021-12-21 10:40:13.946root 11241100x8000000000000000403589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec5b528dd9f0ab5a2021-12-21 10:40:14.443root 11241100x8000000000000000403590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d64c3c562a1d9892021-12-21 10:40:14.443root 11241100x8000000000000000403591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.090dfe1a66261e9f2021-12-21 10:40:14.443root 11241100x8000000000000000403592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58fa76dd3b2b17fa2021-12-21 10:40:14.443root 11241100x8000000000000000403593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e792a9df9590c9e52021-12-21 10:40:14.443root 11241100x8000000000000000403594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e81e5dc60728cbd2021-12-21 10:40:14.443root 11241100x8000000000000000403595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f9c3991409231722021-12-21 10:40:14.443root 11241100x8000000000000000403596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e561be1bbdeed6e92021-12-21 10:40:14.443root 11241100x8000000000000000403597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea7815024806eff2021-12-21 10:40:14.443root 11241100x8000000000000000403598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.565168487966aae22021-12-21 10:40:14.443root 11241100x8000000000000000403599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32c4d179378afa852021-12-21 10:40:14.444root 11241100x8000000000000000403600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d48bb52048ec6722021-12-21 10:40:14.444root 11241100x8000000000000000403601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c7eb530a92ac3a22021-12-21 10:40:14.444root 11241100x8000000000000000403602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.402f4d5322794c282021-12-21 10:40:14.444root 11241100x8000000000000000403603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb322aae7c3c7b22021-12-21 10:40:14.444root 11241100x8000000000000000403604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a627b9d620d7a6e62021-12-21 10:40:14.444root 11241100x8000000000000000403605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd53755246c782722021-12-21 10:40:14.444root 11241100x8000000000000000403606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b236b0c5b74a7f9b2021-12-21 10:40:14.444root 11241100x8000000000000000403607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e2845e63786e9e72021-12-21 10:40:14.444root 11241100x8000000000000000403608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc7004e3876965462021-12-21 10:40:14.444root 11241100x8000000000000000403609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b56e556423e6ab672021-12-21 10:40:14.444root 11241100x8000000000000000403610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b0d9e734f5028c2021-12-21 10:40:14.444root 11241100x8000000000000000403611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc937c777c00760a2021-12-21 10:40:14.444root 11241100x8000000000000000403612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3007750f80347aec2021-12-21 10:40:14.445root 11241100x8000000000000000403613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1329a7737bbbffc2021-12-21 10:40:14.445root 11241100x8000000000000000403614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe724a617d3a83f52021-12-21 10:40:14.445root 11241100x8000000000000000403615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a559fb381c9dd8cb2021-12-21 10:40:14.445root 11241100x8000000000000000403616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bb7f8377857c1da2021-12-21 10:40:14.445root 11241100x8000000000000000403617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e96d82e1dd414e02021-12-21 10:40:14.445root 11241100x8000000000000000403618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fdb1635b937668b2021-12-21 10:40:14.445root 11241100x8000000000000000403619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ad65c05ea9790082021-12-21 10:40:14.445root 11241100x8000000000000000403620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a706d481b536902021-12-21 10:40:14.446root 11241100x8000000000000000403621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c05aff91fb72b4b2021-12-21 10:40:14.446root 11241100x8000000000000000403622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37205a892816e3ad2021-12-21 10:40:14.446root 11241100x8000000000000000403623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f156b8afebd6cb422021-12-21 10:40:14.446root 11241100x8000000000000000403624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.134fa86b4d107b1e2021-12-21 10:40:14.446root 11241100x8000000000000000403625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f81580e1673ce9512021-12-21 10:40:14.446root 11241100x8000000000000000403626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad53f249c4e212db2021-12-21 10:40:14.446root 11241100x8000000000000000403627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.202366effd7191952021-12-21 10:40:14.446root 11241100x8000000000000000403628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b58c1efe23f3383c2021-12-21 10:40:14.446root 11241100x8000000000000000403629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.183544e6b159d0902021-12-21 10:40:14.446root 11241100x8000000000000000403630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3ebf8118d7ab2fc2021-12-21 10:40:14.447root 11241100x8000000000000000403631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9e3d6f9a0b55c622021-12-21 10:40:14.447root 11241100x8000000000000000403632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f63a8ec4da7e2602021-12-21 10:40:14.447root 11241100x8000000000000000403633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c29ca332c330fb072021-12-21 10:40:14.447root 11241100x8000000000000000403634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d25682ec46be732021-12-21 10:40:14.447root 11241100x8000000000000000403635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.495caacf664428d82021-12-21 10:40:14.447root 11241100x8000000000000000403636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5795a05007361d562021-12-21 10:40:14.447root 11241100x8000000000000000403637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ee8bef30adddef02021-12-21 10:40:14.447root 11241100x8000000000000000403638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a2fe4ae6e3da322021-12-21 10:40:14.447root 11241100x8000000000000000403639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02b10ff68195cc072021-12-21 10:40:14.447root 11241100x8000000000000000403640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56c8fe90d1e42d292021-12-21 10:40:14.448root 11241100x8000000000000000403641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.076b4c6038481bb32021-12-21 10:40:14.448root 11241100x8000000000000000403642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200d716aaa4bab672021-12-21 10:40:14.448root 11241100x8000000000000000403643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6470b882f52ece72021-12-21 10:40:14.448root 11241100x8000000000000000403644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b8aa5e02716c0b82021-12-21 10:40:14.448root 11241100x8000000000000000403645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d322f8c6026fc22021-12-21 10:40:14.448root 11241100x8000000000000000403646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68bd59632cce232c2021-12-21 10:40:14.448root 11241100x8000000000000000403647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c30de3765fd0d772021-12-21 10:40:14.448root 11241100x8000000000000000403648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8524d0d4dcab8d92021-12-21 10:40:14.448root 11241100x8000000000000000403649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e994b0d58a1ce92021-12-21 10:40:14.448root 11241100x8000000000000000403650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d989697649d975522021-12-21 10:40:14.449root 11241100x8000000000000000403651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0106dc4e10e909be2021-12-21 10:40:14.449root 11241100x8000000000000000403652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa628be2018229212021-12-21 10:40:14.943root 11241100x8000000000000000403653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.239d7a81f40f449f2021-12-21 10:40:14.943root 11241100x8000000000000000403654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3eea7d4d69542592021-12-21 10:40:14.944root 11241100x8000000000000000403655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f9f556000b01742021-12-21 10:40:14.944root 11241100x8000000000000000403656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c54debe40d8df682021-12-21 10:40:14.944root 11241100x8000000000000000403657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d928ce4ab808dbc12021-12-21 10:40:14.944root 11241100x8000000000000000403658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0882b0b4eb98686e2021-12-21 10:40:14.944root 11241100x8000000000000000403659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e973b6548c551c2021-12-21 10:40:14.944root 11241100x8000000000000000403660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e345cb44099c74662021-12-21 10:40:14.944root 11241100x8000000000000000403661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d74199b7616c602021-12-21 10:40:14.944root 11241100x8000000000000000403662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31307d75885f36eb2021-12-21 10:40:14.945root 11241100x8000000000000000403663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa6d1cca7040f8a82021-12-21 10:40:14.945root 11241100x8000000000000000403664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff493fbf2dd237aa2021-12-21 10:40:14.945root 11241100x8000000000000000403665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a695cfd14813d682021-12-21 10:40:14.945root 11241100x8000000000000000403666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a3efd4d0d7a3cf2021-12-21 10:40:14.945root 11241100x8000000000000000403667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e7dbbcb5c1e57f32021-12-21 10:40:14.945root 11241100x8000000000000000403668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94091ca0d5f7c802021-12-21 10:40:14.945root 11241100x8000000000000000403669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d587d2ea4e15fe2f2021-12-21 10:40:14.945root 11241100x8000000000000000403670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.678bf77d0dbe1c8e2021-12-21 10:40:14.945root 11241100x8000000000000000403671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a59f2b16faac3e262021-12-21 10:40:14.945root 11241100x8000000000000000403672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.257e060f5f588c112021-12-21 10:40:14.945root 11241100x8000000000000000403673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a49ef2eec84bc082021-12-21 10:40:14.945root 11241100x8000000000000000403674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d8b4b5e3669544a2021-12-21 10:40:14.945root 11241100x8000000000000000403675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ebd1edea3aa40532021-12-21 10:40:14.945root 11241100x8000000000000000403676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68d4fd37a7058f0f2021-12-21 10:40:14.945root 11241100x8000000000000000403677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e92992e75c0080842021-12-21 10:40:14.945root 11241100x8000000000000000403678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa0c885259941ba2021-12-21 10:40:14.946root 11241100x8000000000000000403679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74cbff04f34005332021-12-21 10:40:14.946root 11241100x8000000000000000403680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695cfc8785fd74d12021-12-21 10:40:14.946root 11241100x8000000000000000403681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4061f9a61c1d884b2021-12-21 10:40:14.946root 11241100x8000000000000000403682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b45b841a4a0af22021-12-21 10:40:14.946root 11241100x8000000000000000403683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb749f7e018578342021-12-21 10:40:14.946root 11241100x8000000000000000403684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670304d31fa24bb52021-12-21 10:40:14.946root 11241100x8000000000000000403685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725a96f1d4560f362021-12-21 10:40:14.946root 11241100x8000000000000000403686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de24ce294e1591632021-12-21 10:40:14.946root 11241100x8000000000000000403687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4ccbbcbcbfde992021-12-21 10:40:14.946root 11241100x8000000000000000403688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0055e6bc1d303ef2021-12-21 10:40:14.946root 11241100x8000000000000000403689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d48ba4cdbb70aeb92021-12-21 10:40:14.946root 11241100x8000000000000000403690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5600f9336ccc47012021-12-21 10:40:14.946root 11241100x8000000000000000403691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.febb08af4a8a5a252021-12-21 10:40:14.946root 11241100x8000000000000000403692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03141065846dff042021-12-21 10:40:14.946root 11241100x8000000000000000403693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b1c58b9b2986f9a2021-12-21 10:40:14.947root 11241100x8000000000000000403694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3315c8b771082cb02021-12-21 10:40:14.947root 11241100x8000000000000000403695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d937d0c8c184f17e2021-12-21 10:40:14.947root 11241100x8000000000000000403696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dcf4b1c4727c5ac2021-12-21 10:40:14.947root 11241100x8000000000000000403697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b306172771c2abfa2021-12-21 10:40:14.947root 11241100x8000000000000000403698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4dcca4e5a92e2e22021-12-21 10:40:14.947root 11241100x8000000000000000403699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa5c807bb2eccf22021-12-21 10:40:14.947root 11241100x8000000000000000403700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ca8efce4004f952021-12-21 10:40:14.947root 11241100x8000000000000000403701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f24de0cb068ac54b2021-12-21 10:40:14.947root 11241100x8000000000000000403702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.154e203ea1592d282021-12-21 10:40:14.947root 11241100x8000000000000000403703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c36af461587d0bd2021-12-21 10:40:14.947root 11241100x8000000000000000403704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce7b67d3fe413212021-12-21 10:40:14.947root 11241100x8000000000000000403705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.399eb86c32a846da2021-12-21 10:40:14.947root 11241100x8000000000000000403706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.773b0a31107bee7e2021-12-21 10:40:14.947root 11241100x8000000000000000403707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af28034ad29472dd2021-12-21 10:40:14.947root 11241100x8000000000000000403708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f747a2bb8c45642021-12-21 10:40:14.947root 11241100x8000000000000000403709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cadc4233e880ea12021-12-21 10:40:14.948root 11241100x8000000000000000403710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3131e803318465f82021-12-21 10:40:14.948root 11241100x8000000000000000403711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b31e8c13113a9cce2021-12-21 10:40:14.948root 11241100x8000000000000000403712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f9095a0a0ecc7392021-12-21 10:40:14.948root 11241100x8000000000000000403713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4903beeff505862021-12-21 10:40:14.948root 11241100x8000000000000000403714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b0d4d922be8a712021-12-21 10:40:14.948root 11241100x8000000000000000403715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89bf9322f0975f272021-12-21 10:40:14.948root 11241100x8000000000000000403716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c4bd800814c6d72021-12-21 10:40:14.948root 11241100x8000000000000000403717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffef153b0787c4a02021-12-21 10:40:14.948root 11241100x8000000000000000403718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e1192efb8607b5d2021-12-21 10:40:14.948root 11241100x8000000000000000403719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06a4caf4f6abb94f2021-12-21 10:40:14.948root 11241100x8000000000000000403720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b28d515c75049a302021-12-21 10:40:14.948root 11241100x8000000000000000403721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62dd809f67808d62021-12-21 10:40:14.948root 11241100x8000000000000000403722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea45e62349ff3a672021-12-21 10:40:14.948root 11241100x8000000000000000403723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf5a8ca1fd067542021-12-21 10:40:14.948root 11241100x8000000000000000403724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d08cd08c77d21fe72021-12-21 10:40:14.948root 11241100x8000000000000000403725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed3c961afa144c052021-12-21 10:40:14.949root 11241100x8000000000000000403726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.238ff713eb94fa932021-12-21 10:40:14.949root 11241100x8000000000000000403727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47dd213a78d0bad62021-12-21 10:40:14.949root 11241100x8000000000000000403728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8aebc23ad46de982021-12-21 10:40:14.949root 11241100x8000000000000000403729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b605c3ccea62cfd2021-12-21 10:40:14.949root 11241100x8000000000000000403730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de0e9a87454355b72021-12-21 10:40:14.949root 11241100x8000000000000000403731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.febfac7a84cc16bd2021-12-21 10:40:14.949root 11241100x8000000000000000403732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c49787ded5027562021-12-21 10:40:14.949root 11241100x8000000000000000403733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df29b2dafd8043672021-12-21 10:40:14.950root 11241100x8000000000000000403734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ee3341386406ccf2021-12-21 10:40:14.950root 11241100x8000000000000000403735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0aef4841f17790e2021-12-21 10:40:14.950root 11241100x8000000000000000403736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a2393aef1541dde2021-12-21 10:40:14.950root 11241100x8000000000000000403737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.309c5b5fc71c9afc2021-12-21 10:40:14.950root 11241100x8000000000000000403738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8276e1c29db57d702021-12-21 10:40:14.950root 11241100x8000000000000000403739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4815314c5cd223d2021-12-21 10:40:14.950root 11241100x8000000000000000403740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6157f3439a756522021-12-21 10:40:14.950root 11241100x8000000000000000403741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d0391a99af7d222021-12-21 10:40:14.951root 11241100x8000000000000000403742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8dc76d6689172f2021-12-21 10:40:14.951root 11241100x8000000000000000403743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.053ab1a52749b3022021-12-21 10:40:14.951root 11241100x8000000000000000403744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39276ab132cc46962021-12-21 10:40:14.951root 11241100x8000000000000000403745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a4baeb9a5a67242021-12-21 10:40:14.951root 11241100x8000000000000000403746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20239754a66d846b2021-12-21 10:40:14.951root 11241100x8000000000000000403747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc838d061270cecc2021-12-21 10:40:14.951root 11241100x8000000000000000403748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6323b350d98911b12021-12-21 10:40:14.952root 11241100x8000000000000000403749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3138361fc3101cf32021-12-21 10:40:14.952root 11241100x8000000000000000403750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.154027e1e0b8a3852021-12-21 10:40:14.952root 11241100x8000000000000000403751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5a2ba60b4c488e32021-12-21 10:40:14.952root 11241100x8000000000000000403752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:14.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4673db7a0e7750692021-12-21 10:40:14.952root 11241100x8000000000000000403753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60f2f6f5a6baa68c2021-12-21 10:40:15.443root 11241100x8000000000000000403754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d84b58e4fda46d2021-12-21 10:40:15.443root 11241100x8000000000000000403755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0837d0918310c66d2021-12-21 10:40:15.443root 11241100x8000000000000000403756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5638df1a915dee272021-12-21 10:40:15.444root 11241100x8000000000000000403757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6772a0ff598061742021-12-21 10:40:15.444root 11241100x8000000000000000403758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b16278ce3c894d2021-12-21 10:40:15.444root 11241100x8000000000000000403759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df97b7fb0c638d9c2021-12-21 10:40:15.444root 11241100x8000000000000000403760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd33c3fc2c1513312021-12-21 10:40:15.444root 11241100x8000000000000000403761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.982075a199330c9f2021-12-21 10:40:15.444root 11241100x8000000000000000403762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a5e9277fd91d792021-12-21 10:40:15.444root 11241100x8000000000000000403763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b4bba74204c8d52021-12-21 10:40:15.444root 11241100x8000000000000000403764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b8cc51148f25e462021-12-21 10:40:15.444root 11241100x8000000000000000403765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3fd5ae0232e686a2021-12-21 10:40:15.444root 11241100x8000000000000000403766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c3adf333daa25452021-12-21 10:40:15.444root 11241100x8000000000000000403767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea7edce99afaa78a2021-12-21 10:40:15.445root 11241100x8000000000000000403768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fa1a7e2e2e3e9e92021-12-21 10:40:15.445root 11241100x8000000000000000403769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8f6266a8b249e0b2021-12-21 10:40:15.445root 11241100x8000000000000000403770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f1635dc207fbf72021-12-21 10:40:15.445root 11241100x8000000000000000403771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15183f536b98847c2021-12-21 10:40:15.445root 11241100x8000000000000000403772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d4bd1f4c9a54552021-12-21 10:40:15.445root 11241100x8000000000000000403773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c393ccd48bdc148a2021-12-21 10:40:15.445root 11241100x8000000000000000403774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21542d35c4ae2bc32021-12-21 10:40:15.445root 11241100x8000000000000000403775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c613a4ba896dc43e2021-12-21 10:40:15.445root 11241100x8000000000000000403776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e09ec2c6c882149d2021-12-21 10:40:15.445root 11241100x8000000000000000403777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae882de2c6ed2192021-12-21 10:40:15.445root 11241100x8000000000000000403778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608a71a318ddaa7b2021-12-21 10:40:15.446root 11241100x8000000000000000403779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.816ad440a6bdb15b2021-12-21 10:40:15.446root 11241100x8000000000000000403780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.429a42958439b5ea2021-12-21 10:40:15.446root 11241100x8000000000000000403781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c264bde9e91d9e2021-12-21 10:40:15.446root 11241100x8000000000000000403782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bef73ba8d98937c82021-12-21 10:40:15.446root 11241100x8000000000000000403783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b5c25aa131e7372021-12-21 10:40:15.446root 11241100x8000000000000000403784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da9e70690f43da52021-12-21 10:40:15.446root 11241100x8000000000000000403785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea21a1382778563c2021-12-21 10:40:15.446root 11241100x8000000000000000403786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4965bc553f47df72021-12-21 10:40:15.446root 11241100x8000000000000000403787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee48800a8f55c1732021-12-21 10:40:15.446root 11241100x8000000000000000403788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f166976c5b19f5522021-12-21 10:40:15.447root 11241100x8000000000000000403789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef3b0466ef7f89972021-12-21 10:40:15.447root 11241100x8000000000000000403790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c94948c9c874fd622021-12-21 10:40:15.447root 11241100x8000000000000000403791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb76193ae992779c2021-12-21 10:40:15.447root 11241100x8000000000000000403792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a0c8d0732400442021-12-21 10:40:15.447root 11241100x8000000000000000403793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f54b30370b84252021-12-21 10:40:15.447root 11241100x8000000000000000403794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a25a6a21fdd796f02021-12-21 10:40:15.447root 11241100x8000000000000000403795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49d277f329d77b9d2021-12-21 10:40:15.447root 11241100x8000000000000000403796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ce03298fd0eb8f2021-12-21 10:40:15.447root 11241100x8000000000000000403797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2446eb8c4e0371652021-12-21 10:40:15.447root 11241100x8000000000000000403798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa2c345d29c20d5a2021-12-21 10:40:15.447root 11241100x8000000000000000403799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8190418c0dc972242021-12-21 10:40:15.447root 11241100x8000000000000000403800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b53ee39da34cff5a2021-12-21 10:40:15.447root 11241100x8000000000000000403801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b940559446f883f02021-12-21 10:40:15.448root 11241100x8000000000000000403802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db32cfddda04cc742021-12-21 10:40:15.448root 11241100x8000000000000000403803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df621b14beebf2d2021-12-21 10:40:15.448root 11241100x8000000000000000403804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b1fc62d50662222021-12-21 10:40:15.448root 11241100x8000000000000000403805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7df947162f8bdcd2021-12-21 10:40:15.943root 11241100x8000000000000000403806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a95f1c8cf8cbf382021-12-21 10:40:15.943root 11241100x8000000000000000403807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5491efdbf5efbf32021-12-21 10:40:15.943root 11241100x8000000000000000403808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c060d06c6535792021-12-21 10:40:15.943root 11241100x8000000000000000403809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d42190f352ed23a52021-12-21 10:40:15.944root 11241100x8000000000000000403810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7427c48e829f1cf52021-12-21 10:40:15.944root 11241100x8000000000000000403811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ffb669ca13d5f22021-12-21 10:40:15.944root 11241100x8000000000000000403812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1eedd58bc876ea2021-12-21 10:40:15.944root 11241100x8000000000000000403813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160958bd564542f02021-12-21 10:40:15.944root 11241100x8000000000000000403814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195718d27dce614a2021-12-21 10:40:15.944root 11241100x8000000000000000403815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6149d0d75a13ae142021-12-21 10:40:15.945root 11241100x8000000000000000403816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a4cdefcddfeb672021-12-21 10:40:15.945root 11241100x8000000000000000403817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.284f277d2b7891df2021-12-21 10:40:15.945root 11241100x8000000000000000403818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1042074da23e3e72021-12-21 10:40:15.945root 11241100x8000000000000000403819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b2312daad26b4f82021-12-21 10:40:15.945root 11241100x8000000000000000403820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b0b8e63baf26b9f2021-12-21 10:40:15.945root 11241100x8000000000000000403821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73e7a3271cd1f3532021-12-21 10:40:15.945root 11241100x8000000000000000403822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20e5df4365b41d4a2021-12-21 10:40:15.945root 11241100x8000000000000000403823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b80d2d0e86640a3f2021-12-21 10:40:15.945root 11241100x8000000000000000403824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.961be5e7dd2efecb2021-12-21 10:40:15.945root 11241100x8000000000000000403825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.850fba01beaf80082021-12-21 10:40:15.945root 11241100x8000000000000000403826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0029e362b64abc062021-12-21 10:40:15.945root 11241100x8000000000000000403827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce993c4c6b8aa3e82021-12-21 10:40:15.946root 11241100x8000000000000000403828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df7c34c4f93b92802021-12-21 10:40:15.946root 11241100x8000000000000000403829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d585fc10f34a52492021-12-21 10:40:15.946root 11241100x8000000000000000403830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8887054e1fc40f42021-12-21 10:40:15.946root 11241100x8000000000000000403831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e3620e91ead65f2021-12-21 10:40:15.946root 11241100x8000000000000000403832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a4c829cc27071b2021-12-21 10:40:15.946root 11241100x8000000000000000403833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2afe30aaf11882072021-12-21 10:40:15.946root 11241100x8000000000000000403834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cca8d6bf1f049e152021-12-21 10:40:15.946root 11241100x8000000000000000403835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c0cf48dcbb8cfa2021-12-21 10:40:15.946root 11241100x8000000000000000403836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39cd88ec6c26417f2021-12-21 10:40:15.946root 11241100x8000000000000000403837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1c7491b72f38742021-12-21 10:40:15.947root 11241100x8000000000000000403838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f3c4d08f6ae45d02021-12-21 10:40:15.947root 11241100x8000000000000000403839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a739eea7c498272021-12-21 10:40:15.947root 11241100x8000000000000000403840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa891df90ee27b872021-12-21 10:40:15.947root 11241100x8000000000000000403841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8c905cf5afcef772021-12-21 10:40:15.947root 11241100x8000000000000000403842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41e14197ccd076052021-12-21 10:40:15.947root 11241100x8000000000000000403843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20252e806351d25e2021-12-21 10:40:15.948root 11241100x8000000000000000403844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48a603aaab63746c2021-12-21 10:40:15.948root 11241100x8000000000000000403845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e61629dd9f949cb42021-12-21 10:40:15.948root 11241100x8000000000000000403846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f3855314855ef9c2021-12-21 10:40:15.948root 11241100x8000000000000000403847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bb8b45040530c3e2021-12-21 10:40:15.949root 11241100x8000000000000000403848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.768682cf22e8b7c22021-12-21 10:40:15.949root 11241100x8000000000000000403849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b8ee486c654a3f2021-12-21 10:40:15.949root 11241100x8000000000000000403850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa9137b8da7f9592021-12-21 10:40:15.949root 11241100x8000000000000000403851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0db0a24c21c851c2021-12-21 10:40:15.949root 11241100x8000000000000000403852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5aee19ce48d741e2021-12-21 10:40:15.950root 11241100x8000000000000000403853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.744c51efc2f2d7382021-12-21 10:40:15.950root 11241100x8000000000000000403854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4aa6017978a81a92021-12-21 10:40:15.950root 11241100x8000000000000000403855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb49df97f55d62d2021-12-21 10:40:15.950root 11241100x8000000000000000403856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.724742eb636ec79c2021-12-21 10:40:15.950root 11241100x8000000000000000403857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:15.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80469c47de5f43192021-12-21 10:40:15.950root 11241100x8000000000000000403858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.268683768590af5b2021-12-21 10:40:16.443root 11241100x8000000000000000403859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a0d8b487e793fb52021-12-21 10:40:16.443root 11241100x8000000000000000403860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f579f6a9bef91312021-12-21 10:40:16.443root 11241100x8000000000000000403861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa9b9550cd8624c2021-12-21 10:40:16.444root 11241100x8000000000000000403862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3641e773eabf6a32021-12-21 10:40:16.444root 11241100x8000000000000000403863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a0906bae6831a82021-12-21 10:40:16.444root 11241100x8000000000000000403864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb4a042e59abcd592021-12-21 10:40:16.444root 11241100x8000000000000000403865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ac1f885a392e8452021-12-21 10:40:16.444root 11241100x8000000000000000403866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16f7c0a949c6c66e2021-12-21 10:40:16.444root 11241100x8000000000000000403867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42f6d4aa62a22dd2021-12-21 10:40:16.444root 11241100x8000000000000000403868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e06730b1721dfa12021-12-21 10:40:16.445root 11241100x8000000000000000403869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d782aa1ad6974f972021-12-21 10:40:16.445root 11241100x8000000000000000403870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.680c0e9ae7f32a032021-12-21 10:40:16.445root 11241100x8000000000000000403871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7d35d208db98b92021-12-21 10:40:16.445root 11241100x8000000000000000403872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a05be8d3a01505b2021-12-21 10:40:16.445root 11241100x8000000000000000403873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.886552f618083b262021-12-21 10:40:16.445root 11241100x8000000000000000403874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5477cd021a490f12021-12-21 10:40:16.445root 11241100x8000000000000000403875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.198ab05a770bfd962021-12-21 10:40:16.446root 11241100x8000000000000000403876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef16b39f48301e512021-12-21 10:40:16.446root 11241100x8000000000000000403877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca6c8d880a7e7182021-12-21 10:40:16.446root 11241100x8000000000000000403878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d284e7ed599ef3a92021-12-21 10:40:16.446root 11241100x8000000000000000403879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae1540d4fd6393a2021-12-21 10:40:16.446root 11241100x8000000000000000403880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ac40b3302c059332021-12-21 10:40:16.446root 11241100x8000000000000000403881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f76c11a8e56fcc5a2021-12-21 10:40:16.446root 11241100x8000000000000000403882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84697d0bcd21688f2021-12-21 10:40:16.447root 11241100x8000000000000000403883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d937cc0e0b289fe2021-12-21 10:40:16.447root 11241100x8000000000000000403884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56d0ae8d8dee800d2021-12-21 10:40:16.447root 11241100x8000000000000000403885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.075d52dc52506b4e2021-12-21 10:40:16.447root 11241100x8000000000000000403886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1851bc26540e1ab2021-12-21 10:40:16.447root 11241100x8000000000000000403887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b0b023b1b334b3e2021-12-21 10:40:16.447root 11241100x8000000000000000403888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c42ca0b2477fd102021-12-21 10:40:16.447root 11241100x8000000000000000403889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e5ac888242e6742021-12-21 10:40:16.448root 11241100x8000000000000000403890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5373db6b3a8cdb622021-12-21 10:40:16.448root 11241100x8000000000000000403891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.402b966c7cf126972021-12-21 10:40:16.448root 11241100x8000000000000000403892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4590cc8d978d1cc2021-12-21 10:40:16.448root 11241100x8000000000000000403893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d81070c2a0a29c82021-12-21 10:40:16.448root 11241100x8000000000000000403894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18700c999b2242ef2021-12-21 10:40:16.448root 11241100x8000000000000000403895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daff49237db1e0662021-12-21 10:40:16.448root 11241100x8000000000000000403896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7ddf2677a2c71a02021-12-21 10:40:16.449root 11241100x8000000000000000403897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.364afcb49d3efd032021-12-21 10:40:16.449root 11241100x8000000000000000403898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f79f2ec1929125552021-12-21 10:40:16.449root 11241100x8000000000000000403899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1de396106db4ab42021-12-21 10:40:16.449root 11241100x8000000000000000403900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb73fd1048dc0ba2021-12-21 10:40:16.449root 11241100x8000000000000000403901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66a6802a8a1439692021-12-21 10:40:16.449root 11241100x8000000000000000403902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1aba8c8fbe725d32021-12-21 10:40:16.449root 11241100x8000000000000000403903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f7c851f46cb3d262021-12-21 10:40:16.943root 11241100x8000000000000000403904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af324e1fde7a2b432021-12-21 10:40:16.943root 11241100x8000000000000000403905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d25f1a2f8d067c2021-12-21 10:40:16.944root 11241100x8000000000000000403906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f477186606556ab22021-12-21 10:40:16.944root 11241100x8000000000000000403907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06515922e17129d12021-12-21 10:40:16.944root 11241100x8000000000000000403908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c92032f1080caaf2021-12-21 10:40:16.944root 11241100x8000000000000000403909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cdee7f20ed5001f2021-12-21 10:40:16.944root 11241100x8000000000000000403910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c1ad49c0580c7482021-12-21 10:40:16.944root 11241100x8000000000000000403911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ca2d504052802762021-12-21 10:40:16.945root 11241100x8000000000000000403912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3325bb2dd13c04222021-12-21 10:40:16.945root 11241100x8000000000000000403913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c24f9d3b5d24c11c2021-12-21 10:40:16.945root 11241100x8000000000000000403914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c38941370b9840e12021-12-21 10:40:16.945root 11241100x8000000000000000403915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7db7fc5394f4eced2021-12-21 10:40:16.945root 11241100x8000000000000000403916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4caabed75cdb5b52021-12-21 10:40:16.945root 11241100x8000000000000000403917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.314f9ca6ab51292c2021-12-21 10:40:16.945root 11241100x8000000000000000403918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a63a1f6247c7712021-12-21 10:40:16.946root 11241100x8000000000000000403919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.207c05924c934afc2021-12-21 10:40:16.946root 11241100x8000000000000000403920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0228e0e32685f8e2021-12-21 10:40:16.946root 11241100x8000000000000000403921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f8cc90e3be17db2021-12-21 10:40:16.946root 11241100x8000000000000000403922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec9c9651cfb09e52021-12-21 10:40:16.946root 11241100x8000000000000000403923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e27897466da27572021-12-21 10:40:16.946root 11241100x8000000000000000403924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a75faf8a1a1363fa2021-12-21 10:40:16.947root 11241100x8000000000000000403925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b33166a81bfc7d2021-12-21 10:40:16.947root 11241100x8000000000000000403926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a53d8d00056f7b2021-12-21 10:40:16.947root 11241100x8000000000000000403927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ffbdd02fc46614e2021-12-21 10:40:16.947root 11241100x8000000000000000403928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec78d7d4027edd9b2021-12-21 10:40:16.948root 11241100x8000000000000000403929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.282b376cd542abfc2021-12-21 10:40:16.948root 11241100x8000000000000000403930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f68ad7cbfa034eca2021-12-21 10:40:16.948root 11241100x8000000000000000403931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2905debe6b256e6a2021-12-21 10:40:16.948root 11241100x8000000000000000403932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c74af129534dfbdb2021-12-21 10:40:16.948root 11241100x8000000000000000403933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ef4f23d864725832021-12-21 10:40:16.948root 11241100x8000000000000000403934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.964504877ee22e1b2021-12-21 10:40:16.948root 11241100x8000000000000000403935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b38637ebcd209b2021-12-21 10:40:16.948root 11241100x8000000000000000403936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c66adf558058333a2021-12-21 10:40:16.948root 11241100x8000000000000000403937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d916f17a96546cc72021-12-21 10:40:16.949root 11241100x8000000000000000403938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.636d665a83dc37332021-12-21 10:40:16.949root 11241100x8000000000000000403939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12586395fa473022021-12-21 10:40:16.949root 11241100x8000000000000000403940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2b5aa23792bece42021-12-21 10:40:16.949root 11241100x8000000000000000403941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e51b52b2fd8844432021-12-21 10:40:16.949root 11241100x8000000000000000403942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1668bf968e5aa382021-12-21 10:40:16.949root 11241100x8000000000000000403943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c61ffd802ac117b2021-12-21 10:40:16.949root 11241100x8000000000000000403944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86243027bc410b482021-12-21 10:40:16.949root 11241100x8000000000000000403945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f7b6151213a7c672021-12-21 10:40:16.950root 11241100x8000000000000000403946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a670e50d826908b2021-12-21 10:40:16.950root 11241100x8000000000000000403947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b26dac61b3458e2021-12-21 10:40:16.950root 11241100x8000000000000000403948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e85d757cf96a6822021-12-21 10:40:16.950root 11241100x8000000000000000403949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa77b154e043c7262021-12-21 10:40:16.950root 11241100x8000000000000000403950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78579e3258c177232021-12-21 10:40:16.950root 11241100x8000000000000000403951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baee475eaebf21592021-12-21 10:40:16.950root 11241100x8000000000000000403952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff64144693a41baa2021-12-21 10:40:16.950root 11241100x8000000000000000403953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a01ccb03406bbbb2021-12-21 10:40:16.953root 11241100x8000000000000000403954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:16.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a39ffe2253174c3a2021-12-21 10:40:16.953root 354300x8000000000000000403955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.065{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47432-false10.0.1.12-8000- 11241100x8000000000000000403956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91818655e35e99562021-12-21 10:40:17.443root 11241100x8000000000000000403957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8052a736863d9a832021-12-21 10:40:17.444root 11241100x8000000000000000403958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78c4470ac5c7ea392021-12-21 10:40:17.444root 11241100x8000000000000000403959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d9b0899f085a7782021-12-21 10:40:17.444root 11241100x8000000000000000403960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a3d57042f633de2021-12-21 10:40:17.444root 11241100x8000000000000000403961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.742781c74dbe96db2021-12-21 10:40:17.444root 11241100x8000000000000000403962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270bfee758457b652021-12-21 10:40:17.444root 11241100x8000000000000000403963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88cfc008d1a571a22021-12-21 10:40:17.445root 11241100x8000000000000000403964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23d8d18a91b285692021-12-21 10:40:17.445root 11241100x8000000000000000403965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80e3e5e1e8a6802c2021-12-21 10:40:17.445root 11241100x8000000000000000403966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed27d83231a6311b2021-12-21 10:40:17.445root 11241100x8000000000000000403967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17b4921780f5733e2021-12-21 10:40:17.445root 11241100x8000000000000000403968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d94325151481c5452021-12-21 10:40:17.445root 11241100x8000000000000000403969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46d7a59fedc77a462021-12-21 10:40:17.445root 11241100x8000000000000000403970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3042a55d58d7ccad2021-12-21 10:40:17.445root 11241100x8000000000000000403971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55abac714c76b56f2021-12-21 10:40:17.445root 11241100x8000000000000000403972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0911eb45aabaebd2021-12-21 10:40:17.445root 11241100x8000000000000000403973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcdd7852da9d52192021-12-21 10:40:17.445root 11241100x8000000000000000403974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d64798464c31c7862021-12-21 10:40:17.445root 11241100x8000000000000000403975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e6f9877e6d194ff2021-12-21 10:40:17.445root 11241100x8000000000000000403976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.120c99e9b5f2cabf2021-12-21 10:40:17.445root 11241100x8000000000000000403977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe3120aedf4bc1d2021-12-21 10:40:17.445root 11241100x8000000000000000403978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab6bee7dc976646f2021-12-21 10:40:17.445root 11241100x8000000000000000403979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b99a02859b872dc2021-12-21 10:40:17.446root 11241100x8000000000000000403980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7998fb98cfa95882021-12-21 10:40:17.446root 11241100x8000000000000000403981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97847063417725772021-12-21 10:40:17.446root 11241100x8000000000000000403982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.757136ec4a06c71b2021-12-21 10:40:17.446root 11241100x8000000000000000403983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b6392b86d6a06022021-12-21 10:40:17.446root 11241100x8000000000000000403984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b575a124ec5dbcfc2021-12-21 10:40:17.446root 11241100x8000000000000000403985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.043d2c51efb3068e2021-12-21 10:40:17.446root 11241100x8000000000000000403986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.483215b6f0e586992021-12-21 10:40:17.446root 11241100x8000000000000000403987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.135f140029a303862021-12-21 10:40:17.446root 11241100x8000000000000000403988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c0393416d620dc2021-12-21 10:40:17.446root 11241100x8000000000000000403989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4b286a38e6c36062021-12-21 10:40:17.446root 11241100x8000000000000000403990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99aab1c5a3050832021-12-21 10:40:17.446root 11241100x8000000000000000403991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf4dc091436bca62021-12-21 10:40:17.446root 11241100x8000000000000000403992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8071d1a0edbdfa2021-12-21 10:40:17.446root 11241100x8000000000000000403993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda33a165266461d2021-12-21 10:40:17.446root 11241100x8000000000000000403994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f501fbf9603ce542021-12-21 10:40:17.446root 11241100x8000000000000000403995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d45cb885c69fb92e2021-12-21 10:40:17.447root 11241100x8000000000000000403996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9339d638287041e82021-12-21 10:40:17.447root 11241100x8000000000000000403997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce60306612b9cea2021-12-21 10:40:17.447root 11241100x8000000000000000403998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.572ab55f3f118ec72021-12-21 10:40:17.447root 11241100x8000000000000000403999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f45200a4fd4d46832021-12-21 10:40:17.447root 11241100x8000000000000000404000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f29fcab80caa722021-12-21 10:40:17.447root 11241100x8000000000000000404001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a10fda0f8b7c011b2021-12-21 10:40:17.943root 11241100x8000000000000000404002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d390e21ab5643b2021-12-21 10:40:17.943root 11241100x8000000000000000404003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368b25faa1a262ec2021-12-21 10:40:17.943root 11241100x8000000000000000404004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1140aad11504dc42021-12-21 10:40:17.943root 11241100x8000000000000000404005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ae11158d8cb0edf2021-12-21 10:40:17.943root 11241100x8000000000000000404006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff8df14dec542db2021-12-21 10:40:17.943root 11241100x8000000000000000404007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd642656051db9402021-12-21 10:40:17.944root 11241100x8000000000000000404008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ef58da91c48ed32021-12-21 10:40:17.944root 11241100x8000000000000000404009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a7eb45622a7ab0a2021-12-21 10:40:17.944root 11241100x8000000000000000404010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.169fdbe438c4177d2021-12-21 10:40:17.944root 11241100x8000000000000000404011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a2a3bc0d56bc162021-12-21 10:40:17.944root 11241100x8000000000000000404012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99317ed9ba6bcfe2021-12-21 10:40:17.944root 11241100x8000000000000000404013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77efcaa22812aa072021-12-21 10:40:17.944root 11241100x8000000000000000404014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cab90cae7a5f7442021-12-21 10:40:17.944root 11241100x8000000000000000404015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f66f8db24d4bb11d2021-12-21 10:40:17.944root 11241100x8000000000000000404016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe9c1fdfbcb35472021-12-21 10:40:17.944root 11241100x8000000000000000404017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e143976e9fdc662021-12-21 10:40:17.944root 11241100x8000000000000000404018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.679ae1d8f529a8542021-12-21 10:40:17.945root 11241100x8000000000000000404019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efde8c845c058c4a2021-12-21 10:40:17.945root 11241100x8000000000000000404020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4cbb9f2242ddda42021-12-21 10:40:17.945root 11241100x8000000000000000404021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6e8949210131a22021-12-21 10:40:17.945root 11241100x8000000000000000404022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6772d49306cffa22021-12-21 10:40:17.945root 11241100x8000000000000000404023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c7f308f0ec9f6f2021-12-21 10:40:17.945root 11241100x8000000000000000404024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2965c233d5b32c62021-12-21 10:40:17.945root 11241100x8000000000000000404025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3356a5cfa96b2982021-12-21 10:40:17.945root 11241100x8000000000000000404026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef3cc5149e3537242021-12-21 10:40:17.945root 11241100x8000000000000000404027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c3a9692e3ae5f92021-12-21 10:40:17.945root 11241100x8000000000000000404028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a628d8a5ed9628a2021-12-21 10:40:17.946root 11241100x8000000000000000404029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6769a0d8aee7b9d72021-12-21 10:40:17.946root 11241100x8000000000000000404030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b75944bdd8a96f162021-12-21 10:40:17.946root 11241100x8000000000000000404031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb69e3e1b8c50c632021-12-21 10:40:17.946root 11241100x8000000000000000404032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df2a124e0d5741962021-12-21 10:40:17.946root 11241100x8000000000000000404033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a10f6beb98d39a2021-12-21 10:40:17.946root 11241100x8000000000000000404034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15c8f07f3d4908ad2021-12-21 10:40:17.947root 11241100x8000000000000000404035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7342796e8bfdb1842021-12-21 10:40:17.947root 11241100x8000000000000000404036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa92ed047fe3e312021-12-21 10:40:17.947root 11241100x8000000000000000404037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b32e2003e7f5f92021-12-21 10:40:17.947root 11241100x8000000000000000404038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.254489a2f127163e2021-12-21 10:40:17.947root 11241100x8000000000000000404039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9763d514d291d1a52021-12-21 10:40:17.947root 11241100x8000000000000000404040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c67506fb050d4f62021-12-21 10:40:17.947root 11241100x8000000000000000404041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7110709f191112792021-12-21 10:40:17.947root 11241100x8000000000000000404042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba1ef3642c92f692021-12-21 10:40:17.948root 11241100x8000000000000000404043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7712347ef0162f012021-12-21 10:40:17.948root 11241100x8000000000000000404044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f766f2307c84d05b2021-12-21 10:40:17.948root 11241100x8000000000000000404045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.139c50de4a8aba592021-12-21 10:40:17.948root 11241100x8000000000000000404046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:17.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca0ce7725b63b7e2021-12-21 10:40:17.948root 11241100x8000000000000000404047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf82bbeaca2729322021-12-21 10:40:18.443root 11241100x8000000000000000404048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.692ef4b6aeca55282021-12-21 10:40:18.443root 11241100x8000000000000000404049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74760e288a5adad52021-12-21 10:40:18.443root 11241100x8000000000000000404050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25dcb767d3efaa6c2021-12-21 10:40:18.443root 11241100x8000000000000000404051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d2ad9e3edc4e6b22021-12-21 10:40:18.443root 11241100x8000000000000000404052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc670f37ffe2811d2021-12-21 10:40:18.444root 11241100x8000000000000000404053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.214895d7168c26db2021-12-21 10:40:18.444root 11241100x8000000000000000404054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b221fdf615aa4b622021-12-21 10:40:18.444root 11241100x8000000000000000404055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c50f800f88b86382021-12-21 10:40:18.444root 11241100x8000000000000000404056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d323905ad6e1ed2021-12-21 10:40:18.444root 11241100x8000000000000000404057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ce894194d2c5282021-12-21 10:40:18.444root 11241100x8000000000000000404058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6025e0ff77dc1bd92021-12-21 10:40:18.444root 11241100x8000000000000000404059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d60bc61d2f5183b2021-12-21 10:40:18.444root 11241100x8000000000000000404060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b492e4da041a2e882021-12-21 10:40:18.444root 11241100x8000000000000000404061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9757619ae0b52842021-12-21 10:40:18.444root 11241100x8000000000000000404062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90bbb85bd0a211812021-12-21 10:40:18.444root 11241100x8000000000000000404063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26bdf1a4edc4b3492021-12-21 10:40:18.445root 11241100x8000000000000000404064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae2147f831b9b0e62021-12-21 10:40:18.445root 11241100x8000000000000000404065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f5d1e2cbc52d9552021-12-21 10:40:18.445root 11241100x8000000000000000404066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6662914def6e33282021-12-21 10:40:18.445root 11241100x8000000000000000404067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b05334e6fb8e0e3d2021-12-21 10:40:18.445root 11241100x8000000000000000404068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed01b182e3daefc12021-12-21 10:40:18.445root 11241100x8000000000000000404069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c621d14ab79e0a392021-12-21 10:40:18.445root 11241100x8000000000000000404070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e308076f7981162c2021-12-21 10:40:18.445root 11241100x8000000000000000404071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.089095a9a59a1b3a2021-12-21 10:40:18.445root 11241100x8000000000000000404072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7adeb19051859ae2021-12-21 10:40:18.446root 11241100x8000000000000000404073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d2934200a1608202021-12-21 10:40:18.446root 11241100x8000000000000000404074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b6cb880af0cec5c2021-12-21 10:40:18.446root 11241100x8000000000000000404075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.039db01f875f2db92021-12-21 10:40:18.446root 11241100x8000000000000000404076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b61248bccddd4772021-12-21 10:40:18.446root 11241100x8000000000000000404077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a81bc470d502f552021-12-21 10:40:18.446root 11241100x8000000000000000404078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.193f672a046e14472021-12-21 10:40:18.446root 11241100x8000000000000000404079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.674cff0b29180d2d2021-12-21 10:40:18.446root 11241100x8000000000000000404080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8be529276b99cf332021-12-21 10:40:18.446root 11241100x8000000000000000404081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.927be56a041200322021-12-21 10:40:18.446root 11241100x8000000000000000404082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb5872fb0e69b4cc2021-12-21 10:40:18.446root 11241100x8000000000000000404083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc32136bb4be07c22021-12-21 10:40:18.446root 11241100x8000000000000000404084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2235d4e929d55f82021-12-21 10:40:18.446root 11241100x8000000000000000404085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.173601bfcf93ea482021-12-21 10:40:18.446root 11241100x8000000000000000404086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b4105a1bdb00382021-12-21 10:40:18.446root 11241100x8000000000000000404087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b57163aa6097842021-12-21 10:40:18.447root 11241100x8000000000000000404088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.930f7deeaefbf6a52021-12-21 10:40:18.447root 11241100x8000000000000000404089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3499ce47e59196db2021-12-21 10:40:18.447root 11241100x8000000000000000404090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b9df5b57632936d2021-12-21 10:40:18.447root 11241100x8000000000000000404091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.180566a270b26e312021-12-21 10:40:18.447root 11241100x8000000000000000404092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2c5def9489169d82021-12-21 10:40:18.447root 11241100x8000000000000000404093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50d4ebb70bf0ba7a2021-12-21 10:40:18.447root 11241100x8000000000000000404094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc8df528512497812021-12-21 10:40:18.447root 11241100x8000000000000000404095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8deec0f40b0748092021-12-21 10:40:18.943root 11241100x8000000000000000404096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cfe13377bf0cbc52021-12-21 10:40:18.943root 11241100x8000000000000000404097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c5cc8b83aeccbb82021-12-21 10:40:18.943root 11241100x8000000000000000404098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0655a9ab6e37be232021-12-21 10:40:18.943root 11241100x8000000000000000404099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c27135f82b53972021-12-21 10:40:18.943root 11241100x8000000000000000404100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d034f2d2c0e1b32021-12-21 10:40:18.943root 11241100x8000000000000000404101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f202d350bdbe412021-12-21 10:40:18.943root 11241100x8000000000000000404102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ca3cb54a74be402021-12-21 10:40:18.944root 11241100x8000000000000000404103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.954848379a05b6602021-12-21 10:40:18.944root 11241100x8000000000000000404104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a9a16d455ebbca52021-12-21 10:40:18.944root 11241100x8000000000000000404105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3438f7b4aa6ac282021-12-21 10:40:18.944root 11241100x8000000000000000404106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d8a62951450c5152021-12-21 10:40:18.944root 11241100x8000000000000000404107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58037c5010b7fe962021-12-21 10:40:18.944root 11241100x8000000000000000404108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ea483ff20d7a932021-12-21 10:40:18.944root 11241100x8000000000000000404109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c867a2926a2740b32021-12-21 10:40:18.944root 11241100x8000000000000000404110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c9d27a436f90a242021-12-21 10:40:18.945root 11241100x8000000000000000404111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be73b108476e630d2021-12-21 10:40:18.945root 11241100x8000000000000000404112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d77119140eb454df2021-12-21 10:40:18.945root 11241100x8000000000000000404113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2458cfd295b777932021-12-21 10:40:18.945root 11241100x8000000000000000404114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8343a5b65dd35d692021-12-21 10:40:18.945root 11241100x8000000000000000404115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec6669957f15ede72021-12-21 10:40:18.945root 11241100x8000000000000000404116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.522b06a3da50be322021-12-21 10:40:18.945root 11241100x8000000000000000404117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc8d0d1bbc49e7d2021-12-21 10:40:18.945root 11241100x8000000000000000404118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a37e915568fd744b2021-12-21 10:40:18.945root 11241100x8000000000000000404119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df96204ae59c8d2e2021-12-21 10:40:18.946root 11241100x8000000000000000404120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a2f6f9e955a4e1f2021-12-21 10:40:18.946root 11241100x8000000000000000404121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e062e5a2f97973942021-12-21 10:40:18.946root 11241100x8000000000000000404122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b437af49b2c1c1892021-12-21 10:40:18.946root 11241100x8000000000000000404123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e6c67341f3cc1b52021-12-21 10:40:18.947root 11241100x8000000000000000404124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c822c303a95d782021-12-21 10:40:18.947root 11241100x8000000000000000404125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61660d4ffb8e23cd2021-12-21 10:40:18.947root 11241100x8000000000000000404126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e067858e67cc81ed2021-12-21 10:40:18.948root 11241100x8000000000000000404127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b09b789fc3a72b862021-12-21 10:40:18.948root 11241100x8000000000000000404128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.555d9063063a98c42021-12-21 10:40:18.948root 11241100x8000000000000000404129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55a04678132ceb82021-12-21 10:40:18.949root 11241100x8000000000000000404130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcddd87eff1f1ab82021-12-21 10:40:18.949root 11241100x8000000000000000404131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22df1e49ce8ffadc2021-12-21 10:40:18.949root 11241100x8000000000000000404132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8287c37a941375e42021-12-21 10:40:18.950root 11241100x8000000000000000404133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8e18c9317ff2d82021-12-21 10:40:18.950root 11241100x8000000000000000404134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce8d30a80e0f4932021-12-21 10:40:18.950root 11241100x8000000000000000404135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca819e57eab2b562021-12-21 10:40:18.950root 11241100x8000000000000000404136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0576edf0f192c2c52021-12-21 10:40:18.950root 11241100x8000000000000000404137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d882d657d487acc2021-12-21 10:40:18.951root 11241100x8000000000000000404138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41f132b00fb48e8d2021-12-21 10:40:18.951root 11241100x8000000000000000404139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621b9051526292fc2021-12-21 10:40:18.951root 11241100x8000000000000000404140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ab6d127a476a2782021-12-21 10:40:18.951root 11241100x8000000000000000404141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a3057ff38decdd2021-12-21 10:40:18.951root 11241100x8000000000000000404142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a921b19b3e59d9b2021-12-21 10:40:18.952root 11241100x8000000000000000404143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f4b89f216b05492021-12-21 10:40:18.952root 11241100x8000000000000000404144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:18.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef5387c36986e9562021-12-21 10:40:18.953root 11241100x8000000000000000404145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8bfc980a236fab02021-12-21 10:40:19.443root 11241100x8000000000000000404146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2ef512ca7dda002021-12-21 10:40:19.443root 11241100x8000000000000000404147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d8837a2cd4e5d492021-12-21 10:40:19.443root 11241100x8000000000000000404148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.891e9b3b20f30e552021-12-21 10:40:19.443root 11241100x8000000000000000404149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e097327fcfa375d72021-12-21 10:40:19.443root 11241100x8000000000000000404150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41929c7a65030b6d2021-12-21 10:40:19.443root 11241100x8000000000000000404151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b8044990d94f02f2021-12-21 10:40:19.443root 11241100x8000000000000000404152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ed32633e7a99fa2021-12-21 10:40:19.444root 11241100x8000000000000000404153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d39e646d146754632021-12-21 10:40:19.444root 11241100x8000000000000000404154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c313efc6e9d600d2021-12-21 10:40:19.444root 11241100x8000000000000000404155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1fb350af658cd9f2021-12-21 10:40:19.444root 11241100x8000000000000000404156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.223aab0e2832dd6b2021-12-21 10:40:19.444root 11241100x8000000000000000404157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef6dfaaa928d52532021-12-21 10:40:19.444root 11241100x8000000000000000404158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c703dbad04f75f52021-12-21 10:40:19.444root 11241100x8000000000000000404159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.350fe3ef1f6ddeaa2021-12-21 10:40:19.444root 11241100x8000000000000000404160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5085287104172d22021-12-21 10:40:19.444root 11241100x8000000000000000404161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85fab46b1069da582021-12-21 10:40:19.444root 11241100x8000000000000000404162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18534f5443e51172021-12-21 10:40:19.444root 11241100x8000000000000000404163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c006cf0c1a5eea8b2021-12-21 10:40:19.445root 11241100x8000000000000000404164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a4ae4c4b0f5cef62021-12-21 10:40:19.445root 11241100x8000000000000000404165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bda48b3ba5d736f2021-12-21 10:40:19.445root 11241100x8000000000000000404166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b82ec29086ca30d62021-12-21 10:40:19.445root 11241100x8000000000000000404167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e1763298bd479402021-12-21 10:40:19.445root 11241100x8000000000000000404168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f551aadc07c98a62021-12-21 10:40:19.445root 11241100x8000000000000000404169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a948e7180e9aea522021-12-21 10:40:19.445root 11241100x8000000000000000404170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.678c7f62616db87f2021-12-21 10:40:19.445root 11241100x8000000000000000404171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d9c92c16bbd49782021-12-21 10:40:19.445root 11241100x8000000000000000404172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe96f1cfa766cb502021-12-21 10:40:19.445root 11241100x8000000000000000404173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.240ada9e4f918bfa2021-12-21 10:40:19.446root 11241100x8000000000000000404174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.111dc9c7dde910fa2021-12-21 10:40:19.446root 11241100x8000000000000000404175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfaa90e2c626a8b42021-12-21 10:40:19.446root 11241100x8000000000000000404176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10da5bfe72d0b8b42021-12-21 10:40:19.446root 11241100x8000000000000000404177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6289fe054f4b0cc92021-12-21 10:40:19.447root 11241100x8000000000000000404178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67233b124342acd2021-12-21 10:40:19.447root 11241100x8000000000000000404179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42970c085aa71f582021-12-21 10:40:19.447root 11241100x8000000000000000404180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3253317d4b06b4fc2021-12-21 10:40:19.447root 11241100x8000000000000000404181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db6aea92da578da2021-12-21 10:40:19.448root 11241100x8000000000000000404182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d3b6f08edf5a8b52021-12-21 10:40:19.448root 11241100x8000000000000000404183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e12dfd1c054ba782021-12-21 10:40:19.448root 11241100x8000000000000000404184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a77d1758c31c834e2021-12-21 10:40:19.448root 11241100x8000000000000000404185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0547a5b4e2a463322021-12-21 10:40:19.449root 11241100x8000000000000000404186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015f29e03663a94b2021-12-21 10:40:19.449root 11241100x8000000000000000404187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d81c438853cced52021-12-21 10:40:19.449root 11241100x8000000000000000404188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1882112117f42322021-12-21 10:40:19.449root 11241100x8000000000000000404189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be0f75a0e44242902021-12-21 10:40:19.449root 11241100x8000000000000000404190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd23d3b33d4e31482021-12-21 10:40:19.449root 11241100x8000000000000000404191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b7ceca02371dc9e2021-12-21 10:40:19.449root 11241100x8000000000000000404192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e3f6ec01d1877e2021-12-21 10:40:19.450root 11241100x8000000000000000404193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfca4d370aef5d6e2021-12-21 10:40:19.943root 11241100x8000000000000000404194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e43484743895af7b2021-12-21 10:40:19.943root 11241100x8000000000000000404195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0252c5dfc5a1c0152021-12-21 10:40:19.943root 11241100x8000000000000000404196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed0e302a323632152021-12-21 10:40:19.943root 11241100x8000000000000000404197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c6ca59192dd96fd2021-12-21 10:40:19.943root 11241100x8000000000000000404198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.193be92571d5fa6c2021-12-21 10:40:19.943root 11241100x8000000000000000404199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b72eefc12dc803522021-12-21 10:40:19.943root 11241100x8000000000000000404200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f381c26f27eb1e92021-12-21 10:40:19.944root 11241100x8000000000000000404201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c152bd0c7faf76232021-12-21 10:40:19.944root 11241100x8000000000000000404202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f77f2d3b6741e6532021-12-21 10:40:19.944root 11241100x8000000000000000404203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b24e2a6c1b378c92021-12-21 10:40:19.944root 11241100x8000000000000000404204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b77682819c5e2c2021-12-21 10:40:19.944root 11241100x8000000000000000404205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d0bc6140d09e002021-12-21 10:40:19.944root 11241100x8000000000000000404206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04da6a5385ce01502021-12-21 10:40:19.944root 11241100x8000000000000000404207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac249016f6df5c12021-12-21 10:40:19.944root 11241100x8000000000000000404208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7b4c21ca94bc8622021-12-21 10:40:19.944root 11241100x8000000000000000404209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ae83c0e2cf95282021-12-21 10:40:19.944root 11241100x8000000000000000404210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.003f0804d9551c392021-12-21 10:40:19.944root 11241100x8000000000000000404211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eddaece88e756522021-12-21 10:40:19.945root 11241100x8000000000000000404212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5843b350a6cdbd642021-12-21 10:40:19.945root 11241100x8000000000000000404213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9889991f3a8cd5c02021-12-21 10:40:19.945root 11241100x8000000000000000404214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140b2344ba241b1d2021-12-21 10:40:19.945root 11241100x8000000000000000404215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac200b1c0f0780b92021-12-21 10:40:19.945root 11241100x8000000000000000404216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86aa11cc90ec32b22021-12-21 10:40:19.945root 11241100x8000000000000000404217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feca7c8c5982dd662021-12-21 10:40:19.945root 11241100x8000000000000000404218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70bb3abe76a9a9452021-12-21 10:40:19.945root 11241100x8000000000000000404219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37949e8e6d0f5bd42021-12-21 10:40:19.945root 11241100x8000000000000000404220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ce36415d385dab2021-12-21 10:40:19.945root 11241100x8000000000000000404221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ef3066ac4d71592021-12-21 10:40:19.946root 11241100x8000000000000000404222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6222e1177264a0712021-12-21 10:40:19.946root 11241100x8000000000000000404223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ade8650ab7a3d4ff2021-12-21 10:40:19.946root 11241100x8000000000000000404224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c8a929833718122021-12-21 10:40:19.946root 11241100x8000000000000000404225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e2b2a2aa9befa82021-12-21 10:40:19.946root 11241100x8000000000000000404226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b6a6c9da4d9c12e2021-12-21 10:40:19.946root 11241100x8000000000000000404227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75850e65ff33daa82021-12-21 10:40:19.946root 11241100x8000000000000000404228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da01b0cf5af35072021-12-21 10:40:19.946root 11241100x8000000000000000404229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9146180ec3f06982021-12-21 10:40:19.947root 11241100x8000000000000000404230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f16a7488d9d1af482021-12-21 10:40:19.947root 11241100x8000000000000000404231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd15afd3ef8962942021-12-21 10:40:19.947root 11241100x8000000000000000404232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.843501818f1f7cea2021-12-21 10:40:19.947root 11241100x8000000000000000404233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38fa186c890cb2672021-12-21 10:40:19.947root 11241100x8000000000000000404234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c7f1770f74660d22021-12-21 10:40:19.947root 11241100x8000000000000000404235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec42176b7cbc420a2021-12-21 10:40:19.947root 11241100x8000000000000000404236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e4f291f43484d72021-12-21 10:40:19.947root 11241100x8000000000000000404237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b50cca23149297862021-12-21 10:40:19.947root 11241100x8000000000000000404238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cae408a65e911d82021-12-21 10:40:19.947root 11241100x8000000000000000404239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d044ca017c05e71c2021-12-21 10:40:19.948root 11241100x8000000000000000404240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36dcc54ebcac5a8d2021-12-21 10:40:19.948root 11241100x8000000000000000404241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec496e6d95a6942a2021-12-21 10:40:19.948root 11241100x8000000000000000404242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:19.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d0e3eb8fa8d7302021-12-21 10:40:19.948root 11241100x8000000000000000404243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b8278ca8393fe92021-12-21 10:40:20.443root 11241100x8000000000000000404244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c6ab110a0116a652021-12-21 10:40:20.443root 11241100x8000000000000000404245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e86053fc801b922021-12-21 10:40:20.443root 11241100x8000000000000000404246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03de9a24a456a3b12021-12-21 10:40:20.444root 11241100x8000000000000000404247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02cf9952ce823fea2021-12-21 10:40:20.444root 11241100x8000000000000000404248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58759cfdb006346b2021-12-21 10:40:20.444root 11241100x8000000000000000404249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5084762a353cd1902021-12-21 10:40:20.444root 11241100x8000000000000000404250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b9ad6b1a1dc8fa12021-12-21 10:40:20.444root 11241100x8000000000000000404251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f64e4cec20eb3992021-12-21 10:40:20.444root 11241100x8000000000000000404252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24f222a246d102092021-12-21 10:40:20.444root 11241100x8000000000000000404253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4045cca950cd963b2021-12-21 10:40:20.444root 11241100x8000000000000000404254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d29d97d9d5c71b672021-12-21 10:40:20.444root 11241100x8000000000000000404255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c9635f4ba7eda842021-12-21 10:40:20.444root 11241100x8000000000000000404256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c07139850f3aaf282021-12-21 10:40:20.444root 11241100x8000000000000000404257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8400a1c26c24f02021-12-21 10:40:20.444root 11241100x8000000000000000404258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d7de361bebb21612021-12-21 10:40:20.444root 11241100x8000000000000000404259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.163eee2c76453aa22021-12-21 10:40:20.444root 11241100x8000000000000000404260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b62bead05b0d0a52021-12-21 10:40:20.444root 11241100x8000000000000000404261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4918627e53e188152021-12-21 10:40:20.444root 11241100x8000000000000000404262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63d7c9fcd1b4936a2021-12-21 10:40:20.444root 11241100x8000000000000000404263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fc5572eb088cd772021-12-21 10:40:20.445root 11241100x8000000000000000404264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871e0606f95aad182021-12-21 10:40:20.445root 11241100x8000000000000000404265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c300aa23d154fe302021-12-21 10:40:20.445root 11241100x8000000000000000404266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d90fa52113955b5a2021-12-21 10:40:20.445root 11241100x8000000000000000404267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e47cc7ab7849b5c52021-12-21 10:40:20.445root 11241100x8000000000000000404268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e865e748d3dae3cb2021-12-21 10:40:20.445root 11241100x8000000000000000404269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bde84bca5b77decc2021-12-21 10:40:20.445root 11241100x8000000000000000404270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2111f72585c711b22021-12-21 10:40:20.445root 11241100x8000000000000000404271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1aec806e09a65472021-12-21 10:40:20.445root 11241100x8000000000000000404272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8dbd653dbd685622021-12-21 10:40:20.445root 11241100x8000000000000000404273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e273cf569240b192021-12-21 10:40:20.445root 11241100x8000000000000000404274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb56a936f51564b12021-12-21 10:40:20.445root 11241100x8000000000000000404275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da64fec70483c5ce2021-12-21 10:40:20.445root 11241100x8000000000000000404276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa2cc301d527e2e2021-12-21 10:40:20.445root 11241100x8000000000000000404277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8efbdb0b02dd1d5b2021-12-21 10:40:20.445root 11241100x8000000000000000404278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a0af556d43d53552021-12-21 10:40:20.445root 11241100x8000000000000000404279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.475eb028c76d3e3b2021-12-21 10:40:20.446root 11241100x8000000000000000404280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e39176a335d453442021-12-21 10:40:20.446root 11241100x8000000000000000404281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc6b4458a937871f2021-12-21 10:40:20.446root 11241100x8000000000000000404282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065759494a8a579c2021-12-21 10:40:20.446root 11241100x8000000000000000404283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a172fea29f32d592021-12-21 10:40:20.446root 11241100x8000000000000000404284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e21008956961f672021-12-21 10:40:20.446root 11241100x8000000000000000404285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.163cecf0069395412021-12-21 10:40:20.447root 11241100x8000000000000000404286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddb0aa531b2384cf2021-12-21 10:40:20.447root 11241100x8000000000000000404287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f8ef8e4bccdaeb22021-12-21 10:40:20.943root 11241100x8000000000000000404288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670a090be72e54812021-12-21 10:40:20.943root 11241100x8000000000000000404289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8214100c3f684f452021-12-21 10:40:20.943root 11241100x8000000000000000404290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc9b3ea60aa1526a2021-12-21 10:40:20.943root 11241100x8000000000000000404291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d27dbd43be21a02021-12-21 10:40:20.943root 11241100x8000000000000000404292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d446f2ce6e7a9312021-12-21 10:40:20.943root 11241100x8000000000000000404293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.166648b6e60beaa12021-12-21 10:40:20.943root 11241100x8000000000000000404294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d45d291107d921c62021-12-21 10:40:20.943root 11241100x8000000000000000404295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ee2a23bf7165722021-12-21 10:40:20.944root 11241100x8000000000000000404296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ca24f9ded774042021-12-21 10:40:20.944root 11241100x8000000000000000404297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc11efa2a3e66d092021-12-21 10:40:20.944root 11241100x8000000000000000404298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c149cdead70ef592021-12-21 10:40:20.944root 11241100x8000000000000000404299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e59ac58748c0f5682021-12-21 10:40:20.944root 11241100x8000000000000000404300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.352d7369f31a808e2021-12-21 10:40:20.944root 11241100x8000000000000000404301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c456cd1a17908e52021-12-21 10:40:20.944root 11241100x8000000000000000404302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7589beb685b290df2021-12-21 10:40:20.944root 11241100x8000000000000000404303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af247aa43d723bea2021-12-21 10:40:20.945root 11241100x8000000000000000404304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfa6d450742c2ab02021-12-21 10:40:20.945root 11241100x8000000000000000404305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1215d505c2a15da22021-12-21 10:40:20.945root 11241100x8000000000000000404306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d1d7f39933e739d2021-12-21 10:40:20.945root 11241100x8000000000000000404307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df50cac9b3787702021-12-21 10:40:20.945root 11241100x8000000000000000404308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.468df0252d5947bd2021-12-21 10:40:20.945root 11241100x8000000000000000404309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.282263762ac9281f2021-12-21 10:40:20.945root 11241100x8000000000000000404310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38b19a921de88a892021-12-21 10:40:20.945root 11241100x8000000000000000404311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f26ed29be3e342272021-12-21 10:40:20.945root 11241100x8000000000000000404312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b4dd292cb1704ce2021-12-21 10:40:20.945root 11241100x8000000000000000404313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c12e23ea3fe5ab92021-12-21 10:40:20.946root 11241100x8000000000000000404314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b23753681bb133602021-12-21 10:40:20.946root 11241100x8000000000000000404315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7027c90c20cbd3f92021-12-21 10:40:20.946root 11241100x8000000000000000404316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887a95cdb520b2d22021-12-21 10:40:20.946root 11241100x8000000000000000404317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.202de778e5cecffa2021-12-21 10:40:20.946root 11241100x8000000000000000404318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a21951f93b4148782021-12-21 10:40:20.947root 11241100x8000000000000000404319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a0b58140e6154bf2021-12-21 10:40:20.947root 11241100x8000000000000000404320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe82da500ccd31492021-12-21 10:40:20.947root 11241100x8000000000000000404321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd5b547e5bf8ecd2021-12-21 10:40:20.947root 11241100x8000000000000000404322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c56aa2e8d649f52021-12-21 10:40:20.948root 11241100x8000000000000000404323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f21a24a89fbc2f2021-12-21 10:40:20.948root 11241100x8000000000000000404324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.952ee14cf558cd1d2021-12-21 10:40:20.948root 11241100x8000000000000000404325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f50479aa8d10982021-12-21 10:40:20.948root 11241100x8000000000000000404326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c8032730eb26202021-12-21 10:40:20.948root 11241100x8000000000000000404327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.547be3eed0ebc5bf2021-12-21 10:40:20.948root 11241100x8000000000000000404328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621aa70152f0cbe42021-12-21 10:40:20.948root 11241100x8000000000000000404329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30df8b793f6d2edb2021-12-21 10:40:20.948root 11241100x8000000000000000404330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c692f0c6b59dd7302021-12-21 10:40:20.949root 11241100x8000000000000000404331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8949bde4dd88108e2021-12-21 10:40:20.949root 11241100x8000000000000000404332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f0c1b6bffa08832021-12-21 10:40:20.949root 11241100x8000000000000000404333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c134a010457574682021-12-21 10:40:20.949root 11241100x8000000000000000404334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:20.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf2a53e719521572021-12-21 10:40:20.949root 11241100x8000000000000000404335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e0488b9b9314ee42021-12-21 10:40:21.443root 11241100x8000000000000000404336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.381b1d110aa128b32021-12-21 10:40:21.443root 11241100x8000000000000000404337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36495d3dfe0d41c82021-12-21 10:40:21.443root 11241100x8000000000000000404338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77658683e3e031012021-12-21 10:40:21.443root 11241100x8000000000000000404339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.857811ffea17a7a32021-12-21 10:40:21.444root 11241100x8000000000000000404340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84152330633124b52021-12-21 10:40:21.444root 11241100x8000000000000000404341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c32c021aecf28f2021-12-21 10:40:21.444root 11241100x8000000000000000404342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ba52969c6e06de2021-12-21 10:40:21.444root 11241100x8000000000000000404343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95d4893697b132282021-12-21 10:40:21.444root 11241100x8000000000000000404344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b5a7a4b0062eced2021-12-21 10:40:21.444root 11241100x8000000000000000404345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d241917fc8cae1b62021-12-21 10:40:21.444root 11241100x8000000000000000404346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb2d38d3c2b88e302021-12-21 10:40:21.444root 11241100x8000000000000000404347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fda81bc481bb3452021-12-21 10:40:21.444root 11241100x8000000000000000404348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae9c54cb038592af2021-12-21 10:40:21.444root 11241100x8000000000000000404349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.041a28a2dc018c022021-12-21 10:40:21.444root 11241100x8000000000000000404350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f5ea8189f7afde82021-12-21 10:40:21.444root 11241100x8000000000000000404351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325960086df734432021-12-21 10:40:21.444root 11241100x8000000000000000404352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4523b011097deb692021-12-21 10:40:21.444root 11241100x8000000000000000404353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6ff9f8e6352a9df2021-12-21 10:40:21.444root 11241100x8000000000000000404354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fed796818756847a2021-12-21 10:40:21.444root 11241100x8000000000000000404355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f5c2890267e9eff2021-12-21 10:40:21.445root 11241100x8000000000000000404356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf1779e4c309073b2021-12-21 10:40:21.445root 11241100x8000000000000000404357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.004813af8a2a1aae2021-12-21 10:40:21.445root 11241100x8000000000000000404358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7a32040e88fb8d2021-12-21 10:40:21.445root 11241100x8000000000000000404359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96081de9083f0882021-12-21 10:40:21.445root 11241100x8000000000000000404360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b55dc00965cb282021-12-21 10:40:21.445root 11241100x8000000000000000404361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c7f7b1a10d32efa2021-12-21 10:40:21.445root 11241100x8000000000000000404362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f23a9fb7468fa4f2021-12-21 10:40:21.445root 11241100x8000000000000000404363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deddfb2eb4efa49a2021-12-21 10:40:21.445root 11241100x8000000000000000404364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d02d829dc34e462021-12-21 10:40:21.445root 11241100x8000000000000000404365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c96fae9ed7ff232021-12-21 10:40:21.445root 11241100x8000000000000000404366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4cc996806b7ec802021-12-21 10:40:21.445root 11241100x8000000000000000404367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c220844d0484f462021-12-21 10:40:21.445root 11241100x8000000000000000404368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7ca8e99ec33bab02021-12-21 10:40:21.446root 11241100x8000000000000000404369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def5aaf281eb466e2021-12-21 10:40:21.446root 11241100x8000000000000000404370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d24c1d7f955d33202021-12-21 10:40:21.446root 11241100x8000000000000000404371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b579031c01f07562021-12-21 10:40:21.446root 11241100x8000000000000000404372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb1f72301238ce932021-12-21 10:40:21.446root 11241100x8000000000000000404373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86903c4928c7a8c62021-12-21 10:40:21.446root 11241100x8000000000000000404374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ceca4718fb9cd32021-12-21 10:40:21.446root 11241100x8000000000000000404375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a96cf1bdfee1a6ee2021-12-21 10:40:21.446root 11241100x8000000000000000404376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d42042a35722e1422021-12-21 10:40:21.446root 11241100x8000000000000000404377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f56e9aac797968542021-12-21 10:40:21.447root 11241100x8000000000000000404378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc7363d4ab433822021-12-21 10:40:21.447root 11241100x8000000000000000404379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe0afbe636dfe232021-12-21 10:40:21.447root 11241100x8000000000000000404380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4774743a8f04b9b92021-12-21 10:40:21.447root 11241100x8000000000000000404381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab9bcb3a8d293d6f2021-12-21 10:40:21.447root 11241100x8000000000000000404382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5cf678c6d5eae3b2021-12-21 10:40:21.448root 11241100x8000000000000000404383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46907bd1f4de93042021-12-21 10:40:21.448root 11241100x8000000000000000404384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9be29326a0c5a4f62021-12-21 10:40:21.449root 11241100x8000000000000000404385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d016c764611a2d2021-12-21 10:40:21.449root 11241100x8000000000000000404386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.519253794c4527bb2021-12-21 10:40:21.449root 11241100x8000000000000000404387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54cd49422434c3d52021-12-21 10:40:21.943root 11241100x8000000000000000404388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.150ebf51668c66152021-12-21 10:40:21.943root 11241100x8000000000000000404389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5176e9a21f919252021-12-21 10:40:21.943root 11241100x8000000000000000404390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.020ba26b5f10119b2021-12-21 10:40:21.943root 11241100x8000000000000000404391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6690f518a981f58a2021-12-21 10:40:21.944root 11241100x8000000000000000404392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a408a1562d27de22021-12-21 10:40:21.944root 11241100x8000000000000000404393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc2855ec1f3cace62021-12-21 10:40:21.944root 11241100x8000000000000000404394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ddd302d974b967c2021-12-21 10:40:21.944root 11241100x8000000000000000404395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939f624af274592d2021-12-21 10:40:21.944root 11241100x8000000000000000404396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40de7fe0065b4a462021-12-21 10:40:21.944root 11241100x8000000000000000404397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8082bbeb2b4e68ca2021-12-21 10:40:21.944root 11241100x8000000000000000404398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.918dcd00789fda8b2021-12-21 10:40:21.944root 11241100x8000000000000000404399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d51af2917aedf6c12021-12-21 10:40:21.945root 11241100x8000000000000000404400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da151beb8afd217e2021-12-21 10:40:21.945root 11241100x8000000000000000404401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2350310f6eb6b822021-12-21 10:40:21.945root 11241100x8000000000000000404402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b42e85d590a69232021-12-21 10:40:21.945root 11241100x8000000000000000404403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24295da93b0435082021-12-21 10:40:21.945root 11241100x8000000000000000404404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cb8cd11c414a13d2021-12-21 10:40:21.945root 11241100x8000000000000000404405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed6878c11c569e632021-12-21 10:40:21.945root 11241100x8000000000000000404406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac0b3b721a784c342021-12-21 10:40:21.945root 11241100x8000000000000000404407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4224b87203f083792021-12-21 10:40:21.945root 11241100x8000000000000000404408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70ac4661a4dffad82021-12-21 10:40:21.946root 11241100x8000000000000000404409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3264b26ed146b7912021-12-21 10:40:21.946root 11241100x8000000000000000404410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa3c959c11eb57c2021-12-21 10:40:21.946root 11241100x8000000000000000404411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe24ed651841f922021-12-21 10:40:21.946root 11241100x8000000000000000404412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5acfc31f355b1972021-12-21 10:40:21.946root 11241100x8000000000000000404413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56102db0ba595f252021-12-21 10:40:21.946root 11241100x8000000000000000404414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07ba23b2a562bfb42021-12-21 10:40:21.946root 11241100x8000000000000000404415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.020e7bdbf9dd6dc52021-12-21 10:40:21.946root 11241100x8000000000000000404416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d8eb3cf7ddd1982021-12-21 10:40:21.946root 11241100x8000000000000000404417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377b37128996fc482021-12-21 10:40:21.946root 11241100x8000000000000000404418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52e89834e445cd612021-12-21 10:40:21.947root 11241100x8000000000000000404419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee1c137d4a0c9b62021-12-21 10:40:21.947root 11241100x8000000000000000404420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbdd865f1b4b3bd02021-12-21 10:40:21.947root 11241100x8000000000000000404421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4812672b0134804a2021-12-21 10:40:21.947root 11241100x8000000000000000404422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8399e694e7ee92c2021-12-21 10:40:21.947root 11241100x8000000000000000404423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a54fc08f2c31bce2021-12-21 10:40:21.948root 11241100x8000000000000000404424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d674471680d4adef2021-12-21 10:40:21.948root 11241100x8000000000000000404425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d32649308eb78b02021-12-21 10:40:21.949root 11241100x8000000000000000404426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f793bdd9ded9e90f2021-12-21 10:40:21.949root 11241100x8000000000000000404427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8493fcd90189c6772021-12-21 10:40:21.949root 11241100x8000000000000000404428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6d674db91810a572021-12-21 10:40:21.949root 11241100x8000000000000000404429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.929b8ebf5d08c17d2021-12-21 10:40:21.949root 11241100x8000000000000000404430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62dcde607d4841642021-12-21 10:40:21.952root 11241100x8000000000000000404431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce05c0def270b8962021-12-21 10:40:21.952root 11241100x8000000000000000404432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d583d8b87feda182021-12-21 10:40:21.953root 11241100x8000000000000000404433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86261acd8e44b3af2021-12-21 10:40:21.953root 11241100x8000000000000000404434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1792cf53da3ca8072021-12-21 10:40:21.953root 11241100x8000000000000000404435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:21.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.622c8335580d242b2021-12-21 10:40:21.954root 354300x8000000000000000404436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.215{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47434-false10.0.1.12-8000- 11241100x8000000000000000404437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fbaf735ebb4ed822021-12-21 10:40:22.216root 11241100x8000000000000000404438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01049fc65685a5ce2021-12-21 10:40:22.216root 11241100x8000000000000000404439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.175e470fb98495452021-12-21 10:40:22.216root 11241100x8000000000000000404440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b66e3ed7027bf50d2021-12-21 10:40:22.216root 11241100x8000000000000000404441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f93ce504f37d6c8a2021-12-21 10:40:22.216root 11241100x8000000000000000404442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb624127246787d92021-12-21 10:40:22.216root 11241100x8000000000000000404443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff57a235bd2f032b2021-12-21 10:40:22.217root 11241100x8000000000000000404444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46463b1c88ca3b72021-12-21 10:40:22.217root 11241100x8000000000000000404445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49ce8ba46635e422021-12-21 10:40:22.217root 11241100x8000000000000000404446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c00cfa08ea177ef82021-12-21 10:40:22.217root 11241100x8000000000000000404447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db7f19b3704497282021-12-21 10:40:22.217root 11241100x8000000000000000404448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b1d9179b85a0f42021-12-21 10:40:22.217root 11241100x8000000000000000404449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7075e353080a30792021-12-21 10:40:22.217root 11241100x8000000000000000404450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.838d932003cc9c032021-12-21 10:40:22.217root 11241100x8000000000000000404451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1491ea4f11ed25d22021-12-21 10:40:22.217root 11241100x8000000000000000404452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f89afafe0a12c132021-12-21 10:40:22.217root 11241100x8000000000000000404453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.212e812b8530da892021-12-21 10:40:22.218root 11241100x8000000000000000404454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ec4b1150a42abc2021-12-21 10:40:22.218root 11241100x8000000000000000404455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd99cd40c0c01d62021-12-21 10:40:22.218root 11241100x8000000000000000404456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb397d3c355ff75b2021-12-21 10:40:22.218root 11241100x8000000000000000404457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2feaecf573f95fe2021-12-21 10:40:22.218root 11241100x8000000000000000404458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.778620a77dd80c392021-12-21 10:40:22.218root 11241100x8000000000000000404459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de21482e81d96a992021-12-21 10:40:22.218root 11241100x8000000000000000404460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8ea1aa085218c342021-12-21 10:40:22.218root 11241100x8000000000000000404461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f37254267f8fa202021-12-21 10:40:22.218root 11241100x8000000000000000404462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.318f4196d0322e932021-12-21 10:40:22.219root 11241100x8000000000000000404463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30d476fbb3080dcc2021-12-21 10:40:22.219root 11241100x8000000000000000404464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4d03cffa49e0cc2021-12-21 10:40:22.219root 11241100x8000000000000000404465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dc74c1c84ba65c12021-12-21 10:40:22.219root 11241100x8000000000000000404466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ed4e3b110200442021-12-21 10:40:22.219root 11241100x8000000000000000404467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fcacc68e4107ae32021-12-21 10:40:22.219root 11241100x8000000000000000404468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f6341908baadd092021-12-21 10:40:22.219root 11241100x8000000000000000404469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f64e00d99af247d82021-12-21 10:40:22.219root 11241100x8000000000000000404470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e4afef33a8cccf2021-12-21 10:40:22.220root 11241100x8000000000000000404471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dedb461807dabd492021-12-21 10:40:22.220root 11241100x8000000000000000404472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5281101e6461bfdd2021-12-21 10:40:22.220root 11241100x8000000000000000404473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693ae072490491992021-12-21 10:40:22.220root 11241100x8000000000000000404474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13b8e333cae50f9d2021-12-21 10:40:22.220root 11241100x8000000000000000404475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a05c12340e8c5d2021-12-21 10:40:22.220root 11241100x8000000000000000404476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6459d5017844ffa2021-12-21 10:40:22.220root 11241100x8000000000000000404477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.836bc11720043cac2021-12-21 10:40:22.221root 11241100x8000000000000000404478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84eef083ad370d5f2021-12-21 10:40:22.221root 11241100x8000000000000000404479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b733d969f5cacb2021-12-21 10:40:22.221root 11241100x8000000000000000404480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57f436f3efc83c3d2021-12-21 10:40:22.221root 11241100x8000000000000000404481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7ebb345708ca2c2021-12-21 10:40:22.221root 11241100x8000000000000000404482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3ef7b19a58a0e272021-12-21 10:40:22.221root 11241100x8000000000000000404483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e172d637d2068ace2021-12-21 10:40:22.221root 11241100x8000000000000000404484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5040fab144763b02021-12-21 10:40:22.222root 11241100x8000000000000000404485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebdb512343eea5672021-12-21 10:40:22.222root 11241100x8000000000000000404486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e6c7aabe21bedcb2021-12-21 10:40:22.222root 11241100x8000000000000000404487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edec2243928ddd5c2021-12-21 10:40:22.222root 11241100x8000000000000000404488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e50dc7be593dbc2021-12-21 10:40:22.222root 11241100x8000000000000000404489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b85ee460de8451c52021-12-21 10:40:22.222root 11241100x8000000000000000404490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d73bf7e5320aa92021-12-21 10:40:22.222root 11241100x8000000000000000404491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.529618c6ce8003662021-12-21 10:40:22.222root 11241100x8000000000000000404492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3bd02da8e57c5e02021-12-21 10:40:22.223root 11241100x8000000000000000404493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b286afede270b42021-12-21 10:40:22.223root 11241100x8000000000000000404494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce69f03bc48192a2021-12-21 10:40:22.223root 11241100x8000000000000000404495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.703d48f8c224f0482021-12-21 10:40:22.223root 11241100x8000000000000000404496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3966e678069570d12021-12-21 10:40:22.693root 11241100x8000000000000000404497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a85f41d81ae650382021-12-21 10:40:22.693root 11241100x8000000000000000404498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a58a73a8d1924f152021-12-21 10:40:22.693root 11241100x8000000000000000404499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef3e5bbe404a218d2021-12-21 10:40:22.693root 11241100x8000000000000000404500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcbce2b5967a9f6c2021-12-21 10:40:22.694root 11241100x8000000000000000404501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f85a05321f2b4cd32021-12-21 10:40:22.694root 11241100x8000000000000000404502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd048f33f510f5e2021-12-21 10:40:22.694root 11241100x8000000000000000404503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7240be5b57adaca02021-12-21 10:40:22.694root 11241100x8000000000000000404504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b096590a9f9fc9072021-12-21 10:40:22.694root 11241100x8000000000000000404505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0bca0bc5ac3b4f92021-12-21 10:40:22.694root 11241100x8000000000000000404506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1bae317a9cec3702021-12-21 10:40:22.694root 11241100x8000000000000000404507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f0bda9f423960c2021-12-21 10:40:22.694root 11241100x8000000000000000404508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7cd721c0b5d0ac2021-12-21 10:40:22.694root 11241100x8000000000000000404509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.387e5763088e3ff82021-12-21 10:40:22.694root 11241100x8000000000000000404510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5094ec191304ebbd2021-12-21 10:40:22.694root 11241100x8000000000000000404511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c29f32020500bc2021-12-21 10:40:22.695root 11241100x8000000000000000404512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d62cf2b09a72c72021-12-21 10:40:22.695root 11241100x8000000000000000404513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.388f1e26097112722021-12-21 10:40:22.695root 11241100x8000000000000000404514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89992959ed68d6602021-12-21 10:40:22.695root 11241100x8000000000000000404515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.719f6f5dad2c95742021-12-21 10:40:22.695root 11241100x8000000000000000404516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.692a8cf5f159303a2021-12-21 10:40:22.695root 11241100x8000000000000000404517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3000254de128084e2021-12-21 10:40:22.695root 11241100x8000000000000000404518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5b04fd35014ee32021-12-21 10:40:22.695root 11241100x8000000000000000404519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8eb8c841f7a7f3d2021-12-21 10:40:22.695root 11241100x8000000000000000404520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de5e6f6e6cc653602021-12-21 10:40:22.695root 11241100x8000000000000000404521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5174513f53eebb352021-12-21 10:40:22.696root 11241100x8000000000000000404522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3edb22cb2ee5e71b2021-12-21 10:40:22.696root 11241100x8000000000000000404523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d58c5932a46db4772021-12-21 10:40:22.696root 11241100x8000000000000000404524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b07bd41d736da3a32021-12-21 10:40:22.696root 11241100x8000000000000000404525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103acb3530574e182021-12-21 10:40:22.696root 11241100x8000000000000000404526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de3cbe5f432ba8842021-12-21 10:40:22.696root 11241100x8000000000000000404527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa2562038d164e72021-12-21 10:40:22.696root 11241100x8000000000000000404528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c71f480cebcae7392021-12-21 10:40:22.696root 11241100x8000000000000000404529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13f957717dfdfdb2021-12-21 10:40:22.696root 11241100x8000000000000000404530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f66add73d954492021-12-21 10:40:22.696root 11241100x8000000000000000404531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79565655eed659ee2021-12-21 10:40:22.697root 11241100x8000000000000000404532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.556db03f001dbce82021-12-21 10:40:22.697root 11241100x8000000000000000404533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.161beef6f4bd3b7f2021-12-21 10:40:22.697root 11241100x8000000000000000404534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.827bba60ee0a46452021-12-21 10:40:22.697root 11241100x8000000000000000404535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.214865e10e6e92ca2021-12-21 10:40:22.697root 11241100x8000000000000000404536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64aa59e4202c104b2021-12-21 10:40:22.697root 11241100x8000000000000000404537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb4a54448a4c57b2021-12-21 10:40:22.697root 11241100x8000000000000000404538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bae4650ae121ef62021-12-21 10:40:22.697root 11241100x8000000000000000404539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12eba04789e0efd72021-12-21 10:40:22.697root 11241100x8000000000000000404540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8b58f22dcba6d172021-12-21 10:40:22.698root 11241100x8000000000000000404541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ed11ccffd1aba472021-12-21 10:40:22.698root 11241100x8000000000000000404542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5971cb8f04d2d7902021-12-21 10:40:22.698root 11241100x8000000000000000404543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.333583416df426fe2021-12-21 10:40:22.698root 11241100x8000000000000000404544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ac45cb61c180db2021-12-21 10:40:22.698root 11241100x8000000000000000404545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476c3db1ce0efd242021-12-21 10:40:22.698root 11241100x8000000000000000404546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3634b9ddef3f91b2021-12-21 10:40:22.698root 11241100x8000000000000000404547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:22.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d85fd95afec74f752021-12-21 10:40:22.698root 11241100x8000000000000000404548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7abe55a33b452192021-12-21 10:40:23.193root 11241100x8000000000000000404549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54bde452cffca8702021-12-21 10:40:23.193root 11241100x8000000000000000404550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7728a26eb1e17f662021-12-21 10:40:23.193root 11241100x8000000000000000404551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38564f54b7d6c0cf2021-12-21 10:40:23.193root 11241100x8000000000000000404552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.438d253e4bff1b762021-12-21 10:40:23.193root 11241100x8000000000000000404553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26639386237098b02021-12-21 10:40:23.193root 11241100x8000000000000000404554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47c8854bc30c4a072021-12-21 10:40:23.194root 11241100x8000000000000000404555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b26b98863489f44b2021-12-21 10:40:23.194root 11241100x8000000000000000404556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9586a97581b1f4cb2021-12-21 10:40:23.194root 11241100x8000000000000000404557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce72c5d7811e03f2021-12-21 10:40:23.194root 11241100x8000000000000000404558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2cd65904d4be8a52021-12-21 10:40:23.195root 11241100x8000000000000000404559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f85476d2b5f84b3e2021-12-21 10:40:23.195root 11241100x8000000000000000404560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.157146880cee32a32021-12-21 10:40:23.195root 11241100x8000000000000000404561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb17a2cbc44b40da2021-12-21 10:40:23.195root 11241100x8000000000000000404562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a495b42103747222021-12-21 10:40:23.195root 11241100x8000000000000000404563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b05478b4b63cb1df2021-12-21 10:40:23.195root 11241100x8000000000000000404564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.517eb458e9e7c0592021-12-21 10:40:23.195root 11241100x8000000000000000404565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b400bc885fce0dd2021-12-21 10:40:23.196root 11241100x8000000000000000404566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af6fc2d9bc6d3f92021-12-21 10:40:23.196root 11241100x8000000000000000404567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1a9c2697a545112021-12-21 10:40:23.196root 11241100x8000000000000000404568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e391ed9c7055c942021-12-21 10:40:23.196root 11241100x8000000000000000404569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edd2275014eaa9ca2021-12-21 10:40:23.196root 11241100x8000000000000000404570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f6f9f423dd195592021-12-21 10:40:23.196root 11241100x8000000000000000404571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.438153e009e711542021-12-21 10:40:23.196root 11241100x8000000000000000404572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.012f62e30fdf3cad2021-12-21 10:40:23.196root 11241100x8000000000000000404573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd27df25e44e5e82021-12-21 10:40:23.196root 11241100x8000000000000000404574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f6bfc4423aa22f22021-12-21 10:40:23.196root 11241100x8000000000000000404575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e66bd0fc6eaa4112021-12-21 10:40:23.197root 11241100x8000000000000000404576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab2a0c647f4238732021-12-21 10:40:23.197root 11241100x8000000000000000404577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200d7c7bb7702b362021-12-21 10:40:23.198root 11241100x8000000000000000404578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05cb97219ebd61e62021-12-21 10:40:23.198root 11241100x8000000000000000404579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df073f64e6201f592021-12-21 10:40:23.198root 11241100x8000000000000000404580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6174dfe8ed244d702021-12-21 10:40:23.198root 11241100x8000000000000000404581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4fed9d0abb743b12021-12-21 10:40:23.199root 11241100x8000000000000000404582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d6fff39b65640512021-12-21 10:40:23.200root 11241100x8000000000000000404583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef3e6336da9bbb652021-12-21 10:40:23.200root 11241100x8000000000000000404584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf6794aee132d5882021-12-21 10:40:23.200root 11241100x8000000000000000404585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3cff223b2c6de142021-12-21 10:40:23.200root 11241100x8000000000000000404586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db2d11c10035ef12021-12-21 10:40:23.200root 11241100x8000000000000000404587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75018c146c2202722021-12-21 10:40:23.200root 11241100x8000000000000000404588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6263721e9233723a2021-12-21 10:40:23.200root 11241100x8000000000000000404589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae3f79a66083c6052021-12-21 10:40:23.200root 11241100x8000000000000000404590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6eceb0434dad3002021-12-21 10:40:23.200root 11241100x8000000000000000404591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03b4a5dd7f40c4b82021-12-21 10:40:23.200root 11241100x8000000000000000404592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35fa7608b67e69772021-12-21 10:40:23.201root 11241100x8000000000000000404593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e19b95c31fd41972021-12-21 10:40:23.201root 11241100x8000000000000000404594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f7c9c68869297d42021-12-21 10:40:23.693root 11241100x8000000000000000404595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b0d219350b629b2021-12-21 10:40:23.693root 11241100x8000000000000000404596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff024ce0d1dc2d12021-12-21 10:40:23.693root 11241100x8000000000000000404597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f309eae55b2b0dac2021-12-21 10:40:23.693root 11241100x8000000000000000404598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33c58e7d84acdeef2021-12-21 10:40:23.694root 11241100x8000000000000000404599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d0c4d8b37a71f6c2021-12-21 10:40:23.694root 11241100x8000000000000000404600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b72ab4662f31413b2021-12-21 10:40:23.694root 11241100x8000000000000000404601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba215ffadf117e22021-12-21 10:40:23.694root 11241100x8000000000000000404602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fcd9c2ff5532e9f2021-12-21 10:40:23.694root 11241100x8000000000000000404603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd49bed0879b0b52021-12-21 10:40:23.694root 11241100x8000000000000000404604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.350e90a249aa49dc2021-12-21 10:40:23.694root 11241100x8000000000000000404605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa57da57b4f8ad6f2021-12-21 10:40:23.694root 11241100x8000000000000000404606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d3293ccf1c6e642021-12-21 10:40:23.694root 11241100x8000000000000000404607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe5f4bde2951146c2021-12-21 10:40:23.694root 11241100x8000000000000000404608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b60c23f84e0bf6fc2021-12-21 10:40:23.695root 11241100x8000000000000000404609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65cf7222a7bef8562021-12-21 10:40:23.695root 11241100x8000000000000000404610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d14e74982f5900092021-12-21 10:40:23.695root 11241100x8000000000000000404611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.215ca942d0d3abdb2021-12-21 10:40:23.695root 11241100x8000000000000000404612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1650c4acb21fe682021-12-21 10:40:23.695root 11241100x8000000000000000404613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee56ba953d0e79802021-12-21 10:40:23.695root 11241100x8000000000000000404614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881c06de5db997d72021-12-21 10:40:23.695root 11241100x8000000000000000404615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f06bbf966078b42021-12-21 10:40:23.695root 11241100x8000000000000000404616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52f82a3b58f9341a2021-12-21 10:40:23.695root 11241100x8000000000000000404617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c53e91567e893ed2021-12-21 10:40:23.696root 11241100x8000000000000000404618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.279d60e929f954002021-12-21 10:40:23.696root 11241100x8000000000000000404619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8ba38a79a2f812a2021-12-21 10:40:23.696root 11241100x8000000000000000404620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10073bf25cf088422021-12-21 10:40:23.696root 11241100x8000000000000000404621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c83823aa231089c82021-12-21 10:40:23.696root 11241100x8000000000000000404622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d1ed3e89d53c1fc2021-12-21 10:40:23.696root 11241100x8000000000000000404623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e5d343abfc93a92021-12-21 10:40:23.696root 11241100x8000000000000000404624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efd5df16e2d8a36c2021-12-21 10:40:23.696root 11241100x8000000000000000404625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a480b947b9cebd2021-12-21 10:40:23.696root 11241100x8000000000000000404626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea3161d1f20484c2021-12-21 10:40:23.696root 11241100x8000000000000000404627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4afeb7584afef12021-12-21 10:40:23.697root 11241100x8000000000000000404628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12b149920b793df2021-12-21 10:40:23.697root 11241100x8000000000000000404629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de4616ed4ea0fa422021-12-21 10:40:23.697root 11241100x8000000000000000404630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.317c2d71fa0faa262021-12-21 10:40:23.697root 11241100x8000000000000000404631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871b9ac472f1155d2021-12-21 10:40:23.697root 11241100x8000000000000000404632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb5704ca6cd7c7622021-12-21 10:40:23.697root 11241100x8000000000000000404633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3105657a0a1cd5062021-12-21 10:40:23.697root 11241100x8000000000000000404634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9426b8b7c0620e942021-12-21 10:40:23.698root 11241100x8000000000000000404635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71e3145585db65b02021-12-21 10:40:23.699root 11241100x8000000000000000404636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e50e15b77577cddb2021-12-21 10:40:23.699root 11241100x8000000000000000404637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a54762ba4ef1d1c22021-12-21 10:40:23.699root 11241100x8000000000000000404638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5619b863cb81ded2021-12-21 10:40:23.699root 11241100x8000000000000000404639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.224681af80e807332021-12-21 10:40:23.699root 11241100x8000000000000000404640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:23.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.861e2a7039e3d7422021-12-21 10:40:23.699root 11241100x8000000000000000404641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f411b6f8197ea7a52021-12-21 10:40:24.193root 11241100x8000000000000000404642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d84368e05b57942021-12-21 10:40:24.193root 11241100x8000000000000000404643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30dd86bfc8aa50e82021-12-21 10:40:24.193root 11241100x8000000000000000404644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71991f075b5023f42021-12-21 10:40:24.193root 11241100x8000000000000000404645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8d886536e1419322021-12-21 10:40:24.193root 11241100x8000000000000000404646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bbfb5933b332e902021-12-21 10:40:24.193root 11241100x8000000000000000404647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a700cb77f6935d782021-12-21 10:40:24.193root 11241100x8000000000000000404648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9fbd0b6438301d62021-12-21 10:40:24.193root 11241100x8000000000000000404649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db8208bbf426c8b32021-12-21 10:40:24.194root 11241100x8000000000000000404650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f29585d92b2d0742021-12-21 10:40:24.194root 11241100x8000000000000000404651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.442585fda7f4d0652021-12-21 10:40:24.194root 11241100x8000000000000000404652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4690cc56876d622021-12-21 10:40:24.194root 11241100x8000000000000000404653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c7b0c00426d7c3b2021-12-21 10:40:24.194root 11241100x8000000000000000404654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87fc031ef4ed0db42021-12-21 10:40:24.194root 11241100x8000000000000000404655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d51e157bb17939332021-12-21 10:40:24.195root 11241100x8000000000000000404656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e6a6ba197cd63d22021-12-21 10:40:24.195root 11241100x8000000000000000404657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ed00752a84594302021-12-21 10:40:24.195root 11241100x8000000000000000404658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31454b1469f2c85f2021-12-21 10:40:24.195root 11241100x8000000000000000404659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b80c9c8ef965792021-12-21 10:40:24.196root 11241100x8000000000000000404660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c92bd72bc9bb0b2021-12-21 10:40:24.196root 11241100x8000000000000000404661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5387a6f7bb6e33a2021-12-21 10:40:24.196root 11241100x8000000000000000404662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bb4549680b617692021-12-21 10:40:24.196root 11241100x8000000000000000404663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ccb9af9c44a2df2021-12-21 10:40:24.196root 11241100x8000000000000000404664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9278c034c0026662021-12-21 10:40:24.196root 11241100x8000000000000000404665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f432c80b41e412132021-12-21 10:40:24.196root 11241100x8000000000000000404666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29af95813ca2a27a2021-12-21 10:40:24.196root 11241100x8000000000000000404667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331728c0826d0afb2021-12-21 10:40:24.196root 11241100x8000000000000000404668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ce199a97dd07fc02021-12-21 10:40:24.196root 11241100x8000000000000000404669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1574e2c883c1d42021-12-21 10:40:24.197root 11241100x8000000000000000404670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713ff35a9089ef502021-12-21 10:40:24.197root 11241100x8000000000000000404671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.054459d8eef439c22021-12-21 10:40:24.197root 11241100x8000000000000000404672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf053cd7ece31842021-12-21 10:40:24.197root 11241100x8000000000000000404673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dccc102951eb5eb72021-12-21 10:40:24.197root 11241100x8000000000000000404674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b62a5484b00a0322021-12-21 10:40:24.197root 11241100x8000000000000000404675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea2673d8c92cab72021-12-21 10:40:24.197root 11241100x8000000000000000404676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2031df7ea180ec972021-12-21 10:40:24.197root 11241100x8000000000000000404677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c68ae9f331c5202021-12-21 10:40:24.197root 11241100x8000000000000000404678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c70ba2b06e013182021-12-21 10:40:24.197root 11241100x8000000000000000404679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a6e925f6ab455372021-12-21 10:40:24.197root 11241100x8000000000000000404680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b9356009d367542021-12-21 10:40:24.198root 11241100x8000000000000000404681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35239c788e1b4a82021-12-21 10:40:24.198root 11241100x8000000000000000404682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6068e73650ed23a02021-12-21 10:40:24.198root 11241100x8000000000000000404683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a2e16e696cb51962021-12-21 10:40:24.198root 11241100x8000000000000000404684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceee3a96558f63682021-12-21 10:40:24.198root 11241100x8000000000000000404685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a56c3074b3d74f632021-12-21 10:40:24.693root 11241100x8000000000000000404686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03eee199fbddd1922021-12-21 10:40:24.693root 11241100x8000000000000000404687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e0089b18156526e2021-12-21 10:40:24.693root 11241100x8000000000000000404688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd6d98895b24a2822021-12-21 10:40:24.693root 11241100x8000000000000000404689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c779d9f7791f93822021-12-21 10:40:24.693root 11241100x8000000000000000404690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7579237666df85e32021-12-21 10:40:24.693root 11241100x8000000000000000404691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d5ff5cee69bcced2021-12-21 10:40:24.694root 11241100x8000000000000000404692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f4bd59a15ba86252021-12-21 10:40:24.694root 11241100x8000000000000000404693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fd655967aa4813d2021-12-21 10:40:24.694root 11241100x8000000000000000404694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc95205159bd0002021-12-21 10:40:24.694root 11241100x8000000000000000404695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3db5005a8e4d0f82021-12-21 10:40:24.694root 11241100x8000000000000000404696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d84aab282c89fc572021-12-21 10:40:24.694root 11241100x8000000000000000404697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82618ae83f953a132021-12-21 10:40:24.694root 11241100x8000000000000000404698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.572454a1238067c12021-12-21 10:40:24.694root 11241100x8000000000000000404699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c9f1f285c9ede962021-12-21 10:40:24.694root 11241100x8000000000000000404700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d555fc55a1498e1f2021-12-21 10:40:24.694root 11241100x8000000000000000404701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8704db1031e24cfd2021-12-21 10:40:24.695root 11241100x8000000000000000404702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f7f7202044f3c672021-12-21 10:40:24.695root 11241100x8000000000000000404703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e807b02ca3e09b2021-12-21 10:40:24.695root 11241100x8000000000000000404704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d7c5d7150e30bd2021-12-21 10:40:24.695root 11241100x8000000000000000404705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6411032ff69c4922021-12-21 10:40:24.695root 11241100x8000000000000000404706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0041359bf7bcaf9a2021-12-21 10:40:24.695root 11241100x8000000000000000404707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2747d11f71b2d81b2021-12-21 10:40:24.695root 11241100x8000000000000000404708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d198a90dc51195952021-12-21 10:40:24.695root 11241100x8000000000000000404709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a98c7f9809a3b012021-12-21 10:40:24.696root 11241100x8000000000000000404710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5121f09a6c9177042021-12-21 10:40:24.696root 11241100x8000000000000000404711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73571579a41804b62021-12-21 10:40:24.696root 11241100x8000000000000000404712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f80df9bb17eac402021-12-21 10:40:24.696root 11241100x8000000000000000404713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02115ecb3c8abcbb2021-12-21 10:40:24.696root 11241100x8000000000000000404714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8384656de58e2b522021-12-21 10:40:24.696root 11241100x8000000000000000404715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98d754d21ccf17d82021-12-21 10:40:24.698root 11241100x8000000000000000404716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.039e126616ad48132021-12-21 10:40:24.698root 11241100x8000000000000000404717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ba664e035c46d52021-12-21 10:40:24.698root 11241100x8000000000000000404718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a2f4a5fd33ae382021-12-21 10:40:24.698root 11241100x8000000000000000404719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d93088737c10d222021-12-21 10:40:24.699root 11241100x8000000000000000404720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.337d6f99aa04e0aa2021-12-21 10:40:24.699root 11241100x8000000000000000404721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c7c25d3ea2ab752021-12-21 10:40:24.699root 11241100x8000000000000000404722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f43d8f20f9f6378d2021-12-21 10:40:24.699root 11241100x8000000000000000404723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f10ca16f019f55d2021-12-21 10:40:24.699root 11241100x8000000000000000404724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b77cfe3c2fbe85b2021-12-21 10:40:24.699root 11241100x8000000000000000404725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.739661441a8f65a72021-12-21 10:40:24.699root 11241100x8000000000000000404726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be4d7161b551696b2021-12-21 10:40:24.699root 11241100x8000000000000000404727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.955de640410936b72021-12-21 10:40:24.700root 11241100x8000000000000000404728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd33fe339551d1572021-12-21 10:40:24.700root 11241100x8000000000000000404729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25499f5d53bd14442021-12-21 10:40:24.700root 11241100x8000000000000000404730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a58810b459cf0f032021-12-21 10:40:24.700root 11241100x8000000000000000404731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608d48aa49f3925a2021-12-21 10:40:24.700root 11241100x8000000000000000404732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96ec7ff2f2f4a16f2021-12-21 10:40:24.700root 11241100x8000000000000000404733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:24.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.514e2a0ae51fc4f92021-12-21 10:40:24.700root 354300x8000000000000000404734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:25.186{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-34500-false10.0.1.12-8089- 11241100x8000000000000000404735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:25.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.759561e8a411d2042021-12-21 10:40:25.186root 11241100x8000000000000000404736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:25.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f0f54eb142f59412021-12-21 10:40:25.186root 11241100x8000000000000000404737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:25.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad19512dd09a16832021-12-21 10:40:25.186root 11241100x8000000000000000404738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:25.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25dc5b612559c81d2021-12-21 10:40:25.187root 11241100x8000000000000000404739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:25.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26da8abd9adc32222021-12-21 10:40:25.187root 11241100x8000000000000000404740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:25.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68738f713dc570332021-12-21 10:40:25.187root 11241100x8000000000000000404741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:25.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18f512cccd79e7b2021-12-21 10:40:25.187root 11241100x8000000000000000404742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:25.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d687cf2b255e91f62021-12-21 10:40:25.187root 11241100x8000000000000000404743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:25.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b3ece234ea2d1262021-12-21 10:40:25.187root 11241100x8000000000000000404744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:25.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31798f3267d3c81b2021-12-21 10:40:25.187root 11241100x8000000000000000404745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:25.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab921ecc4b8a40b2021-12-21 10:40:25.187root 11241100x8000000000000000404746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:25.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c66285ca273227cf2021-12-21 10:40:25.187root 11241100x8000000000000000404747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:25.188{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba8a15b37d7643b72021-12-21 10:40:25.188root 11241100x8000000000000000404748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:25.188{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.083eb273434d7e082021-12-21 10:40:25.188root 11241100x8000000000000000404749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:25.188{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4025b3368bea018d2021-12-21 10:40:25.188root 11241100x8000000000000000404750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:25.188{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e3a20a103cf50b62021-12-21 10:40:25.188root 11241100x8000000000000000404751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:25.188{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f038e53041fe3a6a2021-12-21 10:40:25.188root 11241100x8000000000000000404752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:25.188{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.496550f4d72e01e62021-12-21 10:40:25.188root 11241100x8000000000000000404753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:25.188{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6f2026370c977002021-12-21 10:40:25.188root 11241100x8000000000000000404754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:25.188{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf56ca4432337fd2021-12-21 10:40:25.188root 11241100x8000000000000000404755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:25.188{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fd47f50e46200a62021-12-21 10:40:25.188root 11241100x8000000000000000404756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:25.188{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.528155b343981bc62021-12-21 10:40:25.188root 11241100x8000000000000000404757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:25.189{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2af815d95cba3d62021-12-21 10:40:25.189root 11241100x8000000000000000404758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:25.189{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaa52c89ad3dca552021-12-21 10:40:25.189root 11241100x8000000000000000404759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:25.189{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47dd40828a282b462021-12-21 10:40:25.189root 11241100x8000000000000000404760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:25.189{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d4a19c7d759ede22021-12-21 10:40:25.189root 11241100x8000000000000000404761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:25.189{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c91e60e3409007be2021-12-21 10:40:25.189root 11241100x8000000000000000404762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:25.189{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0428b7827e1bb7812021-12-21 10:40:25.189root 11241100x8000000000000000404763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:25.189{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77b35361d65069ab2021-12-21 10:40:25.189root 11241100x8000000000000000404764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:25.189{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f25f940638c30fb2021-12-21 10:40:25.189root 11241100x8000000000000000404765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:25.189{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ed27af4d519c4c2021-12-21 10:40:25.189root 11241100x8000000000000000404766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:25.189{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0f9e07db0031e52021-12-21 10:40:25.189root 11241100x8000000000000000404767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:25.189{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b57d87e0783016c62021-12-21 10:40:25.189root 11241100x8000000000000000404768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:25.189{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ba4a540b3cd8742021-12-21 10:40:25.189root 11241100x8000000000000000404769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:25.190{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d3c1fb15b7962e82021-12-21 10:40:25.190root 11241100x8000000000000000404770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:25.190{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.145ed21486cd74862021-12-21 10:40:25.190root 11241100x8000000000000000404771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:25.190{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb960d0f7bef96f62021-12-21 10:40:25.190root 11241100x8000000000000000404772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:25.190{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.535a09ae47f13cda2021-12-21 10:40:25.190root 11241100x8000000000000000404773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:25.190{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4cc39350d47a07a2021-12-21 10:40:25.190root 11241100x8000000000000000404774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:25.190{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.917170f488af3b2d2021-12-21 10:40:25.190root 11241100x8000000000000000404775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:25.190{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f80fc326b897b4ff2021-12-21 10:40:25.190root 11241100x8000000000000000404776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:25.190{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29efe2b7295071bc2021-12-21 10:40:25.190root 11241100x8000000000000000404777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:25.190{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def24672c0ee4d5a2021-12-21 10:40:25.190root 11241100x8000000000000000404778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:25.190{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f2fc41f3fd2bdb22021-12-21 10:40:25.190root 11241100x8000000000000000404779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:25.191{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2ed8256d083a0762021-12-21 10:40:25.191root 11241100x8000000000000000404780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:25.191{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43eb3cafcda9dfc82021-12-21 10:40:25.191root 11241100x8000000000000000404781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:25.191{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b1a3a601c1393b82021-12-21 10:40:25.191root 11241100x8000000000000000404782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:25.191{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1cc6aae617fbb2f2021-12-21 10:40:25.191root 11241100x8000000000000000404783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:25.191{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b48366ce997e8e4e2021-12-21 10:40:25.191root 11241100x8000000000000000404784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:25.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae143ea1133dd76f2021-12-21 10:40:25.192root 154100x8000000000000000404830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:29.256{ec2b6afe-af1d-61c1-6884-d5fd0f560000}9758/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 534500x8000000000000000404831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:29.268{ec2b6afe-af1d-61c1-6884-d5fd0f560000}9758/bin/psroot 11241100x8000000000000000404832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b6ba7b2f5204fc82021-12-21 10:40:29.693root 11241100x8000000000000000404833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de619728dac9fc812021-12-21 10:40:29.693root 11241100x8000000000000000404834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:30.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.324048db29c020722021-12-21 10:40:30.192root 11241100x8000000000000000404835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:30.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c082788170deb30d2021-12-21 10:40:30.192root 11241100x8000000000000000404836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:30.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c6340d9b9b50da2021-12-21 10:40:30.692root 11241100x8000000000000000404837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:30.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a2b9110c75df5552021-12-21 10:40:30.692root 11241100x8000000000000000404838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:31.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71beaa2b26c747622021-12-21 10:40:31.192root 11241100x8000000000000000404839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:31.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a8a067b4ad15922021-12-21 10:40:31.192root 11241100x8000000000000000404840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:31.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b319adb612c6c8fa2021-12-21 10:40:31.692root 11241100x8000000000000000404841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:31.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f628077cab3c32b92021-12-21 10:40:31.692root 11241100x8000000000000000404842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:32.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de33c0842ca9efb22021-12-21 10:40:32.192root 11241100x8000000000000000404843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5615a88757fe182e2021-12-21 10:40:32.193root 11241100x8000000000000000404844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:32.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b78da07e8c9465932021-12-21 10:40:32.692root 11241100x8000000000000000404845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c30ab0d1f0b903f2021-12-21 10:40:32.693root 354300x8000000000000000404846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:33.032{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47440-false10.0.1.12-8000- 11241100x8000000000000000404847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:33.032{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1894cd5358888cd82021-12-21 10:40:33.032root 11241100x8000000000000000404848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:33.033{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aa9699c6ec326552021-12-21 10:40:33.033root 11241100x8000000000000000404849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:33.033{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a7f56958e1cfc3f2021-12-21 10:40:33.033root 11241100x8000000000000000404850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:33.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2975d5c932e354722021-12-21 10:40:33.442root 11241100x8000000000000000404851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e976da7add1ca27d2021-12-21 10:40:33.443root 11241100x8000000000000000404852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa8720db12dc82d22021-12-21 10:40:33.443root 11241100x8000000000000000404853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:33.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d1f099a9a38ad22021-12-21 10:40:33.942root 11241100x8000000000000000404854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53540f9d72e33d52021-12-21 10:40:33.943root 11241100x8000000000000000404855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b60fd2cbba67be492021-12-21 10:40:33.943root 11241100x8000000000000000404856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:34.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11226977fbd60a002021-12-21 10:40:34.442root 11241100x8000000000000000404857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0555bbe93c824a462021-12-21 10:40:34.443root 11241100x8000000000000000404858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6239c6d673ba43332021-12-21 10:40:34.443root 11241100x8000000000000000404859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:34.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf5f7d3f6c583e132021-12-21 10:40:34.942root 11241100x8000000000000000404860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ab580370c55f432021-12-21 10:40:34.943root 11241100x8000000000000000404861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76eb33d306d11b3f2021-12-21 10:40:34.943root 11241100x8000000000000000404862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8890d03aebc5284a2021-12-21 10:40:35.443root 11241100x8000000000000000404863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.302e30f20555870b2021-12-21 10:40:35.443root 11241100x8000000000000000404864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c6c37da7a4bd1422021-12-21 10:40:35.443root 11241100x8000000000000000404865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:35.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e649e4192674c83d2021-12-21 10:40:35.942root 11241100x8000000000000000404866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f650651228b885e72021-12-21 10:40:35.943root 11241100x8000000000000000404867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a579e35d8d99c42021-12-21 10:40:35.943root 11241100x8000000000000000404868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:36.345{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 10:40:36.345root 11241100x8000000000000000404869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:36.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d88471da5964fa32021-12-21 10:40:36.345root 11241100x8000000000000000404870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:36.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6af23304ca0e932021-12-21 10:40:36.345root 11241100x8000000000000000404871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:36.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bdf3364570ee51d2021-12-21 10:40:36.346root 11241100x8000000000000000404872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:36.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c5999de052eaac2021-12-21 10:40:36.692root 11241100x8000000000000000404873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba7044a26bde130a2021-12-21 10:40:36.693root 11241100x8000000000000000404874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f613a6a6978ee42021-12-21 10:40:36.693root 11241100x8000000000000000404875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a133f8cfc90ec9a52021-12-21 10:40:36.693root 11241100x8000000000000000404876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:37.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.480145c002c7ffb72021-12-21 10:40:37.192root 11241100x8000000000000000404877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.822d3e56ed07c97e2021-12-21 10:40:37.193root 11241100x8000000000000000404878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9671e83dd4c6160c2021-12-21 10:40:37.193root 11241100x8000000000000000404879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34dcbedaa3a0d0812021-12-21 10:40:37.193root 11241100x8000000000000000404880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:37.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9aec5398d5bfbd82021-12-21 10:40:37.692root 11241100x8000000000000000404881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa06d35ec430b5c2021-12-21 10:40:37.693root 11241100x8000000000000000404882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56d335f8ceb32d962021-12-21 10:40:37.693root 11241100x8000000000000000404883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65ac9ad0f746e6782021-12-21 10:40:37.693root 354300x8000000000000000404884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:38.187{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47442-false10.0.1.12-8000- 11241100x8000000000000000404885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:38.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24ab5eea65a44a4e2021-12-21 10:40:38.187root 11241100x8000000000000000404886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:38.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef9ef988a4fd7782021-12-21 10:40:38.187root 11241100x8000000000000000404887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:38.188{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9876ad55230da5d22021-12-21 10:40:38.188root 11241100x8000000000000000404888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:38.188{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c76795db7645d02021-12-21 10:40:38.188root 11241100x8000000000000000404889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:38.188{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e6cea54c76978492021-12-21 10:40:38.188root 11241100x8000000000000000404890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc5d9543c8e86712021-12-21 10:40:38.443root 11241100x8000000000000000404891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2091e5a5adf186042021-12-21 10:40:38.443root 11241100x8000000000000000404892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bcd9a01960dc95e2021-12-21 10:40:38.443root 11241100x8000000000000000404893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b23e1bc62422e7c22021-12-21 10:40:38.444root 11241100x8000000000000000404894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b366f7f175e2388c2021-12-21 10:40:38.444root 11241100x8000000000000000404895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8b5ddc9af1d6dc62021-12-21 10:40:38.943root 11241100x8000000000000000404896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce52a7a686de5de52021-12-21 10:40:38.943root 11241100x8000000000000000404897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc62816e4abe66f2021-12-21 10:40:38.943root 11241100x8000000000000000404898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c38ecd519ea0d32021-12-21 10:40:38.943root 11241100x8000000000000000404899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.663a9e35b7bdc88b2021-12-21 10:40:38.944root 23542300x8000000000000000404900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:39.346{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000404901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:39.347{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.780304eec34dfefe2021-12-21 10:40:39.347root 11241100x8000000000000000404902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:39.347{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99096aa951d42be82021-12-21 10:40:39.347root 11241100x8000000000000000404903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:39.347{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1481450a49b74a802021-12-21 10:40:39.347root 11241100x8000000000000000404904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:39.347{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89acbada3ab97f142021-12-21 10:40:39.347root 11241100x8000000000000000404905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:39.347{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c38b6eac54b23c662021-12-21 10:40:39.347root 11241100x8000000000000000404906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:39.347{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54afa49834caaaa62021-12-21 10:40:39.347root 11241100x8000000000000000404907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61236b5936b147a22021-12-21 10:40:39.693root 11241100x8000000000000000404908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.434a53150335670f2021-12-21 10:40:39.693root 11241100x8000000000000000404909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3a8ebf649ae9cb72021-12-21 10:40:39.693root 11241100x8000000000000000404910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57142e154eb41fe82021-12-21 10:40:39.693root 11241100x8000000000000000404911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30cccb9ba95516362021-12-21 10:40:39.693root 11241100x8000000000000000404912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fa87faa80c4dfb02021-12-21 10:40:39.693root 11241100x8000000000000000404913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3513cf6e0da6c9c72021-12-21 10:40:40.193root 11241100x8000000000000000404914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae28a62e5e6cc072021-12-21 10:40:40.193root 11241100x8000000000000000404915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242834039e4c99922021-12-21 10:40:40.193root 11241100x8000000000000000404916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f823f9b28066e0512021-12-21 10:40:40.193root 11241100x8000000000000000404917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d99a6f6dff58451e2021-12-21 10:40:40.193root 11241100x8000000000000000404918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95df1dd3e49aa1f62021-12-21 10:40:40.193root 11241100x8000000000000000404919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e9e8e77dc2df6822021-12-21 10:40:40.693root 11241100x8000000000000000404920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7fb35107c3095eb2021-12-21 10:40:40.693root 11241100x8000000000000000404921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c727cf2d133afb22021-12-21 10:40:40.693root 11241100x8000000000000000404922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.707ff6ec1354976d2021-12-21 10:40:40.693root 11241100x8000000000000000404923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae8127ef8aabd3f2021-12-21 10:40:40.693root 11241100x8000000000000000404924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cad8874a6d865e02021-12-21 10:40:40.693root 11241100x8000000000000000404925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1eaa9abdf5910e82021-12-21 10:40:41.193root 11241100x8000000000000000404926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1237ff23c3be27a02021-12-21 10:40:41.193root 11241100x8000000000000000404927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53edb0f90275c4902021-12-21 10:40:41.193root 11241100x8000000000000000404928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be831011f05bd002021-12-21 10:40:41.193root 11241100x8000000000000000404929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a238c66acd2cfd2021-12-21 10:40:41.193root 11241100x8000000000000000404930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fd29fcb8f5de1862021-12-21 10:40:41.193root 11241100x8000000000000000404931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c32129a2c8412f8a2021-12-21 10:40:41.693root 11241100x8000000000000000404932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31b4d7379c7242b42021-12-21 10:40:41.693root 11241100x8000000000000000404933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e815cab696616b32021-12-21 10:40:41.693root 11241100x8000000000000000404934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce937d09c7baa56d2021-12-21 10:40:41.693root 11241100x8000000000000000404935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a41efa095697067a2021-12-21 10:40:41.693root 11241100x8000000000000000404936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428e208a65a2cb2f2021-12-21 10:40:41.693root 11241100x8000000000000000404937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66a1294bd4c819412021-12-21 10:40:42.193root 11241100x8000000000000000404938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da64393b6ecbdce2021-12-21 10:40:42.193root 11241100x8000000000000000404939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.580ed38c09c144992021-12-21 10:40:42.193root 11241100x8000000000000000404940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.977755d3881577a52021-12-21 10:40:42.193root 11241100x8000000000000000404941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57f59949312c5a232021-12-21 10:40:42.193root 11241100x8000000000000000404942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29947a0c731fe9252021-12-21 10:40:42.193root 11241100x8000000000000000404943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3ffe1ad7e15b1992021-12-21 10:40:42.693root 11241100x8000000000000000404944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49d15a4b01510052021-12-21 10:40:42.693root 11241100x8000000000000000404945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82f4869219cd42f62021-12-21 10:40:42.693root 11241100x8000000000000000404946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb78f009cebb64d32021-12-21 10:40:42.693root 11241100x8000000000000000404947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e96ab56f3a01a82021-12-21 10:40:42.693root 11241100x8000000000000000404948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afabb7cc9f5dfad32021-12-21 10:40:42.693root 11241100x8000000000000000404949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b42ab8961bad2ee12021-12-21 10:40:43.193root 11241100x8000000000000000404950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cba33c11ed88a0d2021-12-21 10:40:43.193root 11241100x8000000000000000404951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21279fd1f61a87da2021-12-21 10:40:43.193root 11241100x8000000000000000404952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01538d16b1056a462021-12-21 10:40:43.193root 11241100x8000000000000000404953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e48b5d2beb9dbceb2021-12-21 10:40:43.193root 11241100x8000000000000000404954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6662c74aa7588c252021-12-21 10:40:43.193root 354300x8000000000000000404955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:43.202{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47444-false10.0.1.12-8000- 11241100x8000000000000000404956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e623e717cb1dea2021-12-21 10:40:43.693root 11241100x8000000000000000404957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.767cd710ed46bce52021-12-21 10:40:43.693root 11241100x8000000000000000404958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a7a4951c0c088652021-12-21 10:40:43.693root 11241100x8000000000000000404959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f901f9d90995ea2021-12-21 10:40:43.693root 11241100x8000000000000000404960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5c764128a1f36902021-12-21 10:40:43.693root 11241100x8000000000000000404961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90021a342a3809042021-12-21 10:40:43.693root 11241100x8000000000000000404962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d51de12d7b42b7ae2021-12-21 10:40:43.693root 11241100x8000000000000000404963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c48f6a55140f38b2021-12-21 10:40:44.193root 11241100x8000000000000000404964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc414c2ab463f5b2021-12-21 10:40:44.193root 11241100x8000000000000000404965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af00f6eee18f5bdd2021-12-21 10:40:44.193root 11241100x8000000000000000404966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df83c006f73c02892021-12-21 10:40:44.193root 11241100x8000000000000000404967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ace94eb30ab550d2021-12-21 10:40:44.193root 11241100x8000000000000000404968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ff6aa25f682aec72021-12-21 10:40:44.193root 11241100x8000000000000000404969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f830b0f395e01c92021-12-21 10:40:44.193root 11241100x8000000000000000404970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5691a0e536aaa002021-12-21 10:40:44.693root 11241100x8000000000000000404971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a795707023b32662021-12-21 10:40:44.693root 11241100x8000000000000000404972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f10dbb5f94bd592021-12-21 10:40:44.693root 11241100x8000000000000000404973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d664b73360b3f1472021-12-21 10:40:44.693root 11241100x8000000000000000404974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc89315e3f118ba2021-12-21 10:40:44.693root 11241100x8000000000000000404975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548beab88c839c202021-12-21 10:40:44.693root 11241100x8000000000000000404976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec5f4199360385b52021-12-21 10:40:44.693root 11241100x8000000000000000404977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091190ba9540743c2021-12-21 10:40:45.193root 11241100x8000000000000000404978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e7e58926f135782021-12-21 10:40:45.193root 11241100x8000000000000000404979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.974ef2bc54989ca72021-12-21 10:40:45.193root 11241100x8000000000000000404980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.907d996fd5b7bdf02021-12-21 10:40:45.193root 11241100x8000000000000000404981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d91599d842ea282021-12-21 10:40:45.193root 11241100x8000000000000000404982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d224353f28eb5dde2021-12-21 10:40:45.193root 11241100x8000000000000000404983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b570ac171703f4592021-12-21 10:40:45.193root 11241100x8000000000000000404984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be936b9f26a1d502021-12-21 10:40:45.693root 11241100x8000000000000000404985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d508afa49fa32d232021-12-21 10:40:45.693root 11241100x8000000000000000404986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ab23f93815871d42021-12-21 10:40:45.693root 11241100x8000000000000000404987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55876c8fbb582dbc2021-12-21 10:40:45.693root 11241100x8000000000000000404988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd7af585164b5f382021-12-21 10:40:45.693root 11241100x8000000000000000404989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.650c9333489829022021-12-21 10:40:45.693root 11241100x8000000000000000404990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35ed84248d3ba4192021-12-21 10:40:45.693root 534500x8000000000000000404991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:46.127{00000000-0000-0000-0000-000000000000}7367<unknown process>root 11241100x8000000000000000404992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:46.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.715cb6c489f367a52021-12-21 10:40:46.128root 11241100x8000000000000000404993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:46.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.271be88f323d667c2021-12-21 10:40:46.128root 11241100x8000000000000000404994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:46.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb2c427a10dc2ba32021-12-21 10:40:46.128root 11241100x8000000000000000404995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:46.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ffc5b2c16cf27f2021-12-21 10:40:46.128root 11241100x8000000000000000404996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:46.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef8558be0aea243c2021-12-21 10:40:46.128root 11241100x8000000000000000404997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:46.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31dce631da1bddbf2021-12-21 10:40:46.128root 11241100x8000000000000000404998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:46.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2229b0e387c916202021-12-21 10:40:46.128root 11241100x8000000000000000404999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:46.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4324a48723a4287c2021-12-21 10:40:46.128root 534500x8000000000000000405000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:46.131{00000000-0000-0000-0000-000000000000}304<unknown process>root 534500x8000000000000000405001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:46.335{00000000-0000-0000-0000-000000000000}1634<unknown process>root 534500x8000000000000000405002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:46.335{00000000-0000-0000-0000-000000000000}2011<unknown process>root 11241100x8000000000000000405003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10958c216073a0e32021-12-21 10:40:46.443root 11241100x8000000000000000405004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e36c7ed60d1f59072021-12-21 10:40:46.443root 11241100x8000000000000000405005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca55f067e59c0c982021-12-21 10:40:46.443root 11241100x8000000000000000405006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3731920b2dd7e3fc2021-12-21 10:40:46.443root 11241100x8000000000000000405007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be4f53e6a60139d2021-12-21 10:40:46.443root 11241100x8000000000000000405008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4bfdc7e38c24b3d2021-12-21 10:40:46.443root 11241100x8000000000000000405009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ca6d0c7aa1ca8d22021-12-21 10:40:46.443root 11241100x8000000000000000405010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adb9d0292cd78d782021-12-21 10:40:46.443root 11241100x8000000000000000405011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f017366caabfc4932021-12-21 10:40:46.443root 11241100x8000000000000000405012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b86cad305787c062021-12-21 10:40:46.443root 11241100x8000000000000000405013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e0ff4ecd8bbcbb2021-12-21 10:40:46.444root 11241100x8000000000000000405014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e6187150f0794272021-12-21 10:40:46.943root 11241100x8000000000000000405015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2010703bc1287a0f2021-12-21 10:40:46.943root 11241100x8000000000000000405016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee4c32d516f62ad2021-12-21 10:40:46.943root 11241100x8000000000000000405017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e949a7ef5e7f0f5f2021-12-21 10:40:46.943root 534500x8000000000000000405018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:46.943{00000000-0000-0000-0000-000000000000}7<unknown process>root 11241100x8000000000000000405019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78df254af9d77bee2021-12-21 10:40:46.943root 11241100x8000000000000000405020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2370689b83fd1c292021-12-21 10:40:46.943root 11241100x8000000000000000405021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c1f3d37533e5f7f2021-12-21 10:40:46.943root 11241100x8000000000000000405022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62f40a78f4bf4c552021-12-21 10:40:46.943root 11241100x8000000000000000405023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d83af8398e20d382021-12-21 10:40:46.943root 11241100x8000000000000000405024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9286e129505ef09e2021-12-21 10:40:46.944root 11241100x8000000000000000405025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a583a2d0fd2c1032021-12-21 10:40:46.944root 11241100x8000000000000000405026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c1f9fa9f662bbe2021-12-21 10:40:47.443root 11241100x8000000000000000405027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38c98b66df954f9b2021-12-21 10:40:47.443root 11241100x8000000000000000405028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.520c5f769fd43d542021-12-21 10:40:47.443root 11241100x8000000000000000405029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe19eb7a9460dc102021-12-21 10:40:47.443root 11241100x8000000000000000405030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6231f9ce729b1c602021-12-21 10:40:47.443root 11241100x8000000000000000405031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f92da72f469d272021-12-21 10:40:47.443root 11241100x8000000000000000405032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e5ba9cc031a241e2021-12-21 10:40:47.443root 11241100x8000000000000000405033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a1ad1ff39dee7f2021-12-21 10:40:47.443root 11241100x8000000000000000405034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1742c165ddab7442021-12-21 10:40:47.443root 11241100x8000000000000000405035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926180f80fd49b402021-12-21 10:40:47.444root 11241100x8000000000000000405036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7712aef08c0fab222021-12-21 10:40:47.444root 11241100x8000000000000000405037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d78db5bb721d7ccf2021-12-21 10:40:47.444root 11241100x8000000000000000405038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef96f0f922d1e5852021-12-21 10:40:47.943root 11241100x8000000000000000405039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e96c92491a8f06e2021-12-21 10:40:47.943root 11241100x8000000000000000405040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bbf081cd5df0aea2021-12-21 10:40:47.943root 11241100x8000000000000000405041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a38e5a4fe4fc56202021-12-21 10:40:47.943root 11241100x8000000000000000405042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1f0e84c4d37282d2021-12-21 10:40:47.943root 11241100x8000000000000000405043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.715e154affd9d3df2021-12-21 10:40:47.943root 11241100x8000000000000000405044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99da8a6a822392292021-12-21 10:40:47.943root 11241100x8000000000000000405045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5717d0bc0dd7097a2021-12-21 10:40:47.943root 11241100x8000000000000000405046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c065f540f4476e992021-12-21 10:40:47.943root 11241100x8000000000000000405047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e529b46c29f0af942021-12-21 10:40:47.944root 11241100x8000000000000000405048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.492687f5987e5b912021-12-21 10:40:47.944root 11241100x8000000000000000405049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb954975cab27f82021-12-21 10:40:47.944root 534500x8000000000000000405050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:48.171{00000000-0000-0000-0000-000000000000}2335<unknown process>root 354300x8000000000000000405051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:48.258{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47446-false10.0.1.12-8000- 11241100x8000000000000000405052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:48.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ab5c8d2cb403f62021-12-21 10:40:48.259root 11241100x8000000000000000405053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:48.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf48cb8a722f4632021-12-21 10:40:48.259root 11241100x8000000000000000405054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:48.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd76f3770a0aeb902021-12-21 10:40:48.259root 11241100x8000000000000000405055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:48.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3246f8d37b090af22021-12-21 10:40:48.259root 11241100x8000000000000000405056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:48.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ad01bcb777aca622021-12-21 10:40:48.259root 11241100x8000000000000000405057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:48.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd1f0a87e0636ea62021-12-21 10:40:48.259root 11241100x8000000000000000405058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:48.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d6de42ff29a1802021-12-21 10:40:48.259root 11241100x8000000000000000405059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:48.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e032dc516e646abe2021-12-21 10:40:48.259root 11241100x8000000000000000405060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:48.260{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b0293c7ffecbf782021-12-21 10:40:48.260root 11241100x8000000000000000405061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:48.260{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965d11a55c7799622021-12-21 10:40:48.260root 11241100x8000000000000000405062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:48.260{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c1ed5bc9b9f43e2021-12-21 10:40:48.260root 11241100x8000000000000000405063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:48.260{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b3733bc65c9d8722021-12-21 10:40:48.260root 11241100x8000000000000000405064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:48.260{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42a5afc569c95f872021-12-21 10:40:48.260root 11241100x8000000000000000405065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:48.260{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d8119549053d272021-12-21 10:40:48.260root 11241100x8000000000000000405066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4ef78bb6312e80b2021-12-21 10:40:48.693root 11241100x8000000000000000405067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eda33aad26ba3cb2021-12-21 10:40:48.693root 11241100x8000000000000000405068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.237b0348a39a9e112021-12-21 10:40:48.693root 11241100x8000000000000000405069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b90095d819a19f512021-12-21 10:40:48.693root 11241100x8000000000000000405070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b29bcd13af9e94a2021-12-21 10:40:48.693root 11241100x8000000000000000405071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72feafcbb4cdb292021-12-21 10:40:48.694root 11241100x8000000000000000405072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4313cf9c2a3bcc582021-12-21 10:40:48.694root 11241100x8000000000000000405073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5880db1d4ae89c2021-12-21 10:40:48.694root 11241100x8000000000000000405074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.911fb14eed59d8fb2021-12-21 10:40:48.694root 11241100x8000000000000000405075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abcb0d0ca734dbb02021-12-21 10:40:48.694root 11241100x8000000000000000405076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e39757cb33497462021-12-21 10:40:48.694root 11241100x8000000000000000405077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.675a1560599f11362021-12-21 10:40:48.694root 11241100x8000000000000000405078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbd9bcab9e759e422021-12-21 10:40:48.694root 11241100x8000000000000000405079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.223301b126dc03f22021-12-21 10:40:48.694root 11241100x8000000000000000405080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c176e03f4f77992021-12-21 10:40:49.193root 11241100x8000000000000000405081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58906b4e74ac052f2021-12-21 10:40:49.193root 11241100x8000000000000000405082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0c71c4812f0bef2021-12-21 10:40:49.193root 11241100x8000000000000000405083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.391d8f4d1e62d4982021-12-21 10:40:49.193root 11241100x8000000000000000405084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ec367fd9c8cad62021-12-21 10:40:49.193root 11241100x8000000000000000405085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf7d059f9920ee62021-12-21 10:40:49.193root 11241100x8000000000000000405086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6dbf2ece741c0c22021-12-21 10:40:49.194root 11241100x8000000000000000405087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc9a63101b417e62021-12-21 10:40:49.194root 11241100x8000000000000000405088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62b354c5d41918312021-12-21 10:40:49.194root 11241100x8000000000000000405089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.893dfeeb40f53a7d2021-12-21 10:40:49.194root 11241100x8000000000000000405090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1466382bc50f64902021-12-21 10:40:49.194root 11241100x8000000000000000405091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa620494a7b0fcb2021-12-21 10:40:49.194root 11241100x8000000000000000405092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.577125a45e60da632021-12-21 10:40:49.194root 11241100x8000000000000000405093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.062934d2e89fc94b2021-12-21 10:40:49.194root 11241100x8000000000000000405094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8011d63577ab15b02021-12-21 10:40:49.693root 11241100x8000000000000000405095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608a21a7fe8aa5bd2021-12-21 10:40:49.693root 11241100x8000000000000000405096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e4e7d3089cf510e2021-12-21 10:40:49.693root 11241100x8000000000000000405097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9964da94a65a68672021-12-21 10:40:49.693root 11241100x8000000000000000405098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b54d552308fc36c12021-12-21 10:40:49.693root 11241100x8000000000000000405099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.156c8e28cbcf98c02021-12-21 10:40:49.693root 11241100x8000000000000000405100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b5d0f224685b7b2021-12-21 10:40:49.693root 11241100x8000000000000000405101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da64750dda7c2f1f2021-12-21 10:40:49.694root 11241100x8000000000000000405102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.284fc60cebd08b922021-12-21 10:40:49.694root 11241100x8000000000000000405103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c77f460607d235072021-12-21 10:40:49.694root 11241100x8000000000000000405104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.044bef9d0150e1612021-12-21 10:40:49.694root 11241100x8000000000000000405105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98477b147651160e2021-12-21 10:40:49.694root 11241100x8000000000000000405106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ac37b6a913ba3942021-12-21 10:40:49.694root 11241100x8000000000000000405107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf9bb2543ea1a572021-12-21 10:40:49.694root 11241100x8000000000000000405108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a80d1df72c40e0f12021-12-21 10:40:50.193root 11241100x8000000000000000405109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be49085f336fce822021-12-21 10:40:50.193root 11241100x8000000000000000405110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b7132e7f2103b12021-12-21 10:40:50.193root 11241100x8000000000000000405111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5833e5457def17bd2021-12-21 10:40:50.193root 11241100x8000000000000000405112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b401d10265d2f72021-12-21 10:40:50.193root 11241100x8000000000000000405113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f5b6e4c09a14572021-12-21 10:40:50.193root 11241100x8000000000000000405114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e6f0b5c94685172021-12-21 10:40:50.193root 11241100x8000000000000000405115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb1857f6eba94122021-12-21 10:40:50.193root 11241100x8000000000000000405116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6926095ee5a55dfd2021-12-21 10:40:50.194root 11241100x8000000000000000405117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf168ab5879c0b22021-12-21 10:40:50.194root 11241100x8000000000000000405118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d02f508cb2281fc2021-12-21 10:40:50.194root 11241100x8000000000000000405119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b94ef931a2ae65f2021-12-21 10:40:50.194root 11241100x8000000000000000405120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c90490706ad1c67d2021-12-21 10:40:50.194root 11241100x8000000000000000405121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52d629f58e7cf2ad2021-12-21 10:40:50.194root 534500x8000000000000000405122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:50.219{00000000-0000-0000-0000-000000000000}6462<unknown process>root 11241100x8000000000000000405123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6db88dfc9645b352021-12-21 10:40:50.693root 11241100x8000000000000000405124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eddd5b91785b78fe2021-12-21 10:40:50.693root 11241100x8000000000000000405125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.befb42fbb0e29d652021-12-21 10:40:50.693root 11241100x8000000000000000405126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a845c1df0b4b558b2021-12-21 10:40:50.693root 11241100x8000000000000000405127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf97bc6fb81bc46e2021-12-21 10:40:50.693root 11241100x8000000000000000405128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a68eb1b83a39b52021-12-21 10:40:50.694root 11241100x8000000000000000405129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cadab19cd627d2a42021-12-21 10:40:50.694root 11241100x8000000000000000405130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e707661f486a9072021-12-21 10:40:50.694root 11241100x8000000000000000405131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d83a0cfa32459182021-12-21 10:40:50.694root 11241100x8000000000000000405132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.475cd0c2a789a7df2021-12-21 10:40:50.694root 11241100x8000000000000000405133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce39520d304708a2021-12-21 10:40:50.694root 11241100x8000000000000000405134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.675572a435031e0f2021-12-21 10:40:50.694root 11241100x8000000000000000405135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d772711d278d7a9c2021-12-21 10:40:50.694root 11241100x8000000000000000405136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb7102cccb315f02021-12-21 10:40:50.694root 11241100x8000000000000000405137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a7e2ecbf66b98132021-12-21 10:40:50.694root 11241100x8000000000000000405138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d14b446c646b3632021-12-21 10:40:51.193root 11241100x8000000000000000405139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.429e369d7e11408d2021-12-21 10:40:51.193root 11241100x8000000000000000405140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5028013931ff6c262021-12-21 10:40:51.193root 11241100x8000000000000000405141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25cdeb187deafbcc2021-12-21 10:40:51.193root 11241100x8000000000000000405142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e19dc03d841e2f2021-12-21 10:40:51.193root 11241100x8000000000000000405143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a7612cceb7fddbf2021-12-21 10:40:51.194root 11241100x8000000000000000405144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc06a406b0bbd982021-12-21 10:40:51.194root 11241100x8000000000000000405145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa5aa43f7d747bd2021-12-21 10:40:51.194root 11241100x8000000000000000405146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13e57b77fa11a3682021-12-21 10:40:51.194root 11241100x8000000000000000405147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88daa6d5584ef1432021-12-21 10:40:51.194root 11241100x8000000000000000405148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0933d7a34f292382021-12-21 10:40:51.194root 11241100x8000000000000000405149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb9b4c868b3be742021-12-21 10:40:51.194root 11241100x8000000000000000405150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89adc96bddf5dd6a2021-12-21 10:40:51.194root 11241100x8000000000000000405151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34dfc7a28c99b3412021-12-21 10:40:51.194root 11241100x8000000000000000405152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d9b5b973ec0b072021-12-21 10:40:51.194root 11241100x8000000000000000405153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac1eeb4fec392b9a2021-12-21 10:40:51.693root 11241100x8000000000000000405154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8eded9f1b47bc2b2021-12-21 10:40:51.693root 11241100x8000000000000000405155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3aeea7fc425478f2021-12-21 10:40:51.693root 11241100x8000000000000000405156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae9c4dbd19082912021-12-21 10:40:51.693root 11241100x8000000000000000405157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92c06e675e845fd32021-12-21 10:40:51.693root 11241100x8000000000000000405158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d444583048b60cd2021-12-21 10:40:51.693root 11241100x8000000000000000405159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d18a32a4487414d2021-12-21 10:40:51.693root 11241100x8000000000000000405160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.457818745f635e452021-12-21 10:40:51.693root 11241100x8000000000000000405161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d0d7571965792c02021-12-21 10:40:51.694root 11241100x8000000000000000405162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81cbf525cad95f072021-12-21 10:40:51.694root 11241100x8000000000000000405163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df62535b79346ff2021-12-21 10:40:51.694root 11241100x8000000000000000405164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4627263da5b740d12021-12-21 10:40:51.694root 11241100x8000000000000000405165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a752c7c3cd75bd3f2021-12-21 10:40:51.694root 11241100x8000000000000000405166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b02724c31a4f5f2021-12-21 10:40:51.694root 11241100x8000000000000000405167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.543c192dc02a9f782021-12-21 10:40:51.694root 11241100x8000000000000000405168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0572f91922efa7bd2021-12-21 10:40:52.193root 11241100x8000000000000000405169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf57ba8313285b52021-12-21 10:40:52.193root 11241100x8000000000000000405170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94877efe6cc1f6992021-12-21 10:40:52.193root 11241100x8000000000000000405171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99318e578758dab62021-12-21 10:40:52.193root 11241100x8000000000000000405172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58bac380bc177f672021-12-21 10:40:52.193root 11241100x8000000000000000405173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ebe6e3cad7ea9942021-12-21 10:40:52.193root 11241100x8000000000000000405174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e25b202beea6bb402021-12-21 10:40:52.193root 11241100x8000000000000000405175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63f58a39ff2d4b462021-12-21 10:40:52.193root 11241100x8000000000000000405176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f2a1b4b70efb6032021-12-21 10:40:52.194root 11241100x8000000000000000405177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adc2809bdbec061b2021-12-21 10:40:52.194root 11241100x8000000000000000405178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a6c222e0ceafba2021-12-21 10:40:52.194root 11241100x8000000000000000405179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa3fb1195b09f8b02021-12-21 10:40:52.194root 11241100x8000000000000000405180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c7c2d2e6aaf31392021-12-21 10:40:52.194root 11241100x8000000000000000405181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cecdd316db0df4512021-12-21 10:40:52.194root 11241100x8000000000000000405182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0dff12e0d8c2f02021-12-21 10:40:52.194root 11241100x8000000000000000405183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc2d7b2021fbb1672021-12-21 10:40:52.693root 11241100x8000000000000000405184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412faef4a090fb052021-12-21 10:40:52.693root 11241100x8000000000000000405185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a062902747c1445e2021-12-21 10:40:52.693root 11241100x8000000000000000405186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.577144ec84e91d332021-12-21 10:40:52.693root 11241100x8000000000000000405187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3ffd294bd694f052021-12-21 10:40:52.693root 11241100x8000000000000000405188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65205984632090932021-12-21 10:40:52.693root 11241100x8000000000000000405189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.451c784bc90b2df82021-12-21 10:40:52.693root 11241100x8000000000000000405190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200ca55f88a6ea0b2021-12-21 10:40:52.694root 11241100x8000000000000000405191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69864d9637418c322021-12-21 10:40:52.694root 11241100x8000000000000000405192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c0933b7b57748f2021-12-21 10:40:52.694root 11241100x8000000000000000405193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e2bba0734e73fa2021-12-21 10:40:52.694root 11241100x8000000000000000405194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a560b9a3aaf851ea2021-12-21 10:40:52.694root 11241100x8000000000000000405195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccf00b6a6a39a0232021-12-21 10:40:52.694root 11241100x8000000000000000405196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f902ad933133012021-12-21 10:40:52.694root 11241100x8000000000000000405197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad77551ea41553fb2021-12-21 10:40:52.694root 11241100x8000000000000000405198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7916f97c36d4ac002021-12-21 10:40:53.193root 11241100x8000000000000000405199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d36ae02943749d92021-12-21 10:40:53.193root 11241100x8000000000000000405200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.494ede02ada5f20c2021-12-21 10:40:53.193root 11241100x8000000000000000405201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0b7f714a9dacc82021-12-21 10:40:53.193root 11241100x8000000000000000405202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd7c3e63964029612021-12-21 10:40:53.193root 11241100x8000000000000000405203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e29488cde521b722021-12-21 10:40:53.193root 11241100x8000000000000000405204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.176449867bf454822021-12-21 10:40:53.193root 11241100x8000000000000000405205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e449297c00644832021-12-21 10:40:53.193root 11241100x8000000000000000405206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f6b9c99d6c495b2021-12-21 10:40:53.194root 11241100x8000000000000000405207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67765f5cfface5822021-12-21 10:40:53.194root 11241100x8000000000000000405208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ab6933cba9c93e42021-12-21 10:40:53.194root 11241100x8000000000000000405209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a28b6e264316a5d52021-12-21 10:40:53.194root 11241100x8000000000000000405210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2424bad30b7e80e2021-12-21 10:40:53.194root 11241100x8000000000000000405211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7538f95ed7c3ce152021-12-21 10:40:53.194root 11241100x8000000000000000405212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd754eac12b1f692021-12-21 10:40:53.194root 11241100x8000000000000000405213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6ac0c4140eee17a2021-12-21 10:40:53.693root 11241100x8000000000000000405214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0364cc73d0eb06802021-12-21 10:40:53.693root 11241100x8000000000000000405215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68d9e0cb3372d4402021-12-21 10:40:53.693root 11241100x8000000000000000405216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4666d4a65f08c4f2021-12-21 10:40:53.693root 11241100x8000000000000000405217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.207ea346958a34992021-12-21 10:40:53.693root 11241100x8000000000000000405218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.011560981e027db62021-12-21 10:40:53.693root 11241100x8000000000000000405219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd9dd6534b9f4b22021-12-21 10:40:53.693root 11241100x8000000000000000405220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54ea434ff937269e2021-12-21 10:40:53.693root 11241100x8000000000000000405221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4511fa80d0c39c7c2021-12-21 10:40:53.694root 11241100x8000000000000000405222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b4b29c3c77af98d2021-12-21 10:40:53.694root 11241100x8000000000000000405223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d11968a53e1af62021-12-21 10:40:53.694root 11241100x8000000000000000405224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dcad3087417f93e2021-12-21 10:40:53.694root 11241100x8000000000000000405225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.037b31fb88aca0d72021-12-21 10:40:53.694root 11241100x8000000000000000405226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd082f1ce94d59522021-12-21 10:40:53.694root 11241100x8000000000000000405227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72b8e9a292190dc72021-12-21 10:40:53.694root 354300x8000000000000000405228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:54.191{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47448-false10.0.1.12-8000- 11241100x8000000000000000405229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:54.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4618e584c33f3a2021-12-21 10:40:54.192root 11241100x8000000000000000405230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:54.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8324d3416919a6f92021-12-21 10:40:54.192root 11241100x8000000000000000405231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:54.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40690e128c7028612021-12-21 10:40:54.192root 11241100x8000000000000000405232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:54.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ee9507d086edf892021-12-21 10:40:54.192root 11241100x8000000000000000405233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:54.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903f22703bad68e92021-12-21 10:40:54.192root 11241100x8000000000000000405234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:54.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd7a2ed97cd4eb82021-12-21 10:40:54.192root 11241100x8000000000000000405235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bb8e6aecdde53ad2021-12-21 10:40:54.193root 11241100x8000000000000000405236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.968bdeb5af2698cd2021-12-21 10:40:54.193root 11241100x8000000000000000405237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f35d854566279a82021-12-21 10:40:54.193root 11241100x8000000000000000405238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ee3f4893cf1d6c02021-12-21 10:40:54.193root 11241100x8000000000000000405239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10e7f8fdf0e2253b2021-12-21 10:40:54.193root 11241100x8000000000000000405240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81b1a3ca172c12b2021-12-21 10:40:54.193root 11241100x8000000000000000405241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65126fc56cff33df2021-12-21 10:40:54.193root 11241100x8000000000000000405242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.968cf378702cd2ca2021-12-21 10:40:54.193root 11241100x8000000000000000405243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b2af6505ece2df62021-12-21 10:40:54.194root 11241100x8000000000000000405244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c888f3d11d129e232021-12-21 10:40:54.194root 11241100x8000000000000000405245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eeace203cb31ee92021-12-21 10:40:54.443root 11241100x8000000000000000405246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0c062df02d4a4282021-12-21 10:40:54.443root 11241100x8000000000000000405247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177d1d2f4facadba2021-12-21 10:40:54.443root 11241100x8000000000000000405248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2caa615b7bcfb7cb2021-12-21 10:40:54.443root 11241100x8000000000000000405249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a4a67a9772db0892021-12-21 10:40:54.443root 11241100x8000000000000000405250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e3f3d5857f68ab2021-12-21 10:40:54.443root 11241100x8000000000000000405251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b71771fe4164ad12021-12-21 10:40:54.443root 11241100x8000000000000000405252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a78b2d90d83e68a82021-12-21 10:40:54.444root 11241100x8000000000000000405253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef1a9bfd21c839f12021-12-21 10:40:54.444root 11241100x8000000000000000405254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e162f3add366117b2021-12-21 10:40:54.444root 11241100x8000000000000000405255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a571e265ffcfcd2021-12-21 10:40:54.444root 11241100x8000000000000000405256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35948d5f0cd24add2021-12-21 10:40:54.444root 11241100x8000000000000000405257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb45fd093ae5c7982021-12-21 10:40:54.444root 11241100x8000000000000000405258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d0518ba3a62fae42021-12-21 10:40:54.444root 11241100x8000000000000000405259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5851c31f85e12f252021-12-21 10:40:54.444root 11241100x8000000000000000405260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476e0769bee802f62021-12-21 10:40:54.444root 11241100x8000000000000000405261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34531a8d53b92f472021-12-21 10:40:54.943root 11241100x8000000000000000405262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a0a725886633a72021-12-21 10:40:54.943root 11241100x8000000000000000405263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c081896ad45e6402021-12-21 10:40:54.943root 11241100x8000000000000000405264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed63ca73fd5cbf62021-12-21 10:40:54.943root 11241100x8000000000000000405265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca8283ce459f7aad2021-12-21 10:40:54.943root 11241100x8000000000000000405266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feeac5309de2036a2021-12-21 10:40:54.943root 11241100x8000000000000000405267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2aaa456365126422021-12-21 10:40:54.943root 11241100x8000000000000000405268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0cad23fb6e353212021-12-21 10:40:54.944root 11241100x8000000000000000405269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eceaba9ab629be6c2021-12-21 10:40:54.944root 11241100x8000000000000000405270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.814074d2e109f4552021-12-21 10:40:54.944root 11241100x8000000000000000405271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc5ac0903e4db0e2021-12-21 10:40:54.944root 11241100x8000000000000000405272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e8d636d183f4df2021-12-21 10:40:54.944root 11241100x8000000000000000405273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddba98841ff1ca982021-12-21 10:40:54.944root 11241100x8000000000000000405274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cb35428f8113e872021-12-21 10:40:54.944root 11241100x8000000000000000405275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b45136cf3df323dc2021-12-21 10:40:54.944root 11241100x8000000000000000405276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.393a36397626b2ec2021-12-21 10:40:54.944root 11241100x8000000000000000405277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8522c4655c2353412021-12-21 10:40:55.443root 11241100x8000000000000000405278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c84f0c121f7322612021-12-21 10:40:55.444root 11241100x8000000000000000405279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e22d1b7fb62367a2021-12-21 10:40:55.445root 11241100x8000000000000000405280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7accb7996ddb9e712021-12-21 10:40:55.445root 11241100x8000000000000000405281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff22fde7542dd642021-12-21 10:40:55.445root 11241100x8000000000000000405282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e03eb39c6f1c90b2021-12-21 10:40:55.445root 11241100x8000000000000000405283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32fdb4dec31a58e82021-12-21 10:40:55.445root 11241100x8000000000000000405284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.040c80d132e797d22021-12-21 10:40:55.445root 11241100x8000000000000000405285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ca98c7e017ff1c2021-12-21 10:40:55.445root 11241100x8000000000000000405286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d39332847110c9c62021-12-21 10:40:55.445root 11241100x8000000000000000405287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe61eed5a779e772021-12-21 10:40:55.445root 11241100x8000000000000000405288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa4b42557c2a55f2021-12-21 10:40:55.445root 11241100x8000000000000000405289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d16da4bf848926f2021-12-21 10:40:55.445root 11241100x8000000000000000405290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d26f7d335e0fe92021-12-21 10:40:55.445root 11241100x8000000000000000405291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3521e325cbefedb42021-12-21 10:40:55.445root 11241100x8000000000000000405292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.689d456bdec75a962021-12-21 10:40:55.446root 534500x8000000000000000405293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:55.447{00000000-0000-0000-0000-000000000000}4405<unknown process>root 534500x8000000000000000405294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:55.447{00000000-0000-0000-0000-000000000000}4404<unknown process>root 11241100x8000000000000000405295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a644e01ff147d7392021-12-21 10:40:55.943root 11241100x8000000000000000405296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a47a34603bb6a662021-12-21 10:40:55.943root 11241100x8000000000000000405297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1775a2c574cc3f342021-12-21 10:40:55.943root 11241100x8000000000000000405298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a143ac88379b9f872021-12-21 10:40:55.943root 11241100x8000000000000000405299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3fcbb1e18b38802021-12-21 10:40:55.943root 11241100x8000000000000000405300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f695bf902a536f722021-12-21 10:40:55.943root 11241100x8000000000000000405301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dfe7e283c733d592021-12-21 10:40:55.944root 11241100x8000000000000000405302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc1a26686681a0a2021-12-21 10:40:55.944root 11241100x8000000000000000405303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1894875be0ec63c72021-12-21 10:40:55.944root 11241100x8000000000000000405304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165613408ac00baa2021-12-21 10:40:55.944root 11241100x8000000000000000405305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa58f109fd2610f2021-12-21 10:40:55.944root 11241100x8000000000000000405306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.465d7806271bfdb82021-12-21 10:40:55.944root 11241100x8000000000000000405307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b58d591ab3bef42021-12-21 10:40:55.944root 11241100x8000000000000000405308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca39a9485b631192021-12-21 10:40:55.944root 11241100x8000000000000000405309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e84a2b36438c9cba2021-12-21 10:40:55.944root 11241100x8000000000000000405310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24163a2454f0f6002021-12-21 10:40:55.944root 11241100x8000000000000000405311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca23a249c6e5150c2021-12-21 10:40:55.944root 11241100x8000000000000000405312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d800f653b903282021-12-21 10:40:55.944root 11241100x8000000000000000405313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.336d38a7872b70ed2021-12-21 10:40:56.443root 11241100x8000000000000000405314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.549d0626748ed9522021-12-21 10:40:56.444root 11241100x8000000000000000405315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a86e971966ddbe672021-12-21 10:40:56.444root 11241100x8000000000000000405316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b9019daec4e26f22021-12-21 10:40:56.444root 11241100x8000000000000000405317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200e4524bd6dd77b2021-12-21 10:40:56.444root 11241100x8000000000000000405318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8e2a9d4e0b03672021-12-21 10:40:56.444root 11241100x8000000000000000405319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7212904cb33489fa2021-12-21 10:40:56.444root 11241100x8000000000000000405320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31bed11eb508f09c2021-12-21 10:40:56.445root 11241100x8000000000000000405321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.498939297ba8c4402021-12-21 10:40:56.445root 11241100x8000000000000000405322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84db10736118ef602021-12-21 10:40:56.445root 11241100x8000000000000000405323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2db9a1b7d869e692021-12-21 10:40:56.445root 11241100x8000000000000000405324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55d8ef0785fe80102021-12-21 10:40:56.446root 11241100x8000000000000000405325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c31cc2b0acf126f82021-12-21 10:40:56.446root 11241100x8000000000000000405326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e7d498d74cd8112021-12-21 10:40:56.446root 11241100x8000000000000000405327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2cde4c02b7e79242021-12-21 10:40:56.446root 11241100x8000000000000000405328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c366e1b1634e39872021-12-21 10:40:56.446root 11241100x8000000000000000405329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60c5a2a1ab3a483c2021-12-21 10:40:56.447root 11241100x8000000000000000405330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd0eae7b59c4e9d2021-12-21 10:40:56.447root 11241100x8000000000000000405331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.363f15a6f86b64542021-12-21 10:40:56.943root 11241100x8000000000000000405332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73123fff8e407c992021-12-21 10:40:56.943root 11241100x8000000000000000405333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da141c175f20b25a2021-12-21 10:40:56.943root 11241100x8000000000000000405334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e281ac8bb8b8c1b2021-12-21 10:40:56.943root 11241100x8000000000000000405335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da393a63670d2b02021-12-21 10:40:56.944root 11241100x8000000000000000405336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf3fba1a10eb3252021-12-21 10:40:56.944root 11241100x8000000000000000405337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c763534e6d70fd52021-12-21 10:40:56.944root 11241100x8000000000000000405338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8052b238ab132a462021-12-21 10:40:56.944root 11241100x8000000000000000405339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1fa4c95e7933e952021-12-21 10:40:56.944root 11241100x8000000000000000405340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a09c156c1feead752021-12-21 10:40:56.944root 11241100x8000000000000000405341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acbb3ab71d9f713f2021-12-21 10:40:56.944root 11241100x8000000000000000405342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f02e6296d205b0302021-12-21 10:40:56.944root 11241100x8000000000000000405343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c897ad782a171a8f2021-12-21 10:40:56.944root 11241100x8000000000000000405344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f874ed554dc9323b2021-12-21 10:40:56.944root 11241100x8000000000000000405345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.360ed578e3a8d6832021-12-21 10:40:56.944root 11241100x8000000000000000405346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.572041fbb5c7c51c2021-12-21 10:40:56.944root 11241100x8000000000000000405347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd060b86246979b32021-12-21 10:40:56.944root 11241100x8000000000000000405348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d824c0921b595ae82021-12-21 10:40:56.945root 11241100x8000000000000000405349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62f5fc688e87f922021-12-21 10:40:57.443root 11241100x8000000000000000405350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17cf5c2277e1ef512021-12-21 10:40:57.443root 11241100x8000000000000000405351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de111060458a2352021-12-21 10:40:57.444root 11241100x8000000000000000405352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcbe113d6c8e21c92021-12-21 10:40:57.444root 11241100x8000000000000000405353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cbced9bbd1607ed2021-12-21 10:40:57.444root 11241100x8000000000000000405354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80e29e2f4db50b1a2021-12-21 10:40:57.444root 11241100x8000000000000000405355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c26979113dc79d972021-12-21 10:40:57.444root 11241100x8000000000000000405356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be1ef30097af7be2021-12-21 10:40:57.444root 11241100x8000000000000000405357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d343183603c3432021-12-21 10:40:57.445root 11241100x8000000000000000405358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71fb59b96eddfe9e2021-12-21 10:40:57.445root 11241100x8000000000000000405359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.154be17c13bbfcff2021-12-21 10:40:57.445root 11241100x8000000000000000405360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c96dfc389e0c49372021-12-21 10:40:57.445root 11241100x8000000000000000405361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba053791bf3f8442021-12-21 10:40:57.445root 11241100x8000000000000000405362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e77c329d79cf44f2021-12-21 10:40:57.446root 11241100x8000000000000000405363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c817b4e063c72c12021-12-21 10:40:57.446root 11241100x8000000000000000405364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.876d7e449a957c452021-12-21 10:40:57.446root 11241100x8000000000000000405365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c675bf3d059532752021-12-21 10:40:57.446root 11241100x8000000000000000405366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07ab9df721abfb882021-12-21 10:40:57.446root 11241100x8000000000000000405367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e842890410973082021-12-21 10:40:57.943root 11241100x8000000000000000405368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1d3215fe62a93aa2021-12-21 10:40:57.943root 11241100x8000000000000000405369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1970f0d2ced484312021-12-21 10:40:57.943root 11241100x8000000000000000405370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f919570f3a29d1402021-12-21 10:40:57.943root 11241100x8000000000000000405371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99c834fa71db8f4b2021-12-21 10:40:57.943root 11241100x8000000000000000405372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b34b42825e0f661f2021-12-21 10:40:57.944root 11241100x8000000000000000405373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.216d066df71f412c2021-12-21 10:40:57.944root 11241100x8000000000000000405374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc7db783dd17c4c2021-12-21 10:40:57.944root 11241100x8000000000000000405375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71933ba8d6ca218a2021-12-21 10:40:57.944root 11241100x8000000000000000405376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c2a04feb8131b32021-12-21 10:40:57.944root 11241100x8000000000000000405377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de9b310d3a9c55dd2021-12-21 10:40:57.944root 11241100x8000000000000000405378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1f0c726196f8502021-12-21 10:40:57.944root 11241100x8000000000000000405379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.999f0e21aaa3b50b2021-12-21 10:40:57.944root 11241100x8000000000000000405380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1ef3dd91f5fb542021-12-21 10:40:57.944root 11241100x8000000000000000405381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b424f9b5daaebe2021-12-21 10:40:57.944root 11241100x8000000000000000405382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f02a054da62285e2021-12-21 10:40:57.944root 11241100x8000000000000000405383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d7ea8cf6ed0bc282021-12-21 10:40:57.944root 11241100x8000000000000000405384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eaa2958111b88ec2021-12-21 10:40:57.944root 11241100x8000000000000000405385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e57e0ae5156352e2021-12-21 10:40:58.443root 11241100x8000000000000000405386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95efe3f5d1aab4192021-12-21 10:40:58.443root 11241100x8000000000000000405387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.293d47540dc7b87d2021-12-21 10:40:58.443root 11241100x8000000000000000405388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7955571cb6075cb2021-12-21 10:40:58.444root 11241100x8000000000000000405389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb3bad82d7914fd2021-12-21 10:40:58.444root 11241100x8000000000000000405390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb7d18231f5ac1022021-12-21 10:40:58.444root 11241100x8000000000000000405391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8495c0a45ad0cd4a2021-12-21 10:40:58.444root 11241100x8000000000000000405392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6feb2385010638f2021-12-21 10:40:58.444root 11241100x8000000000000000405393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a2bd03a67f59cf72021-12-21 10:40:58.444root 11241100x8000000000000000405394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c8110014eab5492021-12-21 10:40:58.444root 11241100x8000000000000000405395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6958b5c4162dfdfd2021-12-21 10:40:58.444root 11241100x8000000000000000405396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13e4624d11cb07192021-12-21 10:40:58.444root 11241100x8000000000000000405397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05acd43fb85a9cff2021-12-21 10:40:58.444root 11241100x8000000000000000405398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4984c8c1d20e70a72021-12-21 10:40:58.445root 11241100x8000000000000000405399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e88943dc52907962021-12-21 10:40:58.445root 11241100x8000000000000000405400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb033d0b5962e3e32021-12-21 10:40:58.445root 11241100x8000000000000000405401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b8d0c4286b48fab2021-12-21 10:40:58.445root 11241100x8000000000000000405402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a1493b000b9b4c2021-12-21 10:40:58.445root 11241100x8000000000000000405403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad4488623dbcfd9e2021-12-21 10:40:58.943root 11241100x8000000000000000405404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab219ed3b08d3eda2021-12-21 10:40:58.943root 11241100x8000000000000000405405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d8a9f405e6f6dc2021-12-21 10:40:58.943root 11241100x8000000000000000405406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86682bf69b5dfc282021-12-21 10:40:58.943root 11241100x8000000000000000405407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe8f3bc95b2cf2ff2021-12-21 10:40:58.944root 11241100x8000000000000000405408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b83b326f9c780df2021-12-21 10:40:58.944root 11241100x8000000000000000405409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfca1a1af2a9a2012021-12-21 10:40:58.944root 11241100x8000000000000000405410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb373037c70302182021-12-21 10:40:58.944root 11241100x8000000000000000405411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f716133d185a2f2021-12-21 10:40:58.944root 11241100x8000000000000000405412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3de54172c99d8a392021-12-21 10:40:58.944root 11241100x8000000000000000405413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f757a597e28cc92021-12-21 10:40:58.944root 11241100x8000000000000000405414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d7c2e830ff2b7112021-12-21 10:40:58.944root 11241100x8000000000000000405415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e00f0f19bdfee62021-12-21 10:40:58.944root 11241100x8000000000000000405416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae0ceb4e11aed32a2021-12-21 10:40:58.944root 11241100x8000000000000000405417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc97e43c54171bf22021-12-21 10:40:58.944root 11241100x8000000000000000405418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb84f37a0cf9ba22021-12-21 10:40:58.944root 11241100x8000000000000000405419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e706f85efd44642021-12-21 10:40:58.944root 11241100x8000000000000000405420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c6dbc53f7c093c2021-12-21 10:40:58.944root 11241100x8000000000000000405421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c594ba0a4fa60ca12021-12-21 10:40:59.443root 11241100x8000000000000000405422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c508e67a6e8bc52021-12-21 10:40:59.443root 11241100x8000000000000000405423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca408d5962f8179c2021-12-21 10:40:59.443root 11241100x8000000000000000405424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce5556a56114dfbe2021-12-21 10:40:59.443root 11241100x8000000000000000405425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f77000696cbff362021-12-21 10:40:59.444root 11241100x8000000000000000405426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9893616846790cda2021-12-21 10:40:59.444root 11241100x8000000000000000405427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44c0b9b708913aa82021-12-21 10:40:59.444root 11241100x8000000000000000405428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.274a3ef74697a7e62021-12-21 10:40:59.444root 11241100x8000000000000000405429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b918607ff97406ae2021-12-21 10:40:59.444root 11241100x8000000000000000405430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f21ba384ef7985f2021-12-21 10:40:59.444root 11241100x8000000000000000405431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b10ccd74cd81ede2021-12-21 10:40:59.444root 11241100x8000000000000000405432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b0b87595bbf3ae2021-12-21 10:40:59.444root 11241100x8000000000000000405433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f4c2a2402aa12f2021-12-21 10:40:59.444root 11241100x8000000000000000405434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22f3ada0bf5142652021-12-21 10:40:59.444root 11241100x8000000000000000405435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be5b187af7b51762021-12-21 10:40:59.444root 11241100x8000000000000000405436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.457e654839c5989e2021-12-21 10:40:59.444root 11241100x8000000000000000405437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.630a69ecf0c14ef42021-12-21 10:40:59.445root 11241100x8000000000000000405438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d008157658f13c832021-12-21 10:40:59.445root 11241100x8000000000000000405439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.615de36fa39798512021-12-21 10:40:59.943root 11241100x8000000000000000405440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3864aebabe2b37302021-12-21 10:40:59.943root 11241100x8000000000000000405441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9692412c079a637b2021-12-21 10:40:59.943root 11241100x8000000000000000405442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e25ea07bc8acff1a2021-12-21 10:40:59.943root 11241100x8000000000000000405443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96fbb49be93dd42e2021-12-21 10:40:59.943root 11241100x8000000000000000405444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7afbde347ea6d2612021-12-21 10:40:59.943root 11241100x8000000000000000405445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e544b8eedcb4537b2021-12-21 10:40:59.944root 11241100x8000000000000000405446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f744f73b3f087b72021-12-21 10:40:59.944root 11241100x8000000000000000405447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf541d4292f7e642021-12-21 10:40:59.944root 11241100x8000000000000000405448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a016cb4cf8a9721e2021-12-21 10:40:59.944root 11241100x8000000000000000405449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f8f19dea1712a3b2021-12-21 10:40:59.944root 11241100x8000000000000000405450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1f88cc97feb52f2021-12-21 10:40:59.944root 11241100x8000000000000000405451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4961ad5f19006eb2021-12-21 10:40:59.944root 11241100x8000000000000000405452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f240c979ac25f8592021-12-21 10:40:59.944root 11241100x8000000000000000405453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4173da82eac87062021-12-21 10:40:59.944root 11241100x8000000000000000405454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a667b3db3d4d6552021-12-21 10:40:59.944root 11241100x8000000000000000405455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c1b07b4b2006002021-12-21 10:40:59.944root 11241100x8000000000000000405456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:40:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e085428a842ba6732021-12-21 10:40:59.945root 354300x8000000000000000405457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:00.074{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47450-false10.0.1.12-8000- 11241100x8000000000000000405458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3edf01d973f7da12021-12-21 10:41:00.443root 11241100x8000000000000000405459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c69c90d4aabf66db2021-12-21 10:41:00.443root 11241100x8000000000000000405460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.687a087fb875db782021-12-21 10:41:00.443root 11241100x8000000000000000405461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cbfd8dc6a62a3f92021-12-21 10:41:00.443root 11241100x8000000000000000405462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.408af55b1fe656e92021-12-21 10:41:00.444root 11241100x8000000000000000405463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e4527f557dd47232021-12-21 10:41:00.444root 11241100x8000000000000000405464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a69fef464400f62021-12-21 10:41:00.444root 11241100x8000000000000000405465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9b4d3ff00811622021-12-21 10:41:00.444root 11241100x8000000000000000405466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081183cdad86ea812021-12-21 10:41:00.444root 11241100x8000000000000000405467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.252817e1d836e5672021-12-21 10:41:00.444root 11241100x8000000000000000405468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b55176d16b8ac102021-12-21 10:41:00.444root 11241100x8000000000000000405469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7387e1ed7dfc9d02021-12-21 10:41:00.444root 11241100x8000000000000000405470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670856b0577ec0f32021-12-21 10:41:00.444root 11241100x8000000000000000405471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8d225ebe0adf15d2021-12-21 10:41:00.444root 11241100x8000000000000000405472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e501717a929898152021-12-21 10:41:00.444root 11241100x8000000000000000405473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ccef8850a64ff6e2021-12-21 10:41:00.444root 11241100x8000000000000000405474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74c0046718fbb6fb2021-12-21 10:41:00.444root 11241100x8000000000000000405475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15664c552f7b99942021-12-21 10:41:00.444root 11241100x8000000000000000405476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b420ca841c41e1332021-12-21 10:41:00.444root 11241100x8000000000000000405477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.618ec48cff0c8f9f2021-12-21 10:41:00.943root 11241100x8000000000000000405478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5efdf5634ea565b72021-12-21 10:41:00.943root 11241100x8000000000000000405479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f158f023d040652021-12-21 10:41:00.943root 11241100x8000000000000000405480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6816c43c6e76bae62021-12-21 10:41:00.943root 11241100x8000000000000000405481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c49975224bb2e232021-12-21 10:41:00.944root 11241100x8000000000000000405482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16a2bd9eb5d3e3652021-12-21 10:41:00.944root 11241100x8000000000000000405483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74c07c9a33bfed0d2021-12-21 10:41:00.944root 11241100x8000000000000000405484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aae32b1cae487db02021-12-21 10:41:00.944root 11241100x8000000000000000405485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e3a25dd5a8ec2252021-12-21 10:41:00.944root 11241100x8000000000000000405486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68127944db71ca412021-12-21 10:41:00.944root 11241100x8000000000000000405487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfa5cc6694ab7a5a2021-12-21 10:41:00.944root 11241100x8000000000000000405488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb68ecc0c884e0032021-12-21 10:41:00.944root 11241100x8000000000000000405489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca25877bf099b1c62021-12-21 10:41:00.944root 11241100x8000000000000000405490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a2ee64a1c9de452021-12-21 10:41:00.944root 11241100x8000000000000000405491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7b2759c32aebff2021-12-21 10:41:00.944root 11241100x8000000000000000405492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5839bf6ecd1891dd2021-12-21 10:41:00.944root 11241100x8000000000000000405493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc46141747efd05b2021-12-21 10:41:00.944root 11241100x8000000000000000405494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d3bd2abea4c8b02021-12-21 10:41:00.944root 11241100x8000000000000000405495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89da5aea0e8c06092021-12-21 10:41:00.944root 11241100x8000000000000000405496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96c7af46a7fb6632021-12-21 10:41:01.443root 11241100x8000000000000000405497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be3e0c3e4c0d3d212021-12-21 10:41:01.443root 11241100x8000000000000000405498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c479724410daa82021-12-21 10:41:01.443root 11241100x8000000000000000405499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c4f4df9917cdca2021-12-21 10:41:01.443root 11241100x8000000000000000405500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29707462da3c11952021-12-21 10:41:01.444root 11241100x8000000000000000405501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96bb38047481155e2021-12-21 10:41:01.444root 11241100x8000000000000000405502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ccd554b06dfa3712021-12-21 10:41:01.444root 11241100x8000000000000000405503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.304626a020a2d05a2021-12-21 10:41:01.444root 11241100x8000000000000000405504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf23dfab49123b4a2021-12-21 10:41:01.444root 11241100x8000000000000000405505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe977a9fa6948172021-12-21 10:41:01.444root 11241100x8000000000000000405506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef1ef1fb3d8e74692021-12-21 10:41:01.444root 11241100x8000000000000000405507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.848263f192cf8e152021-12-21 10:41:01.444root 11241100x8000000000000000405508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93719a4adebed37a2021-12-21 10:41:01.444root 11241100x8000000000000000405509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5525f8ac15d787112021-12-21 10:41:01.444root 11241100x8000000000000000405510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6185881b54dafe2021-12-21 10:41:01.444root 11241100x8000000000000000405511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccf86f2c622ceac22021-12-21 10:41:01.444root 11241100x8000000000000000405512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c1008a0e40796082021-12-21 10:41:01.445root 11241100x8000000000000000405513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e20f1c23dafe34cc2021-12-21 10:41:01.445root 11241100x8000000000000000405514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb73c0e682a4f57b2021-12-21 10:41:01.445root 11241100x8000000000000000405515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.562a4759229b36422021-12-21 10:41:01.943root 11241100x8000000000000000405516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f10466b1f2c0d992021-12-21 10:41:01.943root 11241100x8000000000000000405517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ee92a0581494812021-12-21 10:41:01.943root 11241100x8000000000000000405518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d842b1965b41d4e42021-12-21 10:41:01.943root 11241100x8000000000000000405519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e1d71c5e93c0c52021-12-21 10:41:01.944root 11241100x8000000000000000405520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a06bc9a4a1a0fa2a2021-12-21 10:41:01.944root 11241100x8000000000000000405521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0045aa3353ef05602021-12-21 10:41:01.944root 11241100x8000000000000000405522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72f08b485207031d2021-12-21 10:41:01.944root 11241100x8000000000000000405523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6fa1bbbdc68a0372021-12-21 10:41:01.944root 11241100x8000000000000000405524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b357167897f65eac2021-12-21 10:41:01.944root 11241100x8000000000000000405525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a23216282df39d62021-12-21 10:41:01.944root 11241100x8000000000000000405526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e43455fc3b236e2021-12-21 10:41:01.944root 11241100x8000000000000000405527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afaadd8140436c9a2021-12-21 10:41:01.944root 11241100x8000000000000000405528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c96ab9eeedd73142021-12-21 10:41:01.944root 11241100x8000000000000000405529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f7ff8ee86fa0a42021-12-21 10:41:01.944root 11241100x8000000000000000405530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28262b1653a1b8442021-12-21 10:41:01.944root 11241100x8000000000000000405531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42cb556ed2b709f72021-12-21 10:41:01.944root 11241100x8000000000000000405532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e8e2afbf73d1b02021-12-21 10:41:01.944root 11241100x8000000000000000405533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c249c1aa7626c9ad2021-12-21 10:41:01.944root 11241100x8000000000000000405534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8eaeb34c69376752021-12-21 10:41:02.443root 11241100x8000000000000000405535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b484a6d4774ce7952021-12-21 10:41:02.443root 11241100x8000000000000000405536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e77ed04456cc84f2021-12-21 10:41:02.443root 11241100x8000000000000000405537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ee75d0b200b34402021-12-21 10:41:02.443root 11241100x8000000000000000405538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6cef9cf478ba9622021-12-21 10:41:02.443root 11241100x8000000000000000405539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f363f340255d7e32021-12-21 10:41:02.444root 11241100x8000000000000000405540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2c94edf444c70332021-12-21 10:41:02.444root 11241100x8000000000000000405541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db8a1ff653568202021-12-21 10:41:02.444root 11241100x8000000000000000405542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d075898cc634f1892021-12-21 10:41:02.444root 11241100x8000000000000000405543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21672e4c8c8649862021-12-21 10:41:02.444root 11241100x8000000000000000405544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb91157ae41774532021-12-21 10:41:02.444root 11241100x8000000000000000405545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8699636ff8cec582021-12-21 10:41:02.444root 11241100x8000000000000000405546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc4b502d94bcc3962021-12-21 10:41:02.444root 11241100x8000000000000000405547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39e0f8b222fdd16b2021-12-21 10:41:02.444root 11241100x8000000000000000405548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.460284a9441bd24c2021-12-21 10:41:02.444root 11241100x8000000000000000405549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e70bb6ff631e17a52021-12-21 10:41:02.444root 11241100x8000000000000000405550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f61f6f3a73c79f802021-12-21 10:41:02.444root 11241100x8000000000000000405551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eccebbf9731dbcc12021-12-21 10:41:02.445root 11241100x8000000000000000405552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f216b466b1c361062021-12-21 10:41:02.445root 11241100x8000000000000000405553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76615bb857dca3522021-12-21 10:41:02.943root 11241100x8000000000000000405554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2afb3e20269c9e952021-12-21 10:41:02.943root 11241100x8000000000000000405555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85123c5fa3460bcd2021-12-21 10:41:02.943root 11241100x8000000000000000405556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ad3d9195b991e92021-12-21 10:41:02.943root 11241100x8000000000000000405557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0417b064d884269d2021-12-21 10:41:02.943root 11241100x8000000000000000405558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c7d7912c8e0ae9f2021-12-21 10:41:02.944root 11241100x8000000000000000405559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bef076fc9abbed862021-12-21 10:41:02.944root 11241100x8000000000000000405560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20682900727f205e2021-12-21 10:41:02.944root 11241100x8000000000000000405561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cc76dd752b7f1b22021-12-21 10:41:02.944root 11241100x8000000000000000405562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a27ffeab850d062021-12-21 10:41:02.944root 11241100x8000000000000000405563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d70285d2dac6b462021-12-21 10:41:02.944root 11241100x8000000000000000405564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7db646ab0a619ce82021-12-21 10:41:02.944root 11241100x8000000000000000405565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.598487f8f97e0b802021-12-21 10:41:02.944root 11241100x8000000000000000405566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e33fbf8041680d2021-12-21 10:41:02.944root 11241100x8000000000000000405567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3de7cbcb1dad770c2021-12-21 10:41:02.944root 11241100x8000000000000000405568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e028bb7f5c4725c22021-12-21 10:41:02.944root 11241100x8000000000000000405569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f6d71539c11cac2021-12-21 10:41:02.944root 11241100x8000000000000000405570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.991c081872b0cba92021-12-21 10:41:02.944root 11241100x8000000000000000405571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac4024ff036c85cc2021-12-21 10:41:02.944root 11241100x8000000000000000405572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48a48a7595801ea42021-12-21 10:41:03.443root 11241100x8000000000000000405573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3dd761ac8afe5d2021-12-21 10:41:03.443root 11241100x8000000000000000405574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7605b7b1d0fecc7e2021-12-21 10:41:03.443root 11241100x8000000000000000405575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b0c6d594d2c95ca2021-12-21 10:41:03.443root 11241100x8000000000000000405576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ce0d45adb3a6912021-12-21 10:41:03.443root 11241100x8000000000000000405577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b28675caf9af80e2021-12-21 10:41:03.444root 11241100x8000000000000000405578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c7b97301fea19dd2021-12-21 10:41:03.444root 11241100x8000000000000000405579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb034c985e2916ea2021-12-21 10:41:03.444root 11241100x8000000000000000405580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22f53e48db4350fa2021-12-21 10:41:03.444root 11241100x8000000000000000405581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d39222e33906e9ad2021-12-21 10:41:03.444root 11241100x8000000000000000405582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb1531c90a58bce2021-12-21 10:41:03.444root 11241100x8000000000000000405583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53dff443e86c6fd12021-12-21 10:41:03.444root 11241100x8000000000000000405584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3ef2e9304d8a9b2021-12-21 10:41:03.444root 11241100x8000000000000000405585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac11f13f280594082021-12-21 10:41:03.444root 11241100x8000000000000000405586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a268798f1d89f42021-12-21 10:41:03.444root 11241100x8000000000000000405587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d709f5174527ce2021-12-21 10:41:03.444root 11241100x8000000000000000405588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a7497f474e842b92021-12-21 10:41:03.444root 11241100x8000000000000000405589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b3b786a7da7f372021-12-21 10:41:03.444root 11241100x8000000000000000405590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bcedc9813995bf42021-12-21 10:41:03.444root 11241100x8000000000000000405591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2853e913c35118432021-12-21 10:41:03.943root 11241100x8000000000000000405592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0005ddbe058d08d2021-12-21 10:41:03.943root 11241100x8000000000000000405593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1363c66e0f8e90cf2021-12-21 10:41:03.943root 11241100x8000000000000000405594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc6b13caeaa9c542021-12-21 10:41:03.944root 11241100x8000000000000000405595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b8dbd30b0f41022021-12-21 10:41:03.944root 11241100x8000000000000000405596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8b7190d6ed578e82021-12-21 10:41:03.944root 11241100x8000000000000000405597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d3b5c3c5cebaaa2021-12-21 10:41:03.944root 11241100x8000000000000000405598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d478b2aaa38f1fb2021-12-21 10:41:03.944root 11241100x8000000000000000405599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292217db3d0ffdbc2021-12-21 10:41:03.944root 11241100x8000000000000000405600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.927c97d33cc73f632021-12-21 10:41:03.944root 11241100x8000000000000000405601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d08438379c3657202021-12-21 10:41:03.944root 11241100x8000000000000000405602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d80895f471e8701f2021-12-21 10:41:03.944root 11241100x8000000000000000405603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d211606d4503f22021-12-21 10:41:03.944root 11241100x8000000000000000405604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7990bc247db12262021-12-21 10:41:03.944root 11241100x8000000000000000405605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da68ad7e40c65692021-12-21 10:41:03.944root 11241100x8000000000000000405606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.426e0f72a8a60c7d2021-12-21 10:41:03.944root 11241100x8000000000000000405607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.925fa1caaa0b95d12021-12-21 10:41:03.944root 11241100x8000000000000000405608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05c2e5840519ce382021-12-21 10:41:03.944root 11241100x8000000000000000405609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e72271eab81382062021-12-21 10:41:03.944root 11241100x8000000000000000405610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc8e8555f361c7a22021-12-21 10:41:04.443root 11241100x8000000000000000405611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef1c1037c592b332021-12-21 10:41:04.443root 11241100x8000000000000000405612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a57d58fa5b51742021-12-21 10:41:04.443root 11241100x8000000000000000405613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea658491f1bcfb622021-12-21 10:41:04.443root 11241100x8000000000000000405614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7acfb92d5fd9db62021-12-21 10:41:04.444root 11241100x8000000000000000405615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa75186a748a65b52021-12-21 10:41:04.444root 11241100x8000000000000000405616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cefd9abc76229332021-12-21 10:41:04.444root 11241100x8000000000000000405617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8477a49fe9ac142b2021-12-21 10:41:04.444root 11241100x8000000000000000405618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94bbdc1e182350982021-12-21 10:41:04.444root 11241100x8000000000000000405619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.644dd9515b6b95562021-12-21 10:41:04.444root 11241100x8000000000000000405620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd1b8a649ff62692021-12-21 10:41:04.444root 11241100x8000000000000000405621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200185d4804ea9db2021-12-21 10:41:04.444root 11241100x8000000000000000405622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e2581cfb376f682021-12-21 10:41:04.444root 11241100x8000000000000000405623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2efbe1ddda557e42021-12-21 10:41:04.444root 11241100x8000000000000000405624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b1d424fd76b7cdd2021-12-21 10:41:04.444root 11241100x8000000000000000405625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.778e7c811c2b0e952021-12-21 10:41:04.444root 11241100x8000000000000000405626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b532ca0c2c4d653a2021-12-21 10:41:04.444root 11241100x8000000000000000405627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.650e5259c97acab72021-12-21 10:41:04.444root 11241100x8000000000000000405628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4930475617d1769c2021-12-21 10:41:04.444root 11241100x8000000000000000405629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d02d4f068f87312021-12-21 10:41:04.943root 11241100x8000000000000000405630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32b76cb85cde6d172021-12-21 10:41:04.943root 11241100x8000000000000000405631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77f69bef24a7af6c2021-12-21 10:41:04.943root 11241100x8000000000000000405632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee9dc5f617f3e7632021-12-21 10:41:04.943root 11241100x8000000000000000405633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aca66e079942d8e2021-12-21 10:41:04.944root 11241100x8000000000000000405634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d00f362c0ae06a722021-12-21 10:41:04.944root 11241100x8000000000000000405635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31560f04fb5a1ad32021-12-21 10:41:04.944root 11241100x8000000000000000405636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536f3003b3faee102021-12-21 10:41:04.944root 11241100x8000000000000000405637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a0639d288802faa2021-12-21 10:41:04.944root 11241100x8000000000000000405638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec37fffe2da20de42021-12-21 10:41:04.944root 11241100x8000000000000000405639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3fb51ba1abb7662021-12-21 10:41:04.944root 11241100x8000000000000000405640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98179792f002eea42021-12-21 10:41:04.944root 11241100x8000000000000000405641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a3b846eb6ff611c2021-12-21 10:41:04.944root 11241100x8000000000000000405642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.122c9f169883eace2021-12-21 10:41:04.944root 11241100x8000000000000000405643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b71f395b1c7c6a2021-12-21 10:41:04.944root 11241100x8000000000000000405644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0999b05fd58b88a42021-12-21 10:41:04.944root 11241100x8000000000000000405645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc1efae2388a2bb2021-12-21 10:41:04.944root 11241100x8000000000000000405646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2ec690edc05c522021-12-21 10:41:04.944root 11241100x8000000000000000405647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b07e38ed862ac72021-12-21 10:41:04.944root 354300x8000000000000000405648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:05.199{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47452-false10.0.1.12-8000- 11241100x8000000000000000405649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:05.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da631a594936584e2021-12-21 10:41:05.200root 11241100x8000000000000000405650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:05.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c87d5712389f652021-12-21 10:41:05.200root 11241100x8000000000000000405651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:05.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dbcb76b87786e552021-12-21 10:41:05.200root 11241100x8000000000000000405652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:05.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10308a9c1abfcc3b2021-12-21 10:41:05.201root 11241100x8000000000000000405653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:05.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6052aeb5b02d7c3e2021-12-21 10:41:05.201root 11241100x8000000000000000405654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:05.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a527bfa261ca8492021-12-21 10:41:05.201root 11241100x8000000000000000405655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:05.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.497852fb969638752021-12-21 10:41:05.201root 11241100x8000000000000000405656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:05.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc4f0727c2368ffc2021-12-21 10:41:05.202root 11241100x8000000000000000405657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:05.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b6900b8526f55de2021-12-21 10:41:05.202root 11241100x8000000000000000405658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:05.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cf22e359da1ba962021-12-21 10:41:05.202root 11241100x8000000000000000405659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:05.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b1b0b93b1722fb2021-12-21 10:41:05.202root 11241100x8000000000000000405660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:05.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651e25a7c9b9244d2021-12-21 10:41:05.202root 11241100x8000000000000000405661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:05.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e90ba523388b0d162021-12-21 10:41:05.202root 11241100x8000000000000000405662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:05.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a27c2fa450d4012021-12-21 10:41:05.203root 11241100x8000000000000000405663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:05.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41be758a1895c6c52021-12-21 10:41:05.203root 11241100x8000000000000000405664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:05.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b8da8a21b048a72021-12-21 10:41:05.203root 11241100x8000000000000000405665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:05.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.279b7b2b11785eb22021-12-21 10:41:05.204root 11241100x8000000000000000405666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:05.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f695a770c0e2b4f2021-12-21 10:41:05.204root 11241100x8000000000000000405667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:05.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5945fb21cac9a4ce2021-12-21 10:41:05.204root 11241100x8000000000000000405668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:05.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.610b793c3bd5f9c22021-12-21 10:41:05.204root 11241100x8000000000000000405669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:05.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78140441040a339f2021-12-21 10:41:05.204root 11241100x8000000000000000405670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:05.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f6ef934e9033e1e2021-12-21 10:41:05.205root 11241100x8000000000000000405671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:05.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cfa41c10e9c48ae2021-12-21 10:41:05.205root 11241100x8000000000000000405672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:05.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c5d6a2c87e4b682021-12-21 10:41:05.205root 11241100x8000000000000000405673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:05.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ece54c2aabb45b82021-12-21 10:41:05.693root 11241100x8000000000000000405674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:05.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881087692414e1312021-12-21 10:41:05.693root 11241100x8000000000000000405675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:05.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf88bc7bcac47c32021-12-21 10:41:05.694root 11241100x8000000000000000405676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:05.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdcbbb1946a29e812021-12-21 10:41:05.694root 11241100x8000000000000000405677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:05.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.545c987c4751f8402021-12-21 10:41:05.694root 11241100x8000000000000000405678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:05.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.772288cbd4d8b3772021-12-21 10:41:05.694root 11241100x8000000000000000405679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:05.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7241e479a201442f2021-12-21 10:41:05.694root 11241100x8000000000000000405680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:05.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c8240d2cebc82c2021-12-21 10:41:05.694root 11241100x8000000000000000405681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:05.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba456643ee31214a2021-12-21 10:41:05.694root 11241100x8000000000000000405682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:05.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370a71b6609c7ca32021-12-21 10:41:05.694root 11241100x8000000000000000405683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:05.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba2c41009052c0e2021-12-21 10:41:05.694root 11241100x8000000000000000405684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:05.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.484ee4313a1502342021-12-21 10:41:05.694root 11241100x8000000000000000405685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:05.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d31e6e18897bb4932021-12-21 10:41:05.694root 11241100x8000000000000000405686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:05.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02430d7bd621066c2021-12-21 10:41:05.694root 11241100x8000000000000000405687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:05.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15838cf2a0ff01b72021-12-21 10:41:05.695root 11241100x8000000000000000405688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:05.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.130f054deb301a2f2021-12-21 10:41:05.695root 11241100x8000000000000000405689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:05.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.611ebc0458e8448b2021-12-21 10:41:05.695root 11241100x8000000000000000405690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:05.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e13b6323d832e672021-12-21 10:41:05.695root 11241100x8000000000000000405691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:05.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f303d98006f686172021-12-21 10:41:05.695root 11241100x8000000000000000405692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:05.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b9c3541692a87632021-12-21 10:41:05.695root 11241100x8000000000000000405693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:06.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a11b04422820e92021-12-21 10:41:06.193root 11241100x8000000000000000405694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:06.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.152bdf34c683bd4b2021-12-21 10:41:06.193root 11241100x8000000000000000405695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:06.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c5fcb55166b5892021-12-21 10:41:06.193root 11241100x8000000000000000405696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:06.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98cbfdc0f3dc35952021-12-21 10:41:06.193root 11241100x8000000000000000405697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:06.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6acb6bbf2a36d62021-12-21 10:41:06.193root 11241100x8000000000000000405698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:06.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e78f23195e38e02021-12-21 10:41:06.194root 11241100x8000000000000000405699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:06.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409eec22e42240852021-12-21 10:41:06.194root 11241100x8000000000000000405700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:06.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae413780c846427b2021-12-21 10:41:06.194root 11241100x8000000000000000405701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:06.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd96d74edee40602021-12-21 10:41:06.194root 11241100x8000000000000000405702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:06.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ff0469c6b6b77b2021-12-21 10:41:06.194root 11241100x8000000000000000405703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:06.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25365005990fff502021-12-21 10:41:06.194root 11241100x8000000000000000405704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:06.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de9d74d0d00351c92021-12-21 10:41:06.194root 11241100x8000000000000000405705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:06.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a540329b2506962021-12-21 10:41:06.194root 11241100x8000000000000000405706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:06.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0217c4e26fca68c92021-12-21 10:41:06.194root 11241100x8000000000000000405707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:06.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14b007f5b0669be22021-12-21 10:41:06.194root 11241100x8000000000000000405708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:06.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.021f88d69db782ab2021-12-21 10:41:06.194root 11241100x8000000000000000405709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:06.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ecc957b94050fe2021-12-21 10:41:06.194root 11241100x8000000000000000405710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:06.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5215120565afe0a52021-12-21 10:41:06.194root 11241100x8000000000000000405711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:06.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b814c9226767f82021-12-21 10:41:06.194root 11241100x8000000000000000405712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:06.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5549064508b9dc0b2021-12-21 10:41:06.194root 11241100x8000000000000000405713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:06.345{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 10:41:06.345root 11241100x8000000000000000405714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0513b270a87eeb2021-12-21 10:41:06.693root 11241100x8000000000000000405715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5005612a2e5c11c2021-12-21 10:41:06.693root 11241100x8000000000000000405716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f9fd66a459b22cd2021-12-21 10:41:06.693root 11241100x8000000000000000405717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b30648726d95edfc2021-12-21 10:41:06.694root 11241100x8000000000000000405718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378608e264ad31f12021-12-21 10:41:06.694root 11241100x8000000000000000405719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c89514f4012a02b2021-12-21 10:41:06.694root 11241100x8000000000000000405720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae1f908693504e232021-12-21 10:41:06.694root 11241100x8000000000000000405721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ddc89d5ce1db752021-12-21 10:41:06.694root 11241100x8000000000000000405722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6adcee1b8248e3e02021-12-21 10:41:06.694root 11241100x8000000000000000405723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c43bc5aec47764f2021-12-21 10:41:06.694root 11241100x8000000000000000405724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d31923117bc73e872021-12-21 10:41:06.694root 11241100x8000000000000000405725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33573dc836ff31d72021-12-21 10:41:06.694root 11241100x8000000000000000405726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20f2786c73ce08782021-12-21 10:41:06.694root 11241100x8000000000000000405727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7b282165b89fd92021-12-21 10:41:06.694root 11241100x8000000000000000405728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc70558deb424d42021-12-21 10:41:06.694root 11241100x8000000000000000405729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b3c664d1263df22021-12-21 10:41:06.694root 11241100x8000000000000000405730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa713bfe8c4f13972021-12-21 10:41:06.695root 11241100x8000000000000000405731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a0fbc7d914f96b2021-12-21 10:41:06.695root 11241100x8000000000000000405732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b8d0d2f6c1983c2021-12-21 10:41:06.695root 11241100x8000000000000000405733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.765751a7492570072021-12-21 10:41:06.695root 11241100x8000000000000000405734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce052464825df4852021-12-21 10:41:06.695root 11241100x8000000000000000405735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1c1e62eee37c722021-12-21 10:41:07.194root 11241100x8000000000000000405736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f1042a2cef47132021-12-21 10:41:07.194root 11241100x8000000000000000405737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.485f1818fcffb8da2021-12-21 10:41:07.194root 11241100x8000000000000000405738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5253c8e20af70e02021-12-21 10:41:07.194root 11241100x8000000000000000405739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da9778a96da8f9cd2021-12-21 10:41:07.194root 11241100x8000000000000000405740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8603d5f4b274d52021-12-21 10:41:07.194root 11241100x8000000000000000405741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b89ce31039cf26062021-12-21 10:41:07.194root 11241100x8000000000000000405742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78794fd2bcd14f832021-12-21 10:41:07.194root 11241100x8000000000000000405743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfbb6d55efde4ff72021-12-21 10:41:07.194root 11241100x8000000000000000405744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ba9e7bea5c39282021-12-21 10:41:07.195root 11241100x8000000000000000405745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d99df4fe942319b2021-12-21 10:41:07.195root 11241100x8000000000000000405746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe74776444dafcb72021-12-21 10:41:07.195root 11241100x8000000000000000405747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd442a8af05fda7b2021-12-21 10:41:07.195root 11241100x8000000000000000405748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c6323ef070c3892021-12-21 10:41:07.195root 11241100x8000000000000000405749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7295ae379e280af42021-12-21 10:41:07.195root 11241100x8000000000000000405750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d85f0ab8edcad02021-12-21 10:41:07.195root 11241100x8000000000000000405751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.274bb754c0ae30782021-12-21 10:41:07.195root 11241100x8000000000000000405752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd9f590b15a947d22021-12-21 10:41:07.195root 11241100x8000000000000000405753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d4cedefd16aed62021-12-21 10:41:07.196root 11241100x8000000000000000405754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.799b9bc57976ad1c2021-12-21 10:41:07.196root 11241100x8000000000000000405755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efd6023b812b890a2021-12-21 10:41:07.196root 11241100x8000000000000000405756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e41aa20bd5acc7f2021-12-21 10:41:07.693root 11241100x8000000000000000405757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef5e2429067a64002021-12-21 10:41:07.693root 11241100x8000000000000000405758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a970039c93200b2021-12-21 10:41:07.693root 11241100x8000000000000000405759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195f43c6a416f8392021-12-21 10:41:07.694root 11241100x8000000000000000405760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55714b08e3b5b11d2021-12-21 10:41:07.694root 11241100x8000000000000000405761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecfb28a38365d8672021-12-21 10:41:07.694root 11241100x8000000000000000405762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b4b38de90ef49c12021-12-21 10:41:07.694root 11241100x8000000000000000405763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6524539cbcfa5392021-12-21 10:41:07.694root 11241100x8000000000000000405764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca2ed44b3b62cea92021-12-21 10:41:07.694root 11241100x8000000000000000405765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c79c3b8dd7bbef52021-12-21 10:41:07.694root 11241100x8000000000000000405766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bccfe66b0d4b5dbe2021-12-21 10:41:07.694root 11241100x8000000000000000405767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.543983e2ab6c99d42021-12-21 10:41:07.694root 11241100x8000000000000000405768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5bfb2d7020fddd22021-12-21 10:41:07.694root 11241100x8000000000000000405769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c03505d210644fc62021-12-21 10:41:07.694root 11241100x8000000000000000405770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84951cf80e28bc9b2021-12-21 10:41:07.694root 11241100x8000000000000000405771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.737458ff25cb16552021-12-21 10:41:07.694root 11241100x8000000000000000405772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670216cc91a83f1b2021-12-21 10:41:07.694root 11241100x8000000000000000405773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4a664359e4a2ba2021-12-21 10:41:07.694root 11241100x8000000000000000405774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc8b1d1a3cb1f71f2021-12-21 10:41:07.694root 11241100x8000000000000000405775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b933845989dd892021-12-21 10:41:07.695root 11241100x8000000000000000405776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51bbb2db8b60fe772021-12-21 10:41:07.695root 11241100x8000000000000000405777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46c052cf313a31d2021-12-21 10:41:08.193root 11241100x8000000000000000405778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50d0aa9754626e372021-12-21 10:41:08.193root 11241100x8000000000000000405779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbede33841126b7f2021-12-21 10:41:08.193root 11241100x8000000000000000405780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40797bcd4aeaee542021-12-21 10:41:08.194root 11241100x8000000000000000405781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61073bb8059c3c3e2021-12-21 10:41:08.194root 11241100x8000000000000000405782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d26426e86b1298e82021-12-21 10:41:08.194root 11241100x8000000000000000405783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b78b69bde63f7192021-12-21 10:41:08.194root 11241100x8000000000000000405784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49d1090be8fa9b952021-12-21 10:41:08.194root 11241100x8000000000000000405785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5dcb453454b1a72021-12-21 10:41:08.194root 11241100x8000000000000000405786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3304a6ae09292482021-12-21 10:41:08.194root 11241100x8000000000000000405787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a4a3f04782216c2021-12-21 10:41:08.194root 11241100x8000000000000000405788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2b7b683f7238092021-12-21 10:41:08.194root 11241100x8000000000000000405789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d96c90debfb6ed42021-12-21 10:41:08.194root 11241100x8000000000000000405790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e27135cdac81d7b42021-12-21 10:41:08.194root 11241100x8000000000000000405791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fc8c94a85bc3cb42021-12-21 10:41:08.194root 11241100x8000000000000000405792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bea9f146a1623072021-12-21 10:41:08.194root 11241100x8000000000000000405793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf17cc99928b2af12021-12-21 10:41:08.194root 11241100x8000000000000000405794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c441b1e0ec0671d62021-12-21 10:41:08.194root 11241100x8000000000000000405795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748aa3a36732358d2021-12-21 10:41:08.194root 11241100x8000000000000000405796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16efd566eff09dbf2021-12-21 10:41:08.195root 11241100x8000000000000000405797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a84c58cd67916cb22021-12-21 10:41:08.195root 11241100x8000000000000000405798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d21b243795f60fdb2021-12-21 10:41:08.693root 11241100x8000000000000000405799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.715fd0200751c1a72021-12-21 10:41:08.693root 11241100x8000000000000000405800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e50e39cb521df82021-12-21 10:41:08.693root 11241100x8000000000000000405801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec4e718d52cf7c72021-12-21 10:41:08.693root 11241100x8000000000000000405802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc2c0e99d3ed2732021-12-21 10:41:08.694root 11241100x8000000000000000405803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63d029c903f0b3532021-12-21 10:41:08.694root 11241100x8000000000000000405804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10381aa51a50eabf2021-12-21 10:41:08.694root 11241100x8000000000000000405805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e152d5d9f20d2f962021-12-21 10:41:08.694root 11241100x8000000000000000405806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a7834b2d36148322021-12-21 10:41:08.694root 11241100x8000000000000000405807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fc142ba6de1f2bf2021-12-21 10:41:08.694root 11241100x8000000000000000405808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49bdacbfc84aa2b02021-12-21 10:41:08.694root 11241100x8000000000000000405809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c673feee256d91742021-12-21 10:41:08.694root 11241100x8000000000000000405810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c1bb35af30588b22021-12-21 10:41:08.694root 11241100x8000000000000000405811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ede26042609ebb2021-12-21 10:41:08.694root 11241100x8000000000000000405812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22fae1473291ae3e2021-12-21 10:41:08.694root 11241100x8000000000000000405813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4ba35a0f181da92021-12-21 10:41:08.694root 11241100x8000000000000000405814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5184473ec01980b22021-12-21 10:41:08.694root 11241100x8000000000000000405815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81f5fe9226ae30432021-12-21 10:41:08.694root 11241100x8000000000000000405816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1eba14e5fb361792021-12-21 10:41:08.694root 11241100x8000000000000000405817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.768575d2729658fc2021-12-21 10:41:08.695root 11241100x8000000000000000405818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cad5aa2e494cb1452021-12-21 10:41:08.695root 23542300x8000000000000000405819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.182{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000405820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.182{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cffc3dcec801d45c2021-12-21 10:41:09.182root 11241100x8000000000000000405821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.182{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34242785afff23b82021-12-21 10:41:09.182root 11241100x8000000000000000405822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.182{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1505c5548f22dbf2021-12-21 10:41:09.182root 11241100x8000000000000000405823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.183{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.279fc327a5ba84a52021-12-21 10:41:09.183root 11241100x8000000000000000405824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.183{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56f3ac3761d66942021-12-21 10:41:09.183root 11241100x8000000000000000405825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.183{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06526f8881e69a6c2021-12-21 10:41:09.183root 11241100x8000000000000000405826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.183{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e020a2eae27c372021-12-21 10:41:09.183root 11241100x8000000000000000405827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.183{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78988d73aa1652dc2021-12-21 10:41:09.183root 11241100x8000000000000000405828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.183{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f20c97ce5ff2fb32021-12-21 10:41:09.183root 11241100x8000000000000000405829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.183{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d17dca82dcde886e2021-12-21 10:41:09.183root 11241100x8000000000000000405830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.183{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e3d8e761156fe6a2021-12-21 10:41:09.183root 11241100x8000000000000000405831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.183{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.960bc7a33d98549b2021-12-21 10:41:09.183root 11241100x8000000000000000405832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.183{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b3c29c5c4d4e6e72021-12-21 10:41:09.183root 11241100x8000000000000000405833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.183{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7792defe6530bc2021-12-21 10:41:09.183root 11241100x8000000000000000405834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.183{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34693015df80530f2021-12-21 10:41:09.183root 11241100x8000000000000000405835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.183{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65644929c8d1c8dd2021-12-21 10:41:09.183root 11241100x8000000000000000405836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.184{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e533069919dd154e2021-12-21 10:41:09.184root 11241100x8000000000000000405837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.184{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d26e8ac6c07b04622021-12-21 10:41:09.184root 11241100x8000000000000000405838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.184{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9231cbbb9c0e2c42021-12-21 10:41:09.184root 11241100x8000000000000000405839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.184{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e3dbf559d1cf4fa2021-12-21 10:41:09.184root 11241100x8000000000000000405840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.184{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdad186a14c1b95d2021-12-21 10:41:09.184root 11241100x8000000000000000405841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.184{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72569e75f3df2b702021-12-21 10:41:09.184root 11241100x8000000000000000405842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.184{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e972b4ec1a7bfab2021-12-21 10:41:09.184root 11241100x8000000000000000405843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.184{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a764f2700bd4792021-12-21 10:41:09.184root 11241100x8000000000000000405844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.184{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d23a85afaa0d9f22021-12-21 10:41:09.184root 11241100x8000000000000000405845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.184{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf08a1e7033db692021-12-21 10:41:09.184root 11241100x8000000000000000405846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.185{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29234c29e2d6fa632021-12-21 10:41:09.185root 11241100x8000000000000000405847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.185{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11032ac61cf919f82021-12-21 10:41:09.185root 11241100x8000000000000000405848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.951b92f7a0eeb7aa2021-12-21 10:41:09.443root 11241100x8000000000000000405849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a26eee8e55f41f2021-12-21 10:41:09.443root 11241100x8000000000000000405850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52cfc4ddd8a326f52021-12-21 10:41:09.443root 11241100x8000000000000000405851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aae855f38b66a432021-12-21 10:41:09.443root 11241100x8000000000000000405852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8119ca261d0bf392021-12-21 10:41:09.444root 11241100x8000000000000000405853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a2007a3fbf395692021-12-21 10:41:09.444root 11241100x8000000000000000405854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb7951899d5af582021-12-21 10:41:09.444root 11241100x8000000000000000405855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534c47be57a016162021-12-21 10:41:09.444root 11241100x8000000000000000405856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a95287a58e2ae8bc2021-12-21 10:41:09.444root 11241100x8000000000000000405857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f991b945b5b83f542021-12-21 10:41:09.444root 11241100x8000000000000000405858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc853c527f53351a2021-12-21 10:41:09.444root 11241100x8000000000000000405859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e3e2392792b0ed2021-12-21 10:41:09.444root 11241100x8000000000000000405860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0187a320ecf47c22021-12-21 10:41:09.444root 11241100x8000000000000000405861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d03627196fc993802021-12-21 10:41:09.444root 11241100x8000000000000000405862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.851310020382c8742021-12-21 10:41:09.444root 11241100x8000000000000000405863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc64c331f82366f92021-12-21 10:41:09.444root 11241100x8000000000000000405864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae4e6b2c08d0f652021-12-21 10:41:09.444root 11241100x8000000000000000405865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7babec95eff3026b2021-12-21 10:41:09.445root 11241100x8000000000000000405866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e136ae7abc75e21c2021-12-21 10:41:09.445root 11241100x8000000000000000405867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46585cd36015884e2021-12-21 10:41:09.445root 11241100x8000000000000000405868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9573b48a3bea96d72021-12-21 10:41:09.445root 11241100x8000000000000000405869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b5271168d48b972021-12-21 10:41:09.445root 11241100x8000000000000000405870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b96e5e2cbbf447a2021-12-21 10:41:09.943root 11241100x8000000000000000405871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.942d95f1886b19ac2021-12-21 10:41:09.943root 11241100x8000000000000000405872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a1ef348540cb1c82021-12-21 10:41:09.943root 11241100x8000000000000000405873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6633ccf5d4bbe00f2021-12-21 10:41:09.943root 11241100x8000000000000000405874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e75e7b86d8cfa32021-12-21 10:41:09.943root 11241100x8000000000000000405875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67529d6d4e2b4bf62021-12-21 10:41:09.943root 11241100x8000000000000000405876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6199ad8707061ffd2021-12-21 10:41:09.943root 11241100x8000000000000000405877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c70f5b6c352ffe2021-12-21 10:41:09.944root 11241100x8000000000000000405878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d50db9f6a70470232021-12-21 10:41:09.944root 11241100x8000000000000000405879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.730b71d37093c2b22021-12-21 10:41:09.944root 11241100x8000000000000000405880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02783b1c997db2612021-12-21 10:41:09.944root 11241100x8000000000000000405881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.663f2f143dc8707c2021-12-21 10:41:09.944root 11241100x8000000000000000405882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0eb782fdb184292021-12-21 10:41:09.944root 11241100x8000000000000000405883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fab89c6f797fc052021-12-21 10:41:09.944root 11241100x8000000000000000405884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b6492aad931d672021-12-21 10:41:09.944root 11241100x8000000000000000405885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f0387fabb215662021-12-21 10:41:09.944root 11241100x8000000000000000405886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d1018d94cfb0bb32021-12-21 10:41:09.945root 11241100x8000000000000000405887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df9eab95b73328b2021-12-21 10:41:09.945root 11241100x8000000000000000405888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d5898ee3265491e2021-12-21 10:41:09.945root 11241100x8000000000000000405889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c300edb7fbda7a2021-12-21 10:41:09.945root 11241100x8000000000000000405890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea49393a9a43e7212021-12-21 10:41:09.945root 11241100x8000000000000000405891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd5450fc3de729c2021-12-21 10:41:09.945root 354300x8000000000000000405892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.252{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47454-false10.0.1.12-8000- 11241100x8000000000000000405893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4225a4c65e0a51332021-12-21 10:41:10.253root 11241100x8000000000000000405894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb6f0ae957e1c8512021-12-21 10:41:10.253root 11241100x8000000000000000405895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22dd9d92755ae84f2021-12-21 10:41:10.253root 11241100x8000000000000000405896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.254{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b03670b87d2b1132021-12-21 10:41:10.254root 11241100x8000000000000000405897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.254{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31533489ff3a7aa52021-12-21 10:41:10.254root 11241100x8000000000000000405898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.254{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c808052cd033a832021-12-21 10:41:10.254root 11241100x8000000000000000405899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.255{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a2a24ccfa9893b2021-12-21 10:41:10.255root 11241100x8000000000000000405900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.255{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a96508f8dab033832021-12-21 10:41:10.255root 11241100x8000000000000000405901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.255{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa4b7a07d2bcdff2021-12-21 10:41:10.255root 11241100x8000000000000000405902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.255{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.694ee199e64313a52021-12-21 10:41:10.255root 11241100x8000000000000000405903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.255{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.441bc836c9f513ff2021-12-21 10:41:10.255root 11241100x8000000000000000405904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.255{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ebe02b88222e4652021-12-21 10:41:10.255root 11241100x8000000000000000405905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.255{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f5c62974d199312021-12-21 10:41:10.255root 11241100x8000000000000000405906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.255{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d55c5a119b49ff22021-12-21 10:41:10.255root 11241100x8000000000000000405907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.255{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3be766cdde42996d2021-12-21 10:41:10.255root 11241100x8000000000000000405908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.255{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.474a6c172884c0132021-12-21 10:41:10.255root 11241100x8000000000000000405909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.255{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074f13b54626b6d72021-12-21 10:41:10.255root 11241100x8000000000000000405910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.660cfdcb489989132021-12-21 10:41:10.256root 11241100x8000000000000000405911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f35a0354d20cdf542021-12-21 10:41:10.256root 11241100x8000000000000000405912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0073a2617bf608332021-12-21 10:41:10.256root 11241100x8000000000000000405913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d2fa9df7dc4941c2021-12-21 10:41:10.256root 11241100x8000000000000000405914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f91f375ef8e2902021-12-21 10:41:10.256root 11241100x8000000000000000405915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e259ff7be09f362021-12-21 10:41:10.256root 11241100x8000000000000000405916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce48c02894127c72021-12-21 10:41:10.256root 11241100x8000000000000000405917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e97921b4b8f43d6b2021-12-21 10:41:10.256root 11241100x8000000000000000405918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0c09ff400a2b3cf2021-12-21 10:41:10.256root 11241100x8000000000000000405919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba335e1acc0c5d0c2021-12-21 10:41:10.256root 11241100x8000000000000000405920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a732a620e02bd522021-12-21 10:41:10.256root 11241100x8000000000000000405921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e369fcf107c0e4f22021-12-21 10:41:10.693root 11241100x8000000000000000405922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea0f452165662262021-12-21 10:41:10.693root 11241100x8000000000000000405923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f34ab6446f10680b2021-12-21 10:41:10.693root 11241100x8000000000000000405924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f72d787c2a839e9b2021-12-21 10:41:10.693root 11241100x8000000000000000405925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07222baf1a26cbf42021-12-21 10:41:10.693root 11241100x8000000000000000405926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d92d3816a418022021-12-21 10:41:10.693root 11241100x8000000000000000405927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335a84ee6585c31d2021-12-21 10:41:10.693root 11241100x8000000000000000405928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f5e8b965e87ad52021-12-21 10:41:10.693root 11241100x8000000000000000405929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b5f89fd1a2beb6c2021-12-21 10:41:10.693root 11241100x8000000000000000405930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9463e75e834e1472021-12-21 10:41:10.693root 11241100x8000000000000000405931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e3c2244d85514b2021-12-21 10:41:10.693root 11241100x8000000000000000405932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3b7918095f639d2021-12-21 10:41:10.693root 11241100x8000000000000000405933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb235f31405877132021-12-21 10:41:10.693root 11241100x8000000000000000405934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b870eda2d244742021-12-21 10:41:10.693root 11241100x8000000000000000405935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bcf969f14d711132021-12-21 10:41:10.694root 11241100x8000000000000000405936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2574dfe790082d352021-12-21 10:41:10.694root 11241100x8000000000000000405937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c820e90508185442021-12-21 10:41:10.694root 11241100x8000000000000000405938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0648c05f3ea59eb2021-12-21 10:41:10.694root 11241100x8000000000000000405939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb0f559eacdd8a382021-12-21 10:41:10.694root 11241100x8000000000000000405940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17b52aa12789f5d82021-12-21 10:41:10.694root 11241100x8000000000000000405941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3f0ee2261330ec2021-12-21 10:41:10.694root 11241100x8000000000000000405942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19b0bd3bb04b5b6d2021-12-21 10:41:10.694root 11241100x8000000000000000405943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08faf5a09743b83d2021-12-21 10:41:10.694root 11241100x8000000000000000405944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e327af0c6af653d72021-12-21 10:41:10.694root 11241100x8000000000000000405945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c43d29258d26422021-12-21 10:41:10.694root 11241100x8000000000000000405946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b81d24b122740342021-12-21 10:41:10.694root 11241100x8000000000000000405947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed16a6f719ec4fd62021-12-21 10:41:10.694root 11241100x8000000000000000405948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c98b093e1e07a6f2021-12-21 10:41:10.694root 11241100x8000000000000000405949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c658ec046bf5242021-12-21 10:41:10.694root 11241100x8000000000000000405950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.474bef6a50e56c042021-12-21 10:41:10.695root 11241100x8000000000000000405951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f1f601220b4e432021-12-21 10:41:10.695root 11241100x8000000000000000405952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1130a91bcd5647892021-12-21 10:41:10.695root 11241100x8000000000000000405953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeefd0b6423c18aa2021-12-21 10:41:10.695root 11241100x8000000000000000405954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1618322967fe37f2021-12-21 10:41:10.695root 11241100x8000000000000000405955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78335c4a840f72a72021-12-21 10:41:10.696root 11241100x8000000000000000405956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e15fe0ba1ccd1e622021-12-21 10:41:10.696root 11241100x8000000000000000405957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f76d72fa235861e2021-12-21 10:41:10.696root 11241100x8000000000000000405958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb22ec666b44dfb2021-12-21 10:41:10.696root 11241100x8000000000000000405959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7568eb0b2cb6b3282021-12-21 10:41:10.696root 11241100x8000000000000000405960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4817dfac48db36fd2021-12-21 10:41:10.696root 11241100x8000000000000000405961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a92f2164f9a8b652021-12-21 10:41:10.696root 11241100x8000000000000000405962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bac84689dea2a1b2021-12-21 10:41:10.696root 11241100x8000000000000000405963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.050ad9abc1d98a5e2021-12-21 10:41:10.696root 11241100x8000000000000000405964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709df099cfee33002021-12-21 10:41:10.696root 11241100x8000000000000000405965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f3ae5b1de7eed82021-12-21 10:41:10.696root 11241100x8000000000000000405966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:10.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.862f8019060c4a5c2021-12-21 10:41:10.696root 11241100x8000000000000000405967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab708384fe146702021-12-21 10:41:11.193root 11241100x8000000000000000405968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6eb4e8c6f45ada62021-12-21 10:41:11.194root 11241100x8000000000000000405969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b78311cc0d80a8a12021-12-21 10:41:11.194root 11241100x8000000000000000405970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d926b83dc41073592021-12-21 10:41:11.194root 11241100x8000000000000000405971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c6b41f4d03a0f12021-12-21 10:41:11.194root 11241100x8000000000000000405972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3bb45706150b2362021-12-21 10:41:11.195root 11241100x8000000000000000405973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69970695fa9aed7e2021-12-21 10:41:11.195root 11241100x8000000000000000405974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7ad8ba2bab5ca3e2021-12-21 10:41:11.195root 11241100x8000000000000000405975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3063749541dcb79a2021-12-21 10:41:11.195root 11241100x8000000000000000405976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:11.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.266cfb3d0ad092d02021-12-21 10:41:11.196root 11241100x8000000000000000405977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:11.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbc9a34ddb51e2772021-12-21 10:41:11.196root 11241100x8000000000000000405978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:11.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d8f73fa948a1f02021-12-21 10:41:11.196root 11241100x8000000000000000405979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:11.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43954ff54ebf99532021-12-21 10:41:11.196root 11241100x8000000000000000405980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:11.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe8b77037d1a1c7d2021-12-21 10:41:11.196root 11241100x8000000000000000405981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:11.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1fa8a977a2a34682021-12-21 10:41:11.197root 11241100x8000000000000000405982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:11.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc878fba5f8b36b2021-12-21 10:41:11.198root 11241100x8000000000000000405983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:11.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df0363bb399d37ad2021-12-21 10:41:11.198root 11241100x8000000000000000405984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:11.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10e86887b5a9a06d2021-12-21 10:41:11.198root 11241100x8000000000000000405985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:11.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d5e9b80570b9362021-12-21 10:41:11.199root 11241100x8000000000000000405986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:11.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a27d43beafc69c2021-12-21 10:41:11.199root 11241100x8000000000000000405987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:11.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f5f4134ad11e5172021-12-21 10:41:11.199root 11241100x8000000000000000405988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:11.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca444951e1dcc202021-12-21 10:41:11.200root 11241100x8000000000000000405989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:11.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.025ff8e0bc6f908d2021-12-21 10:41:11.200root 11241100x8000000000000000405990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25825e72fb6ede0e2021-12-21 10:41:11.693root 11241100x8000000000000000405991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee603fb4874122ee2021-12-21 10:41:11.694root 11241100x8000000000000000405992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5549d86fdd0fc94b2021-12-21 10:41:11.694root 11241100x8000000000000000405993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80381d6a127359d72021-12-21 10:41:11.694root 11241100x8000000000000000405994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa8a93bef717f0e22021-12-21 10:41:11.694root 11241100x8000000000000000405995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d1e5d22d02cf9d2021-12-21 10:41:11.694root 11241100x8000000000000000405996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8084fa15c9a72a0c2021-12-21 10:41:11.695root 11241100x8000000000000000405997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64b19145f77926d52021-12-21 10:41:11.695root 11241100x8000000000000000405998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.652362fd11a7a6dc2021-12-21 10:41:11.695root 11241100x8000000000000000405999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:11.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.886780b806c2b7c92021-12-21 10:41:11.698root 11241100x8000000000000000406000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:11.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6583a355382d4f712021-12-21 10:41:11.698root 11241100x8000000000000000406001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:11.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5adf734197bb67712021-12-21 10:41:11.698root 11241100x8000000000000000406002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:11.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ecea7a3c73b4532021-12-21 10:41:11.698root 11241100x8000000000000000406003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:11.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de3e61212797631f2021-12-21 10:41:11.698root 11241100x8000000000000000406004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:11.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94aa26e7ea2e72a02021-12-21 10:41:11.698root 11241100x8000000000000000406005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:11.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bbb9e4a4749a11c2021-12-21 10:41:11.698root 11241100x8000000000000000406006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:11.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e09176ca12071dc22021-12-21 10:41:11.698root 11241100x8000000000000000406007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:11.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.122b7ad3eb0f54532021-12-21 10:41:11.699root 11241100x8000000000000000406008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:11.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e92e45b148eb6372021-12-21 10:41:11.699root 11241100x8000000000000000406009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:11.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.061600b94e5a25e12021-12-21 10:41:11.699root 11241100x8000000000000000406010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:11.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec268713e1fcc6162021-12-21 10:41:11.699root 11241100x8000000000000000406011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:11.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab1fc70c6e4e8f6a2021-12-21 10:41:11.699root 11241100x8000000000000000406012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:11.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e8628ed660fb4402021-12-21 10:41:11.699root 11241100x8000000000000000406013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:12.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58de16cb9b4ac6c72021-12-21 10:41:12.192root 11241100x8000000000000000406014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e36e3e3a16e7302021-12-21 10:41:12.193root 11241100x8000000000000000406015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f0e64792e63a5392021-12-21 10:41:12.193root 11241100x8000000000000000406016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6076bf569d71e14f2021-12-21 10:41:12.193root 11241100x8000000000000000406017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8016b8f79e92d0e2021-12-21 10:41:12.193root 11241100x8000000000000000406018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bfa236d19dc080e2021-12-21 10:41:12.193root 11241100x8000000000000000406019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cd2bf90a90fe53a2021-12-21 10:41:12.193root 11241100x8000000000000000406020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fcae63720f7cf882021-12-21 10:41:12.193root 11241100x8000000000000000406021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50dfbed789dd69e42021-12-21 10:41:12.193root 11241100x8000000000000000406022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe2c5b284b4623a92021-12-21 10:41:12.193root 11241100x8000000000000000406023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1c9662b2328aa082021-12-21 10:41:12.193root 11241100x8000000000000000406024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874eb6a2886779b42021-12-21 10:41:12.193root 11241100x8000000000000000406025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00ab9af5369fe0ba2021-12-21 10:41:12.193root 11241100x8000000000000000406026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4220eb51c4fd1ed82021-12-21 10:41:12.193root 11241100x8000000000000000406027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c40ec96ddf85dd2c2021-12-21 10:41:12.193root 11241100x8000000000000000406028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7753ce373251a74b2021-12-21 10:41:12.193root 11241100x8000000000000000406029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46ed32038979440b2021-12-21 10:41:12.194root 11241100x8000000000000000406030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d66b704754807ec02021-12-21 10:41:12.194root 11241100x8000000000000000406031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4619cc4c80c64f7b2021-12-21 10:41:12.194root 11241100x8000000000000000406032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2dd23928c14da1d2021-12-21 10:41:12.194root 11241100x8000000000000000406033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0722b48594041ebe2021-12-21 10:41:12.194root 11241100x8000000000000000406034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efac83be60f8f0192021-12-21 10:41:12.194root 11241100x8000000000000000406035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a5eb6050ed65ad02021-12-21 10:41:12.194root 11241100x8000000000000000406036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e9ff9590434896e2021-12-21 10:41:12.194root 11241100x8000000000000000406037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92cc10069d44c7252021-12-21 10:41:12.195root 11241100x8000000000000000406038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23611e4b56da95272021-12-21 10:41:12.195root 11241100x8000000000000000406039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d576323b830c8dd2021-12-21 10:41:12.195root 11241100x8000000000000000406040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.257ea54ca2ef19292021-12-21 10:41:12.195root 11241100x8000000000000000406041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdad01f42bb121752021-12-21 10:41:12.195root 11241100x8000000000000000406042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b9b28c37a39d9b42021-12-21 10:41:12.195root 11241100x8000000000000000406043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576d9591f28fbffa2021-12-21 10:41:12.693root 11241100x8000000000000000406044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.933bceae2342f30d2021-12-21 10:41:12.693root 11241100x8000000000000000406045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7901e3a40842eba22021-12-21 10:41:12.693root 11241100x8000000000000000406046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78957040acf82f602021-12-21 10:41:12.693root 11241100x8000000000000000406047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e28bac846e80a842021-12-21 10:41:12.693root 11241100x8000000000000000406048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a5b568f8d81cae2021-12-21 10:41:12.693root 11241100x8000000000000000406049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf51471e5aa7b9ab2021-12-21 10:41:12.693root 11241100x8000000000000000406050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5864fea3130423c32021-12-21 10:41:12.693root 11241100x8000000000000000406051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aee092e3110aedb2021-12-21 10:41:12.694root 11241100x8000000000000000406052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.802172dc6d5f8a5c2021-12-21 10:41:12.694root 11241100x8000000000000000406053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.329e2107a99ac68a2021-12-21 10:41:12.694root 11241100x8000000000000000406054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b134a80f60edb22021-12-21 10:41:12.694root 11241100x8000000000000000406055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24ad1faca2b347de2021-12-21 10:41:12.694root 11241100x8000000000000000406056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d346a9ee5020e32021-12-21 10:41:12.694root 11241100x8000000000000000406057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1531f6408b16f11b2021-12-21 10:41:12.694root 11241100x8000000000000000406058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffb3008f3b976c6a2021-12-21 10:41:12.694root 11241100x8000000000000000406059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebeaa1026c8dcfa82021-12-21 10:41:12.694root 11241100x8000000000000000406060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.708cd135a6a9b4262021-12-21 10:41:12.694root 11241100x8000000000000000406061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bfa0e9fea5195e32021-12-21 10:41:12.695root 11241100x8000000000000000406062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24003f22fe424bba2021-12-21 10:41:12.695root 11241100x8000000000000000406063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.705abb3cf22b65152021-12-21 10:41:12.695root 11241100x8000000000000000406064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f391fbf89c9adc42021-12-21 10:41:12.695root 11241100x8000000000000000406065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f13fe9630e83b132021-12-21 10:41:12.695root 11241100x8000000000000000406066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c1a52cc011dfe52021-12-21 10:41:13.193root 11241100x8000000000000000406067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9c51a217376e9a2021-12-21 10:41:13.193root 11241100x8000000000000000406068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b141c28bb16c47ef2021-12-21 10:41:13.193root 11241100x8000000000000000406069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9028af68c0f392282021-12-21 10:41:13.193root 11241100x8000000000000000406070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8d9528c76c5f672021-12-21 10:41:13.193root 11241100x8000000000000000406071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb583223c8d351da2021-12-21 10:41:13.193root 11241100x8000000000000000406072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f6e444df631d6b2021-12-21 10:41:13.193root 11241100x8000000000000000406073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1894cbcf4ce7d462021-12-21 10:41:13.194root 11241100x8000000000000000406074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f63960934097d54b2021-12-21 10:41:13.194root 11241100x8000000000000000406075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3133bb6c960adad02021-12-21 10:41:13.194root 11241100x8000000000000000406076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aa7558c79950a232021-12-21 10:41:13.194root 11241100x8000000000000000406077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9dfcd2c7a6471da2021-12-21 10:41:13.194root 11241100x8000000000000000406078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58566b2b7a453a802021-12-21 10:41:13.194root 11241100x8000000000000000406079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d80f2c47628bb8bc2021-12-21 10:41:13.194root 11241100x8000000000000000406080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19cb634d5dbc71b82021-12-21 10:41:13.194root 11241100x8000000000000000406081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.027996043f8e41022021-12-21 10:41:13.194root 11241100x8000000000000000406082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af2535b2fb393f92021-12-21 10:41:13.194root 11241100x8000000000000000406083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8d9d35aced33f472021-12-21 10:41:13.194root 11241100x8000000000000000406084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c372620ad4ca4592021-12-21 10:41:13.194root 11241100x8000000000000000406085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39f751c66bdc5d622021-12-21 10:41:13.194root 11241100x8000000000000000406086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d6fca7fe6ebd9982021-12-21 10:41:13.194root 11241100x8000000000000000406087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c09c0418e5c242f2021-12-21 10:41:13.195root 11241100x8000000000000000406088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef9702cf478597562021-12-21 10:41:13.195root 11241100x8000000000000000406089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.873968cd10e0b1c32021-12-21 10:41:13.693root 11241100x8000000000000000406090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31772e69031a0bd22021-12-21 10:41:13.693root 11241100x8000000000000000406091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a7d78680b9f7c842021-12-21 10:41:13.693root 11241100x8000000000000000406092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f497e2a4f9b3aad2021-12-21 10:41:13.693root 11241100x8000000000000000406093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a501605c9ced7d4e2021-12-21 10:41:13.693root 11241100x8000000000000000406094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.203564e76fc6f6bd2021-12-21 10:41:13.693root 11241100x8000000000000000406095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50415159f5ecca2b2021-12-21 10:41:13.693root 11241100x8000000000000000406096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f28ae4dd5f67612021-12-21 10:41:13.693root 11241100x8000000000000000406097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5853fa7dbfec19092021-12-21 10:41:13.694root 11241100x8000000000000000406098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a55c10a2b07d8b2021-12-21 10:41:13.694root 11241100x8000000000000000406099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fcb780e2445a97d2021-12-21 10:41:13.694root 11241100x8000000000000000406100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fe271c8bbba8d1b2021-12-21 10:41:13.694root 11241100x8000000000000000406101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca85e46ccb05f2ba2021-12-21 10:41:13.694root 11241100x8000000000000000406102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e028d8c5934b3d202021-12-21 10:41:13.694root 11241100x8000000000000000406103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ee4dc6545671b42021-12-21 10:41:13.694root 11241100x8000000000000000406104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2133252d021e596d2021-12-21 10:41:13.694root 11241100x8000000000000000406105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.355efe1ad67a1c222021-12-21 10:41:13.694root 11241100x8000000000000000406106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fabe05a68f808f2a2021-12-21 10:41:13.694root 11241100x8000000000000000406107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.979ede91a921074a2021-12-21 10:41:13.694root 11241100x8000000000000000406108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc9e769cbedcfcdc2021-12-21 10:41:13.694root 11241100x8000000000000000406109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4063b5280cf018432021-12-21 10:41:13.695root 11241100x8000000000000000406110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d93cecee68b0d272021-12-21 10:41:13.695root 11241100x8000000000000000406111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398b0d5b0f55b8ea2021-12-21 10:41:13.695root 11241100x8000000000000000406112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d4b643f91835c62021-12-21 10:41:13.695root 11241100x8000000000000000406113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c55f821cccfa792021-12-21 10:41:13.695root 11241100x8000000000000000406114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c07a8d1fef2024c2021-12-21 10:41:13.695root 11241100x8000000000000000406115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae8f6fa88593a6032021-12-21 10:41:14.193root 11241100x8000000000000000406116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae5ae61eab8469a2021-12-21 10:41:14.193root 11241100x8000000000000000406117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a4692f399f7ab82021-12-21 10:41:14.193root 11241100x8000000000000000406118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55de8bacbb2c228d2021-12-21 10:41:14.193root 11241100x8000000000000000406119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49d009d739d7a8db2021-12-21 10:41:14.193root 11241100x8000000000000000406120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48eeff10dd3e7c1f2021-12-21 10:41:14.193root 11241100x8000000000000000406121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c6590d9a9f9be3c2021-12-21 10:41:14.193root 11241100x8000000000000000406122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ede89e97d5aa6452021-12-21 10:41:14.194root 11241100x8000000000000000406123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f15b493e5151ca2021-12-21 10:41:14.194root 11241100x8000000000000000406124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e12928f2642a112021-12-21 10:41:14.194root 11241100x8000000000000000406125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c15bc971249e452021-12-21 10:41:14.194root 11241100x8000000000000000406126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef16f6231378cde2021-12-21 10:41:14.194root 11241100x8000000000000000406127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95bef0591360c4c02021-12-21 10:41:14.194root 11241100x8000000000000000406128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c8839ab6f6f3df2021-12-21 10:41:14.194root 11241100x8000000000000000406129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e129203ee6030362021-12-21 10:41:14.194root 11241100x8000000000000000406130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.622916ca7e3df2582021-12-21 10:41:14.194root 11241100x8000000000000000406131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65ba7eb97955b48e2021-12-21 10:41:14.194root 11241100x8000000000000000406132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28531e19b25f98042021-12-21 10:41:14.194root 11241100x8000000000000000406133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b73b7d6a760071f2021-12-21 10:41:14.194root 11241100x8000000000000000406134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c9ed8887c21d1c2021-12-21 10:41:14.194root 11241100x8000000000000000406135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2d0c72a40a80422021-12-21 10:41:14.195root 11241100x8000000000000000406136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f5cea2615a0b74b2021-12-21 10:41:14.195root 11241100x8000000000000000406137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3230d4530a1d75ff2021-12-21 10:41:14.195root 11241100x8000000000000000406138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d526d425a0da698b2021-12-21 10:41:14.693root 11241100x8000000000000000406139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a425c841908443f2021-12-21 10:41:14.694root 11241100x8000000000000000406140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1033e59f435938bb2021-12-21 10:41:14.694root 11241100x8000000000000000406141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f9d4014568e3b22021-12-21 10:41:14.694root 11241100x8000000000000000406142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2662a8901f36ed052021-12-21 10:41:14.694root 11241100x8000000000000000406143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065cbf3b8bd138922021-12-21 10:41:14.694root 11241100x8000000000000000406144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81edd310753ec5a2021-12-21 10:41:14.694root 11241100x8000000000000000406145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f33f67979c135ee2021-12-21 10:41:14.694root 11241100x8000000000000000406146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d1f3e7d5a26e2f12021-12-21 10:41:14.694root 11241100x8000000000000000406147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc114ff926b841a22021-12-21 10:41:14.694root 11241100x8000000000000000406148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7602c834262b8d772021-12-21 10:41:14.694root 11241100x8000000000000000406149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19952cb786e6b2d22021-12-21 10:41:14.694root 11241100x8000000000000000406150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a0e91fe57f1ba32021-12-21 10:41:14.694root 11241100x8000000000000000406151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05acb304bd578daf2021-12-21 10:41:14.694root 11241100x8000000000000000406152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f73dbd59d10ac902021-12-21 10:41:14.695root 11241100x8000000000000000406153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.455ec5ec7d85db142021-12-21 10:41:14.695root 11241100x8000000000000000406154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292ff8dafa24ba692021-12-21 10:41:14.695root 11241100x8000000000000000406155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.629d0b4271e68c3b2021-12-21 10:41:14.695root 11241100x8000000000000000406156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f73cd5fbba670d62021-12-21 10:41:14.695root 11241100x8000000000000000406157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f401f64a894605b2021-12-21 10:41:14.695root 11241100x8000000000000000406158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2c99af86efc0a232021-12-21 10:41:14.695root 11241100x8000000000000000406159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3e6d94ea6f88632021-12-21 10:41:14.695root 11241100x8000000000000000406160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f45f05fb200a038b2021-12-21 10:41:14.695root 11241100x8000000000000000406161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42e355df1f40404d2021-12-21 10:41:15.193root 11241100x8000000000000000406162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4938527dcb3ac6122021-12-21 10:41:15.193root 11241100x8000000000000000406163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff0a3d38788730842021-12-21 10:41:15.193root 11241100x8000000000000000406164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.280de2eef97da4262021-12-21 10:41:15.193root 11241100x8000000000000000406165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01bfb3a5595f21202021-12-21 10:41:15.193root 11241100x8000000000000000406166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9223bd76e85f3b102021-12-21 10:41:15.193root 11241100x8000000000000000406167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e564a35d752e7a7d2021-12-21 10:41:15.193root 11241100x8000000000000000406168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b4dd509568711a2021-12-21 10:41:15.193root 11241100x8000000000000000406169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac33297277f60a3a2021-12-21 10:41:15.194root 11241100x8000000000000000406170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad53a3618cd238492021-12-21 10:41:15.194root 11241100x8000000000000000406171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e72815ede55dc012021-12-21 10:41:15.194root 11241100x8000000000000000406172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ebff697fe3455d62021-12-21 10:41:15.194root 11241100x8000000000000000406173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd3160caaa20fe92021-12-21 10:41:15.194root 11241100x8000000000000000406174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e235350d17ec0212021-12-21 10:41:15.194root 11241100x8000000000000000406175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a144a1657617efa22021-12-21 10:41:15.194root 11241100x8000000000000000406176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb9e1ae6c4d0d7f42021-12-21 10:41:15.194root 11241100x8000000000000000406177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb888143bd5287342021-12-21 10:41:15.194root 11241100x8000000000000000406178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e678e8636475cc202021-12-21 10:41:15.194root 11241100x8000000000000000406179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d3d03fd10babd32021-12-21 10:41:15.194root 11241100x8000000000000000406180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c682634c73ff5e2021-12-21 10:41:15.194root 11241100x8000000000000000406181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c847886a1b1a56c2021-12-21 10:41:15.194root 11241100x8000000000000000406182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.163012de1c0734582021-12-21 10:41:15.194root 11241100x8000000000000000406183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506365851c970d612021-12-21 10:41:15.194root 11241100x8000000000000000406184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.204ef35a41069f092021-12-21 10:41:15.194root 11241100x8000000000000000406185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c9bd66288bf9aa2021-12-21 10:41:15.195root 11241100x8000000000000000406186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c1e0e1efa79b08e2021-12-21 10:41:15.195root 11241100x8000000000000000406187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078370fdfac018622021-12-21 10:41:15.195root 11241100x8000000000000000406188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55af577feeea35572021-12-21 10:41:15.195root 11241100x8000000000000000406189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1518d13915663e392021-12-21 10:41:15.195root 11241100x8000000000000000406190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.682d3b7ef5441fec2021-12-21 10:41:15.195root 11241100x8000000000000000406191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70cdceb38f3af3c12021-12-21 10:41:15.195root 11241100x8000000000000000406192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48885630905f4eea2021-12-21 10:41:15.195root 11241100x8000000000000000406193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e07c1d5ea31c3c2021-12-21 10:41:15.195root 11241100x8000000000000000406194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4ae148b4e49f93c2021-12-21 10:41:15.195root 11241100x8000000000000000406195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe55066e3361ff422021-12-21 10:41:15.692root 11241100x8000000000000000406196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdbfaf5c4d980c702021-12-21 10:41:15.693root 11241100x8000000000000000406197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e4c0825f23477122021-12-21 10:41:15.693root 11241100x8000000000000000406198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6733047b724648f32021-12-21 10:41:15.693root 11241100x8000000000000000406199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b04d9f7694c01e2021-12-21 10:41:15.693root 11241100x8000000000000000406200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a104d8ec24affc22021-12-21 10:41:15.693root 11241100x8000000000000000406201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931a9beecd46263b2021-12-21 10:41:15.693root 11241100x8000000000000000406202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af55891f85da30f22021-12-21 10:41:15.693root 11241100x8000000000000000406203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.315699ae955b4fe82021-12-21 10:41:15.693root 11241100x8000000000000000406204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1096d5123604a3922021-12-21 10:41:15.693root 11241100x8000000000000000406205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3533c9a5d0d45a2c2021-12-21 10:41:15.693root 11241100x8000000000000000406206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.179f8477f84dfafc2021-12-21 10:41:15.694root 11241100x8000000000000000406207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5944cf97c91b98952021-12-21 10:41:15.694root 11241100x8000000000000000406208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7f3bf5e3fcc72be2021-12-21 10:41:15.694root 11241100x8000000000000000406209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27103e6c1508a3992021-12-21 10:41:15.694root 11241100x8000000000000000406210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3f7491229b1a1f2021-12-21 10:41:15.694root 11241100x8000000000000000406211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa190a9706774e9e2021-12-21 10:41:15.694root 11241100x8000000000000000406212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0fb5f654f8ed24d2021-12-21 10:41:15.694root 11241100x8000000000000000406213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be99a5fa1a893cbb2021-12-21 10:41:15.694root 11241100x8000000000000000406214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ead2c4e204b515462021-12-21 10:41:15.694root 11241100x8000000000000000406215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2139d6dbe45142d2021-12-21 10:41:15.694root 11241100x8000000000000000406216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f1a9391256bd622021-12-21 10:41:15.695root 11241100x8000000000000000406217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15aa31b37490957a2021-12-21 10:41:15.695root 11241100x8000000000000000406218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a62b846907c82882021-12-21 10:41:15.695root 11241100x8000000000000000406219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16b57eb807dccbdf2021-12-21 10:41:15.695root 11241100x8000000000000000406220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d01905770bb338b2021-12-21 10:41:15.695root 11241100x8000000000000000406221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ba7e0c0747b69d92021-12-21 10:41:15.695root 11241100x8000000000000000406222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d044499a0650d0692021-12-21 10:41:15.695root 11241100x8000000000000000406223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8c93f33a41523c62021-12-21 10:41:15.695root 11241100x8000000000000000406224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c1b8a5e04944882021-12-21 10:41:15.695root 11241100x8000000000000000406225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.679cb248e76f53df2021-12-21 10:41:15.696root 11241100x8000000000000000406226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c232bd8f56518b02021-12-21 10:41:15.696root 11241100x8000000000000000406227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4ae4d9e68d8163a2021-12-21 10:41:15.696root 11241100x8000000000000000406228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e35d1d7c4b80502021-12-21 10:41:15.696root 11241100x8000000000000000406229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.018fdaf2756412562021-12-21 10:41:15.696root 11241100x8000000000000000406230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2bdd934e3de03812021-12-21 10:41:15.696root 11241100x8000000000000000406231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9fd250090d2d502021-12-21 10:41:15.696root 11241100x8000000000000000406232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.739302d40e34ba322021-12-21 10:41:15.697root 11241100x8000000000000000406233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cda031848274ef12021-12-21 10:41:15.697root 11241100x8000000000000000406234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09126f67a9e694bb2021-12-21 10:41:15.697root 11241100x8000000000000000406235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e2d4e9d2d0de25e2021-12-21 10:41:15.697root 11241100x8000000000000000406236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c7e8219015a7ae2021-12-21 10:41:15.697root 11241100x8000000000000000406237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6318f88558c946ce2021-12-21 10:41:15.697root 11241100x8000000000000000406238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e9b8ea9736262f2021-12-21 10:41:15.697root 11241100x8000000000000000406239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b19a084b3bd3abaa2021-12-21 10:41:15.698root 11241100x8000000000000000406240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.648b78b1ad4aadd82021-12-21 10:41:15.698root 11241100x8000000000000000406241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7a529c9910fdab02021-12-21 10:41:15.698root 11241100x8000000000000000406242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2716a48710583932021-12-21 10:41:15.698root 11241100x8000000000000000406243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f356462fecb9e12021-12-21 10:41:15.698root 11241100x8000000000000000406244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed19e52a811566c32021-12-21 10:41:15.698root 11241100x8000000000000000406245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9e0e5ac973000382021-12-21 10:41:15.698root 11241100x8000000000000000406246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1139005db40241b2021-12-21 10:41:15.699root 11241100x8000000000000000406247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.618d9153c897ef152021-12-21 10:41:15.699root 11241100x8000000000000000406248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a2c29c768455f572021-12-21 10:41:15.699root 11241100x8000000000000000406249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5307d1d263c1d3892021-12-21 10:41:15.699root 11241100x8000000000000000406250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b82755c3c15d5e2021-12-21 10:41:15.700root 11241100x8000000000000000406251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:15.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b7bc07c220f2ea2021-12-21 10:41:15.700root 354300x8000000000000000406252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.137{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47456-false10.0.1.12-8000- 11241100x8000000000000000406253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba70e793ad71d522021-12-21 10:41:16.138root 11241100x8000000000000000406254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcbfe56a935feca52021-12-21 10:41:16.138root 11241100x8000000000000000406255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.281bfcb63f9912ee2021-12-21 10:41:16.139root 11241100x8000000000000000406256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7376829154bcb34d2021-12-21 10:41:16.139root 11241100x8000000000000000406257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6bc1b7c4762a58b2021-12-21 10:41:16.139root 11241100x8000000000000000406258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a384466f16c71c12021-12-21 10:41:16.139root 11241100x8000000000000000406259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c0ce95148d25d22021-12-21 10:41:16.139root 11241100x8000000000000000406260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee664a0e9e16660f2021-12-21 10:41:16.140root 11241100x8000000000000000406261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ba3ecfb6fc6709b2021-12-21 10:41:16.140root 11241100x8000000000000000406262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0384ab0830cff5842021-12-21 10:41:16.140root 11241100x8000000000000000406263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3094dbda57451382021-12-21 10:41:16.140root 11241100x8000000000000000406264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5021485fa76f43772021-12-21 10:41:16.140root 11241100x8000000000000000406265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23175e5aaf1af67a2021-12-21 10:41:16.140root 11241100x8000000000000000406266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc6b4ae6955e5f52021-12-21 10:41:16.141root 11241100x8000000000000000406267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd1839dc86e993c82021-12-21 10:41:16.141root 11241100x8000000000000000406268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c80e899bdfa8092021-12-21 10:41:16.141root 11241100x8000000000000000406269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94a4b7b6b88c613b2021-12-21 10:41:16.141root 11241100x8000000000000000406270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5e9bfde88edef382021-12-21 10:41:16.141root 11241100x8000000000000000406271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a23794c1004cb602021-12-21 10:41:16.142root 11241100x8000000000000000406272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd509bb55df88c2c2021-12-21 10:41:16.142root 11241100x8000000000000000406273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e27de9c82d9e81612021-12-21 10:41:16.142root 11241100x8000000000000000406274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e0e9c562e3bda072021-12-21 10:41:16.142root 11241100x8000000000000000406275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c4076811ba1d3f2021-12-21 10:41:16.142root 11241100x8000000000000000406276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e507e05325494c42021-12-21 10:41:16.142root 11241100x8000000000000000406277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1793f9a1ad4a273e2021-12-21 10:41:16.142root 11241100x8000000000000000406278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f5c7873a8e7bfbb2021-12-21 10:41:16.142root 11241100x8000000000000000406279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b7161c55bd78ec2021-12-21 10:41:16.143root 11241100x8000000000000000406280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.488adcac127e81122021-12-21 10:41:16.143root 11241100x8000000000000000406281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8130a51e01aaa722021-12-21 10:41:16.143root 11241100x8000000000000000406282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99954a0fe2233be52021-12-21 10:41:16.442root 11241100x8000000000000000406283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daa705f7d4fe95262021-12-21 10:41:16.443root 11241100x8000000000000000406284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cbd0fb14033ff7b2021-12-21 10:41:16.443root 11241100x8000000000000000406285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4581245407bc083b2021-12-21 10:41:16.443root 11241100x8000000000000000406286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e4f75b5bb7cc6532021-12-21 10:41:16.444root 11241100x8000000000000000406287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae9ffe7c772c11912021-12-21 10:41:16.444root 11241100x8000000000000000406288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d8e16fa60cc30b62021-12-21 10:41:16.444root 11241100x8000000000000000406289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3038e8c7cf7c3ee2021-12-21 10:41:16.445root 11241100x8000000000000000406290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c7daaafa81414c2021-12-21 10:41:16.445root 11241100x8000000000000000406291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e31c6ad0d04f6c2021-12-21 10:41:16.445root 11241100x8000000000000000406292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c20d4dacd18a5b1a2021-12-21 10:41:16.446root 11241100x8000000000000000406293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d974d801872d872021-12-21 10:41:16.446root 11241100x8000000000000000406294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ea524fcd1226942021-12-21 10:41:16.446root 11241100x8000000000000000406295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a5d97b189213292021-12-21 10:41:16.446root 11241100x8000000000000000406296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce63c43b93a176222021-12-21 10:41:16.447root 11241100x8000000000000000406297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae84c1b9d62928112021-12-21 10:41:16.447root 11241100x8000000000000000406298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0452790be43fc1132021-12-21 10:41:16.447root 11241100x8000000000000000406299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74af99a9291044862021-12-21 10:41:16.447root 11241100x8000000000000000406300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8990feb8bed3b12021-12-21 10:41:16.447root 11241100x8000000000000000406301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea1aa91f7bf0013c2021-12-21 10:41:16.447root 11241100x8000000000000000406302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9313a6d0541b63eb2021-12-21 10:41:16.447root 11241100x8000000000000000406303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2029a7beb66bdb12021-12-21 10:41:16.447root 11241100x8000000000000000406304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb65a7fcb4376812021-12-21 10:41:16.447root 11241100x8000000000000000406305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.117a549433722c492021-12-21 10:41:16.447root 11241100x8000000000000000406306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ba32995fa1caa82021-12-21 10:41:16.448root 11241100x8000000000000000406307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b451590d563744332021-12-21 10:41:16.448root 11241100x8000000000000000406308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5b12b87dd501412021-12-21 10:41:16.448root 11241100x8000000000000000406309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85731aee8e62cb8b2021-12-21 10:41:16.448root 11241100x8000000000000000406310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e2dbf1777852212021-12-21 10:41:16.448root 11241100x8000000000000000406311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12b99f741a133052021-12-21 10:41:16.943root 11241100x8000000000000000406312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ef14d4d7003e742021-12-21 10:41:16.943root 11241100x8000000000000000406313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6301cbd979a01b702021-12-21 10:41:16.943root 11241100x8000000000000000406314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c05b676944614d2021-12-21 10:41:16.944root 11241100x8000000000000000406315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.106bca3a26d59e062021-12-21 10:41:16.944root 11241100x8000000000000000406316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b28064562c37143b2021-12-21 10:41:16.944root 11241100x8000000000000000406317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2344e7923458515a2021-12-21 10:41:16.944root 11241100x8000000000000000406318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c69a1efbab4988d2021-12-21 10:41:16.944root 11241100x8000000000000000406319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81f23c471b006e262021-12-21 10:41:16.944root 11241100x8000000000000000406320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ecaa467e82d2bf22021-12-21 10:41:16.944root 11241100x8000000000000000406321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e4b5cc5bc316c122021-12-21 10:41:16.944root 11241100x8000000000000000406322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42e91dfe62e86b062021-12-21 10:41:16.944root 11241100x8000000000000000406323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c443eaba0d5b0b402021-12-21 10:41:16.944root 11241100x8000000000000000406324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5199aa5ac14fcfdd2021-12-21 10:41:16.944root 11241100x8000000000000000406325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47aee1f711175e062021-12-21 10:41:16.945root 11241100x8000000000000000406326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7427939d39acddeb2021-12-21 10:41:16.945root 11241100x8000000000000000406327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb4d9c3b4c4dd422021-12-21 10:41:16.945root 11241100x8000000000000000406328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d377394ecf4f24772021-12-21 10:41:16.945root 11241100x8000000000000000406329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e135b46c2976333b2021-12-21 10:41:16.945root 11241100x8000000000000000406330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9cbffca691f4e3b2021-12-21 10:41:16.945root 11241100x8000000000000000406331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee4dce92b17f86e32021-12-21 10:41:16.945root 11241100x8000000000000000406332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d00368f8521287212021-12-21 10:41:16.945root 11241100x8000000000000000406333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b84df0988eb398ea2021-12-21 10:41:16.945root 11241100x8000000000000000406334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba2ecbe068f4539f2021-12-21 10:41:16.945root 11241100x8000000000000000406335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.142663b0a7ea41742021-12-21 10:41:17.443root 11241100x8000000000000000406336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ac5b8e81e18f232021-12-21 10:41:17.443root 11241100x8000000000000000406337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83cb4b81655766252021-12-21 10:41:17.444root 11241100x8000000000000000406338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf95d3300beb0062021-12-21 10:41:17.444root 11241100x8000000000000000406339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b6003bf6c05dd92021-12-21 10:41:17.444root 11241100x8000000000000000406340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d49937b7c5b60412021-12-21 10:41:17.444root 11241100x8000000000000000406341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a34cdcd06582da42021-12-21 10:41:17.444root 11241100x8000000000000000406342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b4bf9cc4efd1892021-12-21 10:41:17.444root 11241100x8000000000000000406343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab636fff03a495cd2021-12-21 10:41:17.444root 11241100x8000000000000000406344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a5f35e78d0bb8c2021-12-21 10:41:17.444root 11241100x8000000000000000406345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.590abf5a344beefc2021-12-21 10:41:17.444root 11241100x8000000000000000406346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e72d413d0796132021-12-21 10:41:17.444root 11241100x8000000000000000406347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.355ca6324426e64a2021-12-21 10:41:17.445root 11241100x8000000000000000406348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f64e59606d83ae92021-12-21 10:41:17.445root 11241100x8000000000000000406349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ca9ed5450f587bc2021-12-21 10:41:17.445root 11241100x8000000000000000406350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d740ce74562cbbe2021-12-21 10:41:17.445root 11241100x8000000000000000406351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a740e4becf6b0f802021-12-21 10:41:17.445root 11241100x8000000000000000406352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9c06c72ce561612021-12-21 10:41:17.445root 11241100x8000000000000000406353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c70624b9afc58e2021-12-21 10:41:17.445root 11241100x8000000000000000406354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f86d47471af6402021-12-21 10:41:17.445root 11241100x8000000000000000406355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2757442651f19e882021-12-21 10:41:17.445root 11241100x8000000000000000406356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c15e906188db2e6a2021-12-21 10:41:17.445root 11241100x8000000000000000406357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e54744ad2379f08d2021-12-21 10:41:17.446root 11241100x8000000000000000406358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.680a2ba963acbc532021-12-21 10:41:17.446root 11241100x8000000000000000406359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83c748ac9a98fed72021-12-21 10:41:17.943root 11241100x8000000000000000406360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b8fdbd04135a002021-12-21 10:41:17.943root 11241100x8000000000000000406361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fce2fff279f1b602021-12-21 10:41:17.943root 11241100x8000000000000000406362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d385b3b24cebd9ce2021-12-21 10:41:17.943root 11241100x8000000000000000406363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fecfc213c3c46d822021-12-21 10:41:17.943root 11241100x8000000000000000406364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.586e2592199b6d562021-12-21 10:41:17.943root 11241100x8000000000000000406365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b91a692f918c29c2021-12-21 10:41:17.943root 11241100x8000000000000000406366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e6e32e6605bbd82021-12-21 10:41:17.943root 11241100x8000000000000000406367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.863e7c7742a09c142021-12-21 10:41:17.943root 11241100x8000000000000000406368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.019fb661b07d5b1f2021-12-21 10:41:17.943root 11241100x8000000000000000406369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e2ed5ff20f0145c2021-12-21 10:41:17.943root 11241100x8000000000000000406370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c7e1c1efb323f772021-12-21 10:41:17.944root 11241100x8000000000000000406371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d8df77f344d1f22021-12-21 10:41:17.944root 11241100x8000000000000000406372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a20afe8d96df1b6d2021-12-21 10:41:17.944root 11241100x8000000000000000406373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed9d89ea31b073822021-12-21 10:41:17.944root 11241100x8000000000000000406374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc1c01c1adf8b6522021-12-21 10:41:17.944root 11241100x8000000000000000406375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a843a8d2e3c58742021-12-21 10:41:17.944root 11241100x8000000000000000406376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa43ab3bb640ddd32021-12-21 10:41:17.944root 11241100x8000000000000000406377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc6839b409d581622021-12-21 10:41:17.944root 11241100x8000000000000000406378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f3be1bf425756c02021-12-21 10:41:17.944root 11241100x8000000000000000406379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb0ef6c0abb4ae522021-12-21 10:41:17.944root 11241100x8000000000000000406380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c454f38803fc820c2021-12-21 10:41:17.944root 11241100x8000000000000000406381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed825d653c25dc42021-12-21 10:41:17.945root 11241100x8000000000000000406382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c5f0fe5f22865392021-12-21 10:41:17.945root 11241100x8000000000000000406383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58bf9d82b17ba79e2021-12-21 10:41:18.442root 11241100x8000000000000000406384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8acfa31954d2c7e22021-12-21 10:41:18.443root 11241100x8000000000000000406385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8a9b5abcc50faf62021-12-21 10:41:18.443root 11241100x8000000000000000406386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7158ce0639a2b622021-12-21 10:41:18.443root 11241100x8000000000000000406387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08f57b6aa82f26962021-12-21 10:41:18.443root 11241100x8000000000000000406388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85bb9e33eab5f5b32021-12-21 10:41:18.443root 11241100x8000000000000000406389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5cd9eeaa6ac359e2021-12-21 10:41:18.443root 11241100x8000000000000000406390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3577f2f8ff06832021-12-21 10:41:18.443root 11241100x8000000000000000406391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.644f4ea3739264342021-12-21 10:41:18.443root 11241100x8000000000000000406392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62c54ca0a5945db02021-12-21 10:41:18.443root 11241100x8000000000000000406393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b0e6aa8f706429b2021-12-21 10:41:18.443root 11241100x8000000000000000406394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f51eca0e6cbbfcf02021-12-21 10:41:18.443root 11241100x8000000000000000406395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a4827c0407dbea12021-12-21 10:41:18.444root 11241100x8000000000000000406396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aae14b8a18b90492021-12-21 10:41:18.444root 11241100x8000000000000000406397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3db9bfc9fdae3572021-12-21 10:41:18.444root 11241100x8000000000000000406398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c152282f252da782021-12-21 10:41:18.444root 11241100x8000000000000000406399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a50fc12cbfb881c52021-12-21 10:41:18.444root 11241100x8000000000000000406400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.521855d5155329522021-12-21 10:41:18.445root 11241100x8000000000000000406401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.401adcd10faf653d2021-12-21 10:41:18.445root 11241100x8000000000000000406402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e8af7999dc24112021-12-21 10:41:18.445root 11241100x8000000000000000406403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b9cb704ab5e7b22021-12-21 10:41:18.445root 11241100x8000000000000000406404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ec9e09db525894e2021-12-21 10:41:18.446root 11241100x8000000000000000406405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe3f4f30bd4323e2021-12-21 10:41:18.446root 11241100x8000000000000000406406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0549ec355775b6cd2021-12-21 10:41:18.446root 11241100x8000000000000000406407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75bf2d11d696333e2021-12-21 10:41:18.447root 11241100x8000000000000000406408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cdd692c2d1c01f62021-12-21 10:41:18.447root 11241100x8000000000000000406409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce018eec10ecab12021-12-21 10:41:18.448root 11241100x8000000000000000406410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f34d76efc218ea22021-12-21 10:41:18.448root 11241100x8000000000000000406411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31218e4130b2a8402021-12-21 10:41:18.448root 11241100x8000000000000000406412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921613ee2266e8782021-12-21 10:41:18.448root 11241100x8000000000000000406413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47bb6cd606809bc82021-12-21 10:41:18.449root 11241100x8000000000000000406414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2afc3c8ca8f5b9842021-12-21 10:41:18.449root 11241100x8000000000000000406415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e547a4b6929838942021-12-21 10:41:18.449root 11241100x8000000000000000406416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.932c1269638d03872021-12-21 10:41:18.449root 11241100x8000000000000000406417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da77a549d27ebbaa2021-12-21 10:41:18.449root 11241100x8000000000000000406418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f08a893f63d6e662021-12-21 10:41:18.449root 11241100x8000000000000000406419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb6af8ef276bd9b42021-12-21 10:41:18.450root 11241100x8000000000000000406420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22cb234487767ce62021-12-21 10:41:18.450root 11241100x8000000000000000406421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd913d062b0c7ae62021-12-21 10:41:18.450root 11241100x8000000000000000406422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7463d038d99bf2922021-12-21 10:41:18.451root 11241100x8000000000000000406423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ec9038987e06a22021-12-21 10:41:18.451root 11241100x8000000000000000406424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c272d6f5e655352021-12-21 10:41:18.943root 11241100x8000000000000000406425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82dc7475226e6bc02021-12-21 10:41:18.943root 11241100x8000000000000000406426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57740cf696c385822021-12-21 10:41:18.943root 11241100x8000000000000000406427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.061851d7b6a5062a2021-12-21 10:41:18.943root 11241100x8000000000000000406428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d2c6e63e2b89852021-12-21 10:41:18.943root 11241100x8000000000000000406429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c2a226183bc78d2021-12-21 10:41:18.943root 11241100x8000000000000000406430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dafcf996cd0b145e2021-12-21 10:41:18.943root 11241100x8000000000000000406431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d6d206dffbab8e2021-12-21 10:41:18.943root 11241100x8000000000000000406432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc4b58f9a065ade2021-12-21 10:41:18.943root 11241100x8000000000000000406433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf49f1c922fbf792021-12-21 10:41:18.943root 11241100x8000000000000000406434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.607426085a9b59572021-12-21 10:41:18.944root 11241100x8000000000000000406435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04542add3bbeb82e2021-12-21 10:41:18.944root 11241100x8000000000000000406436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b82f79b305a494b2021-12-21 10:41:18.944root 11241100x8000000000000000406437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99c449e2f7b7f6fb2021-12-21 10:41:18.944root 11241100x8000000000000000406438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd6203e3fbd22fdf2021-12-21 10:41:18.944root 11241100x8000000000000000406439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.170e1dc2f20387a52021-12-21 10:41:18.944root 11241100x8000000000000000406440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f943a180fa70122021-12-21 10:41:18.944root 11241100x8000000000000000406441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e753ea3771c4752021-12-21 10:41:18.944root 11241100x8000000000000000406442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5fd07d0385940192021-12-21 10:41:18.944root 11241100x8000000000000000406443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93d734cd81caa3652021-12-21 10:41:18.944root 11241100x8000000000000000406444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be33a7b1ee7a74952021-12-21 10:41:18.944root 11241100x8000000000000000406445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea5857bb4a3b6b0d2021-12-21 10:41:18.945root 11241100x8000000000000000406446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc12feacc44a1922021-12-21 10:41:18.945root 11241100x8000000000000000406447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3838d27d1a18a392021-12-21 10:41:18.945root 11241100x8000000000000000406448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d556821301ae1132021-12-21 10:41:19.443root 11241100x8000000000000000406449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cea7e82d566fa9ee2021-12-21 10:41:19.443root 11241100x8000000000000000406450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e92bde9b95fdf82021-12-21 10:41:19.443root 11241100x8000000000000000406451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2419563d142e313d2021-12-21 10:41:19.443root 11241100x8000000000000000406452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.295fa14b2a6688a12021-12-21 10:41:19.444root 11241100x8000000000000000406453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10cb0cc018bd5f4e2021-12-21 10:41:19.444root 11241100x8000000000000000406454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11bcf66cdced828e2021-12-21 10:41:19.444root 11241100x8000000000000000406455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d408237d462f39fb2021-12-21 10:41:19.444root 11241100x8000000000000000406456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0aab6cc5979ce052021-12-21 10:41:19.444root 11241100x8000000000000000406457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe17684c0a2b2a22021-12-21 10:41:19.444root 11241100x8000000000000000406458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.960ad3d8f53702c02021-12-21 10:41:19.444root 11241100x8000000000000000406459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e05b5839b78c69f82021-12-21 10:41:19.444root 11241100x8000000000000000406460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76aea4f125610a442021-12-21 10:41:19.444root 11241100x8000000000000000406461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2bd91b3258ec7c52021-12-21 10:41:19.444root 11241100x8000000000000000406462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653bfae3dca932942021-12-21 10:41:19.444root 11241100x8000000000000000406463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.960c7e6638ef3b2e2021-12-21 10:41:19.444root 11241100x8000000000000000406464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.214da80f8dd526f42021-12-21 10:41:19.444root 11241100x8000000000000000406465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0956b88ae34803b32021-12-21 10:41:19.444root 11241100x8000000000000000406466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ab8e414eab33dbf2021-12-21 10:41:19.445root 11241100x8000000000000000406467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99595a0c11ce29f2021-12-21 10:41:19.445root 11241100x8000000000000000406468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb21ed17aada1ee2021-12-21 10:41:19.445root 11241100x8000000000000000406469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f4718c74b5196842021-12-21 10:41:19.445root 11241100x8000000000000000406470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d262c724f1698a82021-12-21 10:41:19.445root 11241100x8000000000000000406471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c062e3f9cfbbfaab2021-12-21 10:41:19.445root 11241100x8000000000000000406472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:19.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b51b4f284fe55732021-12-21 10:41:19.942root 11241100x8000000000000000406473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b9d55801d779ee2021-12-21 10:41:19.943root 11241100x8000000000000000406474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a57e6df9325d2dbc2021-12-21 10:41:19.943root 11241100x8000000000000000406475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be576c773d2ae292021-12-21 10:41:19.943root 11241100x8000000000000000406476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde693095f811d422021-12-21 10:41:19.943root 11241100x8000000000000000406477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42428a873d5422902021-12-21 10:41:19.943root 11241100x8000000000000000406478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9f90b7fc48e0ba32021-12-21 10:41:19.944root 11241100x8000000000000000406479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27909e19cad437952021-12-21 10:41:19.944root 11241100x8000000000000000406480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9459696c2e9098a32021-12-21 10:41:19.944root 11241100x8000000000000000406481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3353c470899f6df42021-12-21 10:41:19.944root 11241100x8000000000000000406482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.584b8d804df1bc732021-12-21 10:41:19.944root 11241100x8000000000000000406483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f51991da5c8653632021-12-21 10:41:19.945root 11241100x8000000000000000406484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24f324bf9394854b2021-12-21 10:41:19.945root 11241100x8000000000000000406485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54977d0418a01e272021-12-21 10:41:19.945root 11241100x8000000000000000406486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b571b57d7157d122021-12-21 10:41:19.945root 11241100x8000000000000000406487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c57b3e563c13b9b2021-12-21 10:41:19.945root 11241100x8000000000000000406488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61d2b58d728b93e72021-12-21 10:41:19.945root 11241100x8000000000000000406489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b3688b6469b09532021-12-21 10:41:19.945root 11241100x8000000000000000406490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90906ca43ec79bb92021-12-21 10:41:19.945root 11241100x8000000000000000406491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4fffa872088cf4e2021-12-21 10:41:19.945root 11241100x8000000000000000406492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de84c55c62d42172021-12-21 10:41:19.945root 11241100x8000000000000000406493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d3ddee77533a3e2021-12-21 10:41:19.945root 11241100x8000000000000000406494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d22a97ea8796dde2021-12-21 10:41:19.945root 11241100x8000000000000000406495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327632886614f43f2021-12-21 10:41:19.946root 11241100x8000000000000000406496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b06538e9792389a82021-12-21 10:41:19.946root 11241100x8000000000000000406497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52afce146d59820c2021-12-21 10:41:19.946root 11241100x8000000000000000406498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.214142f882090c152021-12-21 10:41:19.946root 11241100x8000000000000000406499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ab0de00b8bf1c1b2021-12-21 10:41:19.946root 11241100x8000000000000000406500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5848269e5412ebe92021-12-21 10:41:19.946root 11241100x8000000000000000406501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc03af9102b97c52021-12-21 10:41:20.443root 11241100x8000000000000000406502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b2d48290ac05d222021-12-21 10:41:20.443root 11241100x8000000000000000406503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.551425cd502ce5172021-12-21 10:41:20.443root 11241100x8000000000000000406504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fef311ca3c20536b2021-12-21 10:41:20.443root 11241100x8000000000000000406505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d74cc96a4bb943a02021-12-21 10:41:20.443root 11241100x8000000000000000406506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c6e83787d2d33612021-12-21 10:41:20.443root 11241100x8000000000000000406507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b9cebde6cfdde272021-12-21 10:41:20.443root 11241100x8000000000000000406508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dc210663b87073b2021-12-21 10:41:20.443root 11241100x8000000000000000406509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a00608ed8d7dfdb2021-12-21 10:41:20.443root 11241100x8000000000000000406510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.951f2aabc51cf2a22021-12-21 10:41:20.443root 11241100x8000000000000000406511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27fa4578e8ae66ee2021-12-21 10:41:20.443root 11241100x8000000000000000406512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a01d8a031d39a82021-12-21 10:41:20.444root 11241100x8000000000000000406513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f34eda9963e3f1602021-12-21 10:41:20.444root 11241100x8000000000000000406514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b6db18fea0796b2021-12-21 10:41:20.444root 11241100x8000000000000000406515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edce3d543a176d572021-12-21 10:41:20.444root 11241100x8000000000000000406516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa80a921ae33df82021-12-21 10:41:20.444root 11241100x8000000000000000406517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.818e40ed87ec74b72021-12-21 10:41:20.444root 11241100x8000000000000000406518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa20850aa5f3148d2021-12-21 10:41:20.444root 11241100x8000000000000000406519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b48582f97ba16382021-12-21 10:41:20.444root 11241100x8000000000000000406520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.159f48f21e2d5ce32021-12-21 10:41:20.444root 11241100x8000000000000000406521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5490e7f88553cbb02021-12-21 10:41:20.444root 11241100x8000000000000000406522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6192caffdd6cd1192021-12-21 10:41:20.444root 11241100x8000000000000000406523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.727d7ef4ec25388a2021-12-21 10:41:20.444root 11241100x8000000000000000406524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca28bdd80c2388b2021-12-21 10:41:20.445root 11241100x8000000000000000406525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3187b60010508642021-12-21 10:41:20.445root 11241100x8000000000000000406526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081daad40833aed82021-12-21 10:41:20.445root 11241100x8000000000000000406527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d16879362595dc572021-12-21 10:41:20.445root 11241100x8000000000000000406528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a7df39dbd3c44e22021-12-21 10:41:20.445root 11241100x8000000000000000406529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a87f899b1d59742021-12-21 10:41:20.445root 11241100x8000000000000000406530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4392ddc24020e3622021-12-21 10:41:20.445root 11241100x8000000000000000406531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ba3cf165a1cdc12021-12-21 10:41:20.445root 11241100x8000000000000000406532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7850f809fb66ab2021-12-21 10:41:20.445root 11241100x8000000000000000406533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe523705462bd3942021-12-21 10:41:20.445root 11241100x8000000000000000406534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6289468ce4c92d62021-12-21 10:41:20.445root 11241100x8000000000000000406535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f41d087da5cf1a2021-12-21 10:41:20.445root 11241100x8000000000000000406536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3115f8602570cde12021-12-21 10:41:20.445root 11241100x8000000000000000406537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.588b5cb19fe5d65f2021-12-21 10:41:20.446root 11241100x8000000000000000406538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1512183f4fc63a422021-12-21 10:41:20.446root 11241100x8000000000000000406539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa2056bec285700d2021-12-21 10:41:20.446root 11241100x8000000000000000406540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69a73c8bc9509e362021-12-21 10:41:20.446root 11241100x8000000000000000406541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.719ba4fe2c74cf342021-12-21 10:41:20.446root 11241100x8000000000000000406542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12cfd920f14276c02021-12-21 10:41:20.446root 11241100x8000000000000000406543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.497b6d4c5470c1712021-12-21 10:41:20.446root 11241100x8000000000000000406544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae6cb8ffee074dff2021-12-21 10:41:20.446root 11241100x8000000000000000406545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca033e2ba84490332021-12-21 10:41:20.446root 11241100x8000000000000000406546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de532c0ee9c0c3802021-12-21 10:41:20.446root 11241100x8000000000000000406547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.182af3ab0359eda52021-12-21 10:41:20.446root 11241100x8000000000000000406548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee9c7017d9602302021-12-21 10:41:20.447root 11241100x8000000000000000406549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a2603640e707f092021-12-21 10:41:20.447root 11241100x8000000000000000406550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb5d9ee71b7703f2021-12-21 10:41:20.447root 11241100x8000000000000000406551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1adf9f17bd724d52021-12-21 10:41:20.447root 11241100x8000000000000000406552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de67787228a485382021-12-21 10:41:20.447root 11241100x8000000000000000406553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f9676cad71ca8412021-12-21 10:41:20.447root 11241100x8000000000000000406554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa728f1ec7bbf67f2021-12-21 10:41:20.447root 11241100x8000000000000000406555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d71559f3511529dc2021-12-21 10:41:20.447root 11241100x8000000000000000406556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a9afd0b79541db52021-12-21 10:41:20.447root 11241100x8000000000000000406557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6264d31788cbbeaf2021-12-21 10:41:20.448root 11241100x8000000000000000406558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44cc07a8b0665d372021-12-21 10:41:20.448root 11241100x8000000000000000406559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce375088f4dfd4822021-12-21 10:41:20.448root 11241100x8000000000000000406560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f49dfa1ea03fee2021-12-21 10:41:20.448root 11241100x8000000000000000406561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9918dd3b7a3458a2021-12-21 10:41:20.448root 11241100x8000000000000000406562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.447e47916897d1f82021-12-21 10:41:20.448root 11241100x8000000000000000406563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d26d628c1ea5c842021-12-21 10:41:20.448root 11241100x8000000000000000406564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.048717d3ed5347b92021-12-21 10:41:20.449root 11241100x8000000000000000406565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c695b59f8007a5a2021-12-21 10:41:20.449root 11241100x8000000000000000406566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc0a3c00cd9483922021-12-21 10:41:20.449root 11241100x8000000000000000406567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1817f5265ea21202021-12-21 10:41:20.449root 11241100x8000000000000000406568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065f80ff1c2c03e32021-12-21 10:41:20.449root 11241100x8000000000000000406569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ca594fa03e618032021-12-21 10:41:20.449root 11241100x8000000000000000406570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8503838790d2165d2021-12-21 10:41:20.449root 11241100x8000000000000000406571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95337cad11ce73022021-12-21 10:41:20.450root 11241100x8000000000000000406572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa38ae74c873afd92021-12-21 10:41:20.450root 11241100x8000000000000000406573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c93f1f94b8f034a02021-12-21 10:41:20.450root 11241100x8000000000000000406574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82ce10594540a7e2021-12-21 10:41:20.450root 11241100x8000000000000000406575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b837855cdbdb632021-12-21 10:41:20.450root 11241100x8000000000000000406576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36357d610cee8b2e2021-12-21 10:41:20.450root 11241100x8000000000000000406577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e1870cb19d1488c2021-12-21 10:41:20.450root 11241100x8000000000000000406578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13689718a277cae82021-12-21 10:41:20.450root 11241100x8000000000000000406579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d503a5defb54113a2021-12-21 10:41:20.451root 11241100x8000000000000000406580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22eccd0e36ea32322021-12-21 10:41:20.451root 11241100x8000000000000000406581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a48c485b2be06e3a2021-12-21 10:41:20.451root 11241100x8000000000000000406582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad15db9deee3fe872021-12-21 10:41:20.452root 11241100x8000000000000000406583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b46db1a7d2ff88e92021-12-21 10:41:20.452root 11241100x8000000000000000406584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f836ff439f2abe72021-12-21 10:41:20.452root 11241100x8000000000000000406585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f871ca041e1c7a2021-12-21 10:41:20.452root 11241100x8000000000000000406586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a71da5ad251ffc4b2021-12-21 10:41:20.453root 11241100x8000000000000000406587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99f2965e5bd5a7e2021-12-21 10:41:20.453root 11241100x8000000000000000406588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.436bed9a67f9d64f2021-12-21 10:41:20.453root 11241100x8000000000000000406589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa11034fc1cabe22021-12-21 10:41:20.453root 11241100x8000000000000000406590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1658de0efedca4cd2021-12-21 10:41:20.453root 11241100x8000000000000000406591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.668eb12573ced37e2021-12-21 10:41:20.454root 11241100x8000000000000000406592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bf378d8d61a83ef2021-12-21 10:41:20.943root 11241100x8000000000000000406593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba50d0ebfc9850e62021-12-21 10:41:20.943root 11241100x8000000000000000406594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac59ef91b71e6dcb2021-12-21 10:41:20.944root 11241100x8000000000000000406595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d26202dc66f78e5d2021-12-21 10:41:20.944root 11241100x8000000000000000406596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc48256dfc69432d2021-12-21 10:41:20.944root 11241100x8000000000000000406597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8229b09b4a8130db2021-12-21 10:41:20.944root 11241100x8000000000000000406598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57de09020514d7522021-12-21 10:41:20.944root 11241100x8000000000000000406599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8bc03cc99f250c22021-12-21 10:41:20.944root 11241100x8000000000000000406600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0ebd22b8cfdc7f2021-12-21 10:41:20.945root 11241100x8000000000000000406601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a65b773f751ab0a2021-12-21 10:41:20.945root 11241100x8000000000000000406602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d5e593a469c42e2021-12-21 10:41:20.945root 11241100x8000000000000000406603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60782244c54ad9862021-12-21 10:41:20.945root 11241100x8000000000000000406604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0dc00e8097b8b472021-12-21 10:41:20.945root 11241100x8000000000000000406605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4ced4a3711391b62021-12-21 10:41:20.945root 11241100x8000000000000000406606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d13fffc00e049592021-12-21 10:41:20.945root 11241100x8000000000000000406607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f7403ff70fdabd2021-12-21 10:41:20.946root 11241100x8000000000000000406608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de871ac2d9bf10f72021-12-21 10:41:20.946root 11241100x8000000000000000406609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f16ab83cc7d08e432021-12-21 10:41:20.946root 11241100x8000000000000000406610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcd1062292f2c5f52021-12-21 10:41:20.946root 11241100x8000000000000000406611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8d75ab92f2be2d22021-12-21 10:41:20.946root 11241100x8000000000000000406612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f1d06e41d1c49c2021-12-21 10:41:20.946root 11241100x8000000000000000406613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e80997ad5c81d0752021-12-21 10:41:20.946root 11241100x8000000000000000406614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1600bfe41da3c3732021-12-21 10:41:20.946root 11241100x8000000000000000406615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c5c352d874006bd2021-12-21 10:41:20.946root 11241100x8000000000000000406616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f54e3459478a762021-12-21 10:41:20.946root 354300x8000000000000000406617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:21.223{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47458-false10.0.1.12-8000- 11241100x8000000000000000406618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:21.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b9602862fb075d32021-12-21 10:41:21.223root 11241100x8000000000000000406619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:21.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8dcb070f8af99b32021-12-21 10:41:21.223root 11241100x8000000000000000406620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:21.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59aa7840344f880b2021-12-21 10:41:21.223root 11241100x8000000000000000406621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:21.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1385210b6f2110702021-12-21 10:41:21.223root 11241100x8000000000000000406622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:21.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e84ad3081fd772072021-12-21 10:41:21.224root 11241100x8000000000000000406623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:21.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4df68308a8bb18c2021-12-21 10:41:21.224root 11241100x8000000000000000406624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:21.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab35e5f7443a991c2021-12-21 10:41:21.224root 11241100x8000000000000000406625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:21.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.124485e091fb04112021-12-21 10:41:21.224root 11241100x8000000000000000406626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:21.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ee6f4e202f8b6f52021-12-21 10:41:21.224root 11241100x8000000000000000406627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:21.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b251b943df37d092021-12-21 10:41:21.224root 11241100x8000000000000000406628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:21.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d39b1fcb2906222021-12-21 10:41:21.224root 11241100x8000000000000000406629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:21.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06316c51de9b71cd2021-12-21 10:41:21.224root 11241100x8000000000000000406630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:21.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.178d45ea330bd0b82021-12-21 10:41:21.224root 11241100x8000000000000000406631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:21.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889b502ca394e9452021-12-21 10:41:21.224root 11241100x8000000000000000406632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:21.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3507d26cb23063932021-12-21 10:41:21.224root 11241100x8000000000000000406633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:21.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fe5b1434c103a162021-12-21 10:41:21.224root 11241100x8000000000000000406634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:21.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4ebee1df04716292021-12-21 10:41:21.224root 11241100x8000000000000000406635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:21.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44734e84b334e6dc2021-12-21 10:41:21.224root 11241100x8000000000000000406636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:21.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e760bba243a29162021-12-21 10:41:21.224root 11241100x8000000000000000406637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:21.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b3e226f5ecf46c52021-12-21 10:41:21.224root 11241100x8000000000000000406638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:21.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aee8246ad79b0c62021-12-21 10:41:21.225root 11241100x8000000000000000406639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:21.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a6159fab2634152021-12-21 10:41:21.225root 11241100x8000000000000000406640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:21.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a08e5c76e56dba22021-12-21 10:41:21.225root 11241100x8000000000000000406641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:21.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc1aa923ac0f7492021-12-21 10:41:21.225root 11241100x8000000000000000406642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:21.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f7470963e90bc052021-12-21 10:41:21.225root 11241100x8000000000000000406643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb95dc1365f10ca82021-12-21 10:41:21.693root 11241100x8000000000000000406644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ed0199aeb881d22021-12-21 10:41:21.693root 11241100x8000000000000000406645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90cdecda1d611b712021-12-21 10:41:21.693root 11241100x8000000000000000406646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cc3e90c6530d6162021-12-21 10:41:21.693root 11241100x8000000000000000406647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae671c41624667b2021-12-21 10:41:21.693root 11241100x8000000000000000406648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8f2fe6fc2dbe8c82021-12-21 10:41:21.693root 11241100x8000000000000000406649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf046adb895f2ab02021-12-21 10:41:21.694root 11241100x8000000000000000406650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29d5e270d59838452021-12-21 10:41:21.694root 11241100x8000000000000000406651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e06b9e3c13ef5a2021-12-21 10:41:21.694root 11241100x8000000000000000406652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a7fe1a38d9446432021-12-21 10:41:21.695root 11241100x8000000000000000406653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eab16c3e7070a18c2021-12-21 10:41:21.695root 11241100x8000000000000000406654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a0b01168db148402021-12-21 10:41:21.695root 11241100x8000000000000000406655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1718ec387754f73e2021-12-21 10:41:21.695root 11241100x8000000000000000406656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a89a104e0d1b91c82021-12-21 10:41:21.695root 11241100x8000000000000000406657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:21.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4334f09147c3ec12021-12-21 10:41:21.696root 11241100x8000000000000000406658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:21.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feae3707738e9df32021-12-21 10:41:21.696root 11241100x8000000000000000406659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:21.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cee2d0c13e0bc912021-12-21 10:41:21.696root 11241100x8000000000000000406660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:21.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db13dd87d24753ec2021-12-21 10:41:21.696root 11241100x8000000000000000406661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:21.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81261c5c9bed78252021-12-21 10:41:21.696root 11241100x8000000000000000406662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:21.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e796ff8c3594352021-12-21 10:41:21.696root 11241100x8000000000000000406663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:21.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f0306a55a1e1e12021-12-21 10:41:21.696root 11241100x8000000000000000406664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:21.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbe48f3da05392ca2021-12-21 10:41:21.696root 11241100x8000000000000000406665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:21.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.929932c21b7ae4802021-12-21 10:41:21.696root 11241100x8000000000000000406666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:21.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd6b2eade0a1e5052021-12-21 10:41:21.696root 11241100x8000000000000000406667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:21.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e3fc094e5a91a272021-12-21 10:41:21.696root 11241100x8000000000000000406668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:21.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05c334732e298af72021-12-21 10:41:21.697root 11241100x8000000000000000406669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d953bcdb249e8c7e2021-12-21 10:41:22.193root 11241100x8000000000000000406670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f76cd758b8755f2021-12-21 10:41:22.193root 11241100x8000000000000000406671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50fbbfe97715f2792021-12-21 10:41:22.193root 11241100x8000000000000000406672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d74eb01ecce56cf2021-12-21 10:41:22.193root 11241100x8000000000000000406673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e7bdb1355ecea3f2021-12-21 10:41:22.194root 11241100x8000000000000000406674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95e5bfffff3284d92021-12-21 10:41:22.194root 11241100x8000000000000000406675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f6ff0cead8ef8c2021-12-21 10:41:22.194root 11241100x8000000000000000406676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed62990092171ceb2021-12-21 10:41:22.194root 11241100x8000000000000000406677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a5899d2986884552021-12-21 10:41:22.194root 11241100x8000000000000000406678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.930c5e02973099b12021-12-21 10:41:22.194root 11241100x8000000000000000406679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bad5743c20c692a72021-12-21 10:41:22.194root 11241100x8000000000000000406680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f66e29e0834abf2021-12-21 10:41:22.194root 11241100x8000000000000000406681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c51cdf5634a350592021-12-21 10:41:22.194root 11241100x8000000000000000406682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b7784bb0114b9032021-12-21 10:41:22.194root 11241100x8000000000000000406683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f21ac6c38f2272a2021-12-21 10:41:22.194root 11241100x8000000000000000406684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22db5fe12e6f03f82021-12-21 10:41:22.194root 11241100x8000000000000000406685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b5b96ef98c6a892021-12-21 10:41:22.195root 11241100x8000000000000000406686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e1834cffa23ecae2021-12-21 10:41:22.195root 11241100x8000000000000000406687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f35c0e1ad20eb8a2021-12-21 10:41:22.195root 11241100x8000000000000000406688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b7ff723a0a5a262021-12-21 10:41:22.195root 11241100x8000000000000000406689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed512b17d2c12abe2021-12-21 10:41:22.195root 11241100x8000000000000000406690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea667bd12c404ed2021-12-21 10:41:22.195root 11241100x8000000000000000406691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8233583f8cbfab702021-12-21 10:41:22.195root 11241100x8000000000000000406692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.919e848fd35394432021-12-21 10:41:22.195root 11241100x8000000000000000406693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40cdc9f669936c332021-12-21 10:41:22.195root 11241100x8000000000000000406694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d7f0be7962efb92021-12-21 10:41:22.693root 11241100x8000000000000000406695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c373537d41092f2021-12-21 10:41:22.693root 11241100x8000000000000000406696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c20d993caa9b17a2021-12-21 10:41:22.693root 11241100x8000000000000000406697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be5036381fe00ba2021-12-21 10:41:22.693root 11241100x8000000000000000406698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2104b5c3d8f5f6752021-12-21 10:41:22.693root 11241100x8000000000000000406699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d9cc92fc7740eb72021-12-21 10:41:22.693root 11241100x8000000000000000406700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09150ba090db3b8e2021-12-21 10:41:22.693root 11241100x8000000000000000406701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae520b3855b9b7ba2021-12-21 10:41:22.693root 11241100x8000000000000000406702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32035a4ce82912cb2021-12-21 10:41:22.693root 11241100x8000000000000000406703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c5f521fc50624e2021-12-21 10:41:22.693root 11241100x8000000000000000406704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c14170885b58222021-12-21 10:41:22.694root 11241100x8000000000000000406705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f551170c22b6f2822021-12-21 10:41:22.694root 11241100x8000000000000000406706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b10a5e897ec756e2021-12-21 10:41:22.694root 11241100x8000000000000000406707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6d7b062962c026e2021-12-21 10:41:22.694root 11241100x8000000000000000406708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e21d5e1d7bef1c542021-12-21 10:41:22.694root 11241100x8000000000000000406709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a21bfb3705f25f082021-12-21 10:41:22.694root 11241100x8000000000000000406710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f03ae6a888c675792021-12-21 10:41:22.694root 11241100x8000000000000000406711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17139f6a2e7b1abb2021-12-21 10:41:22.694root 11241100x8000000000000000406712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29527e78360cc80f2021-12-21 10:41:22.694root 11241100x8000000000000000406713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc27ec7d79fdd8b52021-12-21 10:41:22.694root 11241100x8000000000000000406714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e035b36a7da138822021-12-21 10:41:22.694root 11241100x8000000000000000406715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ff359f3e38ba1f2021-12-21 10:41:22.694root 11241100x8000000000000000406716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c81387472dad462021-12-21 10:41:22.695root 11241100x8000000000000000406717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e599f306475887a82021-12-21 10:41:22.695root 11241100x8000000000000000406718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c138eeb1472871c2021-12-21 10:41:22.695root 11241100x8000000000000000406719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcddc44182a9311e2021-12-21 10:41:22.695root 11241100x8000000000000000406720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8928f442a9248d002021-12-21 10:41:22.695root 11241100x8000000000000000406721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189880971dfc02d02021-12-21 10:41:22.695root 11241100x8000000000000000406722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b0cc4b1d94135a2021-12-21 10:41:22.695root 11241100x8000000000000000406723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b4ad830f67d53272021-12-21 10:41:22.695root 11241100x8000000000000000406724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1858c044e714ace2021-12-21 10:41:22.695root 11241100x8000000000000000406725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d4bb13b18db5772021-12-21 10:41:22.695root 11241100x8000000000000000406726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d832f726ced2102021-12-21 10:41:22.696root 11241100x8000000000000000406727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3927d8a60965e02021-12-21 10:41:22.696root 11241100x8000000000000000406728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476ec163e521baec2021-12-21 10:41:22.696root 11241100x8000000000000000406729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2dec8dcd6da52d72021-12-21 10:41:22.696root 11241100x8000000000000000406730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d0e4eb2759590172021-12-21 10:41:22.696root 11241100x8000000000000000406731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b2620ea7f2163d2021-12-21 10:41:22.696root 11241100x8000000000000000406732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd9556a0e1fc23a02021-12-21 10:41:22.696root 11241100x8000000000000000406733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51bbfd171623a77f2021-12-21 10:41:22.696root 11241100x8000000000000000406734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3cae36af0c536602021-12-21 10:41:22.696root 11241100x8000000000000000406735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4562abf352d450bf2021-12-21 10:41:22.696root 11241100x8000000000000000406736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b455632a81d350cb2021-12-21 10:41:22.696root 11241100x8000000000000000406737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73345ede0b85391b2021-12-21 10:41:22.697root 11241100x8000000000000000406738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15312c20f81d85e12021-12-21 10:41:22.697root 11241100x8000000000000000406739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7fa37c659cd1b952021-12-21 10:41:22.697root 11241100x8000000000000000406740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f10e38f8ae9249e2021-12-21 10:41:22.697root 11241100x8000000000000000406741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbcb11398a39773c2021-12-21 10:41:22.697root 11241100x8000000000000000406742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.726ddda0deca252b2021-12-21 10:41:22.697root 11241100x8000000000000000406743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28efa447a644de122021-12-21 10:41:22.697root 11241100x8000000000000000406744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb4f374e72839f532021-12-21 10:41:22.698root 11241100x8000000000000000406745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6271cea4b9d762d2021-12-21 10:41:22.698root 11241100x8000000000000000406746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bdc8d9d8f4123cc2021-12-21 10:41:22.698root 11241100x8000000000000000406747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.559646641798924d2021-12-21 10:41:22.698root 11241100x8000000000000000406748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.365eedd3209af8ed2021-12-21 10:41:22.698root 11241100x8000000000000000406749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5abc67fcdccf7ee32021-12-21 10:41:22.698root 11241100x8000000000000000406750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b479d24206584b2021-12-21 10:41:22.698root 11241100x8000000000000000406751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4e4ffb0a7c8089b2021-12-21 10:41:22.698root 11241100x8000000000000000406752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d1b196723ce91822021-12-21 10:41:22.698root 11241100x8000000000000000406753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d3c9106300f2a172021-12-21 10:41:22.699root 11241100x8000000000000000406754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aadad027b39c5392021-12-21 10:41:22.699root 11241100x8000000000000000406755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.959b7ad5c6db5ffd2021-12-21 10:41:22.699root 11241100x8000000000000000406756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4584aca4ebf2a43f2021-12-21 10:41:22.699root 11241100x8000000000000000406757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04198205957a65ce2021-12-21 10:41:22.699root 11241100x8000000000000000406758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939b3a4376e5eac72021-12-21 10:41:22.699root 11241100x8000000000000000406759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f5ae1ebc4548bd82021-12-21 10:41:22.699root 11241100x8000000000000000406760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e92e2403dbf0f792021-12-21 10:41:22.699root 11241100x8000000000000000406761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16338a680ea6e832021-12-21 10:41:22.699root 11241100x8000000000000000406762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e0ab574c5f498232021-12-21 10:41:22.699root 11241100x8000000000000000406763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6343fee64eab2d172021-12-21 10:41:22.699root 11241100x8000000000000000406764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57343af666b7096e2021-12-21 10:41:22.700root 11241100x8000000000000000406765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:22.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9478153ef3e230622021-12-21 10:41:22.700root 11241100x8000000000000000406766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a7b61cf84587102021-12-21 10:41:23.193root 11241100x8000000000000000406767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6559a9e703c1fb62021-12-21 10:41:23.193root 11241100x8000000000000000406768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff769359f1355df92021-12-21 10:41:23.193root 11241100x8000000000000000406769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea74cc6ca087af4d2021-12-21 10:41:23.193root 11241100x8000000000000000406770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca429e25e6d3a8932021-12-21 10:41:23.193root 11241100x8000000000000000406771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a8d036dcdd69c412021-12-21 10:41:23.194root 11241100x8000000000000000406772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c315f709f725cf5a2021-12-21 10:41:23.194root 11241100x8000000000000000406773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781b1654e8de5d972021-12-21 10:41:23.194root 11241100x8000000000000000406774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30dfc91d6117e2082021-12-21 10:41:23.194root 11241100x8000000000000000406775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4e3bfa5bee64e82021-12-21 10:41:23.194root 11241100x8000000000000000406776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68eadca4c76f092d2021-12-21 10:41:23.194root 11241100x8000000000000000406777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d82f2969d0dda3a2021-12-21 10:41:23.194root 11241100x8000000000000000406778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05fb9a098deb3ce72021-12-21 10:41:23.194root 11241100x8000000000000000406779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3723e20d5635c4222021-12-21 10:41:23.194root 11241100x8000000000000000406780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d47516ee90e9cd072021-12-21 10:41:23.195root 11241100x8000000000000000406781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f978938b298f7a2021-12-21 10:41:23.195root 11241100x8000000000000000406782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e2e935712147c92021-12-21 10:41:23.195root 11241100x8000000000000000406783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a5cd69c67c391e42021-12-21 10:41:23.195root 11241100x8000000000000000406784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe377a1d5243f502021-12-21 10:41:23.195root 11241100x8000000000000000406785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5d4e8246f380b392021-12-21 10:41:23.195root 11241100x8000000000000000406786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de5e9c584ef796a02021-12-21 10:41:23.195root 11241100x8000000000000000406787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a134c8d8f61981022021-12-21 10:41:23.195root 11241100x8000000000000000406788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0bdd4606d3972572021-12-21 10:41:23.196root 11241100x8000000000000000406789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d0583a1ba4e8db2021-12-21 10:41:23.196root 11241100x8000000000000000406790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.277e5919b3b227802021-12-21 10:41:23.196root 11241100x8000000000000000406791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f848e54f69e9312021-12-21 10:41:23.196root 11241100x8000000000000000406792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0444e76f7916c062021-12-21 10:41:23.196root 11241100x8000000000000000406793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42553b258d39bb3c2021-12-21 10:41:23.196root 11241100x8000000000000000406794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddfde93376e34e432021-12-21 10:41:23.197root 11241100x8000000000000000406795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cadac1826811c1862021-12-21 10:41:23.197root 11241100x8000000000000000406796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32c10b381bf2512c2021-12-21 10:41:23.197root 11241100x8000000000000000406797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0649e773060314482021-12-21 10:41:23.197root 11241100x8000000000000000406798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c59412440612a282021-12-21 10:41:23.197root 11241100x8000000000000000406799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.724c9442a75e69e22021-12-21 10:41:23.197root 11241100x8000000000000000406800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c0995c099f37152021-12-21 10:41:23.197root 11241100x8000000000000000406801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6768771a9f1a90c32021-12-21 10:41:23.197root 11241100x8000000000000000406802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ce504de7f3d01842021-12-21 10:41:23.197root 11241100x8000000000000000406803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0411035558e58a92021-12-21 10:41:23.197root 11241100x8000000000000000406804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5436569644c64a9a2021-12-21 10:41:23.693root 11241100x8000000000000000406805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f442baa9d739be2021-12-21 10:41:23.693root 11241100x8000000000000000406806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c08fb9a44470e2202021-12-21 10:41:23.693root 11241100x8000000000000000406807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.984a96828826df032021-12-21 10:41:23.693root 11241100x8000000000000000406808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c74c71e78943c5682021-12-21 10:41:23.693root 11241100x8000000000000000406809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c826132d041509a22021-12-21 10:41:23.693root 11241100x8000000000000000406810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ae40cf4c1936862021-12-21 10:41:23.693root 11241100x8000000000000000406811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f700312edfe8d3d32021-12-21 10:41:23.693root 11241100x8000000000000000406812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e5abfa6579faf992021-12-21 10:41:23.694root 11241100x8000000000000000406813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7e4d7e845a007d12021-12-21 10:41:23.694root 11241100x8000000000000000406814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4ae321aaa6c984c2021-12-21 10:41:23.694root 11241100x8000000000000000406815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ecd9e74a15f2ee2021-12-21 10:41:23.694root 11241100x8000000000000000406816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68fffde5a87918762021-12-21 10:41:23.694root 11241100x8000000000000000406817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ee9437a8289c65e2021-12-21 10:41:23.694root 11241100x8000000000000000406818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e730fc0a9c4d91382021-12-21 10:41:23.694root 11241100x8000000000000000406819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990965cc0d7692bc2021-12-21 10:41:23.694root 11241100x8000000000000000406820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4fd8f5ec5b3f64e2021-12-21 10:41:23.694root 11241100x8000000000000000406821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52592c65067522512021-12-21 10:41:23.694root 11241100x8000000000000000406822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.538cf6ceb1d7c54a2021-12-21 10:41:23.694root 11241100x8000000000000000406823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adcd4194f1105efb2021-12-21 10:41:23.695root 11241100x8000000000000000406824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4dcd77e63908bf52021-12-21 10:41:23.695root 11241100x8000000000000000406825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c1305eca8c05382021-12-21 10:41:23.695root 11241100x8000000000000000406826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e00e48df45e2b2012021-12-21 10:41:23.695root 11241100x8000000000000000406827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d23bee4da9981c8a2021-12-21 10:41:23.695root 11241100x8000000000000000406828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca1c0728f34e20402021-12-21 10:41:23.695root 11241100x8000000000000000406829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a4976deae831c632021-12-21 10:41:23.695root 11241100x8000000000000000406830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a208cf2d270bd82021-12-21 10:41:23.695root 11241100x8000000000000000406831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24596731d09f5ac02021-12-21 10:41:23.696root 11241100x8000000000000000406832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8536706fe794125f2021-12-21 10:41:23.696root 11241100x8000000000000000406833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f3538188a0ad8052021-12-21 10:41:23.696root 11241100x8000000000000000406834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bfc794872ed27212021-12-21 10:41:23.696root 11241100x8000000000000000406835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85a9865fa090a1d22021-12-21 10:41:23.696root 11241100x8000000000000000406836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c9d2cdcd9a8eec2021-12-21 10:41:23.696root 11241100x8000000000000000406837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da69d23cf925c5402021-12-21 10:41:23.696root 11241100x8000000000000000406838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13dfe5fff6a2f30e2021-12-21 10:41:23.696root 11241100x8000000000000000406839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f5a04e5d7c6daae2021-12-21 10:41:23.697root 11241100x8000000000000000406840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.592c46bbf4ce17992021-12-21 10:41:23.697root 11241100x8000000000000000406841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f928277aa842a03d2021-12-21 10:41:23.697root 11241100x8000000000000000406842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77de9d6b0c09395c2021-12-21 10:41:23.697root 11241100x8000000000000000406843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db483ab13e545232021-12-21 10:41:23.697root 11241100x8000000000000000406844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e559ec41627404d2021-12-21 10:41:23.697root 11241100x8000000000000000406845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c6ae2791daeadd2021-12-21 10:41:23.698root 11241100x8000000000000000406846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd86890b4c6088902021-12-21 10:41:23.698root 11241100x8000000000000000406847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5050e9816e3a217e2021-12-21 10:41:23.698root 11241100x8000000000000000406848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad70bbee6ae995b2021-12-21 10:41:23.698root 11241100x8000000000000000406849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d9853811e3f3502021-12-21 10:41:23.699root 11241100x8000000000000000406850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e6595bb2e1985bd2021-12-21 10:41:23.699root 11241100x8000000000000000406851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f250ee9c54c83bb2021-12-21 10:41:23.699root 11241100x8000000000000000406852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c16708fd65c27fa2021-12-21 10:41:23.699root 11241100x8000000000000000406853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91fe750ba4a06cb62021-12-21 10:41:23.699root 11241100x8000000000000000406854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02a39cdbda8606a02021-12-21 10:41:23.700root 11241100x8000000000000000406855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:23.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93ad4a1147075602021-12-21 10:41:23.700root 11241100x8000000000000000406856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7347f756e79b76f92021-12-21 10:41:24.193root 11241100x8000000000000000406857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.145539ed638ad0b62021-12-21 10:41:24.193root 11241100x8000000000000000406858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f69648d836d2e52021-12-21 10:41:24.193root 11241100x8000000000000000406859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cacfe5415fe2328b2021-12-21 10:41:24.193root 11241100x8000000000000000406860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b80ee9f7e7e32bd12021-12-21 10:41:24.194root 11241100x8000000000000000406861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64cc479ea8e858ce2021-12-21 10:41:24.194root 11241100x8000000000000000406862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3abd61c4280671a32021-12-21 10:41:24.194root 11241100x8000000000000000406863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136847c3e0e016eb2021-12-21 10:41:24.194root 11241100x8000000000000000406864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8b66ba05f79d952021-12-21 10:41:24.194root 11241100x8000000000000000406865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c9e1ce50c90f562021-12-21 10:41:24.195root 11241100x8000000000000000406866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e9d27cbda3dead12021-12-21 10:41:24.195root 11241100x8000000000000000406867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.338e0fe65e5253fd2021-12-21 10:41:24.195root 11241100x8000000000000000406868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16f887351a0c612d2021-12-21 10:41:24.195root 11241100x8000000000000000406869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b176824f44186c2021-12-21 10:41:24.195root 11241100x8000000000000000406870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb98a4bf60e70a3a2021-12-21 10:41:24.195root 11241100x8000000000000000406871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef1a5aeb4c0b88f2021-12-21 10:41:24.195root 11241100x8000000000000000406872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5fc5ad82bb592152021-12-21 10:41:24.196root 11241100x8000000000000000406873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f87d8fd3266f062021-12-21 10:41:24.196root 11241100x8000000000000000406874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18b711761ed38382021-12-21 10:41:24.196root 11241100x8000000000000000406875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d155c5ce57d066262021-12-21 10:41:24.196root 11241100x8000000000000000406876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c9e885b05b0b7a42021-12-21 10:41:24.196root 11241100x8000000000000000406877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a802fd6fb97bfef2021-12-21 10:41:24.196root 11241100x8000000000000000406878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b84e35ae56c41fd02021-12-21 10:41:24.196root 11241100x8000000000000000406879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9672c9d54adbf292021-12-21 10:41:24.196root 11241100x8000000000000000406880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd4d51f5cf683ef92021-12-21 10:41:24.196root 11241100x8000000000000000406881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee678cc912f838842021-12-21 10:41:24.196root 11241100x8000000000000000406882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3a7107885bcd8c52021-12-21 10:41:24.196root 11241100x8000000000000000406883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8b917f6026e6b432021-12-21 10:41:24.196root 11241100x8000000000000000406884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5401ab31de80b5892021-12-21 10:41:24.196root 11241100x8000000000000000406885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c7239aa20d7d5892021-12-21 10:41:24.196root 11241100x8000000000000000406886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a54b682517fbcfb52021-12-21 10:41:24.196root 11241100x8000000000000000406887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c1f5cb25e9fd132021-12-21 10:41:24.693root 11241100x8000000000000000406888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d854770268abc1932021-12-21 10:41:24.693root 11241100x8000000000000000406889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8390ba80bfdc1d462021-12-21 10:41:24.693root 11241100x8000000000000000406890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38343a3c576a63e22021-12-21 10:41:24.693root 11241100x8000000000000000406891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e1d49f5dc0a162a2021-12-21 10:41:24.693root 11241100x8000000000000000406892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.499fd155fa060db42021-12-21 10:41:24.693root 11241100x8000000000000000406893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51721628e6c32bcd2021-12-21 10:41:24.693root 11241100x8000000000000000406894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db1850b60f0a82de2021-12-21 10:41:24.693root 11241100x8000000000000000406895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e6c638eaced17172021-12-21 10:41:24.693root 11241100x8000000000000000406896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3e6ca875e7233b2021-12-21 10:41:24.694root 11241100x8000000000000000406897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.728ca532c17142912021-12-21 10:41:24.694root 11241100x8000000000000000406898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30d42ebf0bbb5ade2021-12-21 10:41:24.694root 11241100x8000000000000000406899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cdbd4033de9e9d22021-12-21 10:41:24.694root 11241100x8000000000000000406900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c296954cc259adfc2021-12-21 10:41:24.694root 11241100x8000000000000000406901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7777d886de64642b2021-12-21 10:41:24.694root 11241100x8000000000000000406902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb6ef5b63f44fc52021-12-21 10:41:24.695root 11241100x8000000000000000406903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7510e3ff737f7cf2021-12-21 10:41:24.695root 11241100x8000000000000000406904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c30c37ce3ad482a2021-12-21 10:41:24.695root 11241100x8000000000000000406905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d76194d389ae5a62021-12-21 10:41:24.695root 11241100x8000000000000000406906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.315b27cbf23284542021-12-21 10:41:24.695root 11241100x8000000000000000406907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31484c8dd096b2472021-12-21 10:41:24.696root 11241100x8000000000000000406908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f8a496202cb71842021-12-21 10:41:24.696root 11241100x8000000000000000406909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d52415d41dd7b3892021-12-21 10:41:24.696root 11241100x8000000000000000406910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90cc099a448bd3312021-12-21 10:41:24.696root 11241100x8000000000000000406911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c6e4641d7c0de62021-12-21 10:41:24.696root 11241100x8000000000000000406912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5666921cda26cf642021-12-21 10:41:24.697root 11241100x8000000000000000406913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.023a0889d01e45ef2021-12-21 10:41:24.697root 11241100x8000000000000000406914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74cfa984e4d3f2c72021-12-21 10:41:24.697root 11241100x8000000000000000406915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18cf2d65d839ac572021-12-21 10:41:24.697root 11241100x8000000000000000406916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b02ec2444f3c2322021-12-21 10:41:24.697root 11241100x8000000000000000406917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a073f1ffc2d21c2021-12-21 10:41:24.698root 11241100x8000000000000000406918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f612d59c004a002021-12-21 10:41:24.698root 11241100x8000000000000000406919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0f150d7bbe66872021-12-21 10:41:24.698root 11241100x8000000000000000406920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff967b3506d1ee972021-12-21 10:41:24.698root 11241100x8000000000000000406921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19197e04b46f688f2021-12-21 10:41:24.698root 11241100x8000000000000000406922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdad76e1dcd1220d2021-12-21 10:41:24.699root 11241100x8000000000000000406923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a309bb81739b2172021-12-21 10:41:24.699root 11241100x8000000000000000406924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be40c0f85d2d0c7a2021-12-21 10:41:24.699root 11241100x8000000000000000406925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9235e31da6e132f32021-12-21 10:41:24.699root 11241100x8000000000000000406926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce9352d7fc51f0082021-12-21 10:41:24.700root 11241100x8000000000000000406927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:24.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953422afd88a2a9c2021-12-21 10:41:24.700root 354300x8000000000000000406928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.192{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-34524-false10.0.1.12-8089- 11241100x8000000000000000406929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a2a2b3964664ca2021-12-21 10:41:25.192root 11241100x8000000000000000406930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5752d4fdbf87be8e2021-12-21 10:41:25.193root 11241100x8000000000000000406931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b2b9008142cfdb2021-12-21 10:41:25.193root 11241100x8000000000000000406932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c0b12eeb29863d62021-12-21 10:41:25.193root 11241100x8000000000000000406933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dfb1729a9cf4d1e2021-12-21 10:41:25.193root 11241100x8000000000000000406934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f345429c9dbd6bfd2021-12-21 10:41:25.194root 11241100x8000000000000000406935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e16772cbc308c32021-12-21 10:41:25.194root 11241100x8000000000000000406936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a6676b5434fe2a2021-12-21 10:41:25.194root 11241100x8000000000000000406937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3ea953c039514a32021-12-21 10:41:25.194root 11241100x8000000000000000406938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1cc0ee2a57cc0842021-12-21 10:41:25.195root 11241100x8000000000000000406939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74cc34ce859050ab2021-12-21 10:41:25.195root 11241100x8000000000000000406940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781d08e9c65deee32021-12-21 10:41:25.195root 11241100x8000000000000000406941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc0139bfb6b91a612021-12-21 10:41:25.196root 11241100x8000000000000000406942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.502163144e5174d02021-12-21 10:41:25.196root 11241100x8000000000000000406943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781e7455b6109ba92021-12-21 10:41:25.196root 11241100x8000000000000000406944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d04005b7207bf7e32021-12-21 10:41:25.196root 11241100x8000000000000000406945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe3a26db3144a0bb2021-12-21 10:41:25.196root 11241100x8000000000000000406946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.831117fc9abe68f82021-12-21 10:41:25.197root 11241100x8000000000000000406947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63aa9b8f41094f652021-12-21 10:41:25.197root 11241100x8000000000000000406948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0820d15addbe40d42021-12-21 10:41:25.197root 11241100x8000000000000000406949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e3800f6e1d145c2021-12-21 10:41:25.197root 11241100x8000000000000000406950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ac8df93ee102c42021-12-21 10:41:25.197root 11241100x8000000000000000406951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de490d0159265a52021-12-21 10:41:25.198root 11241100x8000000000000000406952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dcc53538cfb1eda2021-12-21 10:41:25.198root 11241100x8000000000000000406953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.453291f17a19cb0e2021-12-21 10:41:25.198root 11241100x8000000000000000406954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5398324827f68e302021-12-21 10:41:25.198root 11241100x8000000000000000406955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc29189d375c021c2021-12-21 10:41:25.199root 11241100x8000000000000000406956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86829ff3c55667d02021-12-21 10:41:25.199root 11241100x8000000000000000406957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e16928c47f0f792021-12-21 10:41:25.199root 11241100x8000000000000000406958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17895ffb4c7923602021-12-21 10:41:25.199root 11241100x8000000000000000406959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49feb09b05b6b70d2021-12-21 10:41:25.200root 11241100x8000000000000000406960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a14101b5d105b0f2021-12-21 10:41:25.200root 11241100x8000000000000000406961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de846e03739ec14a2021-12-21 10:41:25.200root 11241100x8000000000000000406962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbb824ea8fd5a2dd2021-12-21 10:41:25.200root 11241100x8000000000000000406963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb625cb4b10708b2021-12-21 10:41:25.443root 11241100x8000000000000000406964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5bdffb98eb08c002021-12-21 10:41:25.444root 11241100x8000000000000000406965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5431968464aadfd12021-12-21 10:41:25.445root 11241100x8000000000000000406966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c3e6990aa7af1342021-12-21 10:41:25.445root 11241100x8000000000000000406967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a64c8fbaeead8a052021-12-21 10:41:25.445root 11241100x8000000000000000406968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b601db7f6025d62021-12-21 10:41:25.445root 11241100x8000000000000000406969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d89d8af2edeefc2021-12-21 10:41:25.445root 11241100x8000000000000000406970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c814d4fe897165132021-12-21 10:41:25.445root 11241100x8000000000000000406971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cfa1f7a5b2d91992021-12-21 10:41:25.445root 11241100x8000000000000000406972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ec17d5cf42d7cbd2021-12-21 10:41:25.445root 11241100x8000000000000000406973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da9c0ffc42695e722021-12-21 10:41:25.445root 11241100x8000000000000000406974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b8b97af9aa805d82021-12-21 10:41:25.445root 11241100x8000000000000000406975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9333669ca9f0c98d2021-12-21 10:41:25.446root 11241100x8000000000000000406976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c93ce6bb5eed5fb42021-12-21 10:41:25.446root 11241100x8000000000000000406977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6496396443bfc36f2021-12-21 10:41:25.446root 11241100x8000000000000000406978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6097150690309c942021-12-21 10:41:25.446root 11241100x8000000000000000406979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d0146708a957412021-12-21 10:41:25.446root 11241100x8000000000000000406980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f963b13318f27732021-12-21 10:41:25.446root 11241100x8000000000000000406981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae2779bdf28a3c672021-12-21 10:41:25.446root 11241100x8000000000000000406982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c0ccba5a7dbc972021-12-21 10:41:25.446root 11241100x8000000000000000406983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f64378e739119a2e2021-12-21 10:41:25.446root 11241100x8000000000000000406984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.404aeb4cf3b55feb2021-12-21 10:41:25.447root 11241100x8000000000000000406985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965534c009e0d5ed2021-12-21 10:41:25.447root 11241100x8000000000000000406986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f448249fb5bf402021-12-21 10:41:25.447root 11241100x8000000000000000406987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da3f657de4883fb2021-12-21 10:41:25.447root 11241100x8000000000000000406988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.650e05b02b592b442021-12-21 10:41:25.447root 11241100x8000000000000000406989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5d043ec35cc9c7a2021-12-21 10:41:25.447root 11241100x8000000000000000406990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d6af22a01aff8942021-12-21 10:41:25.943root 11241100x8000000000000000406991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.823be4c19832aec52021-12-21 10:41:25.943root 11241100x8000000000000000406992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e363b404163e8ff2021-12-21 10:41:25.943root 11241100x8000000000000000406993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64582184797e000d2021-12-21 10:41:25.943root 11241100x8000000000000000406994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dad5937e575ecc02021-12-21 10:41:25.944root 11241100x8000000000000000406995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb80c05ff96f42a32021-12-21 10:41:25.944root 11241100x8000000000000000406996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f7f695885637b622021-12-21 10:41:25.944root 11241100x8000000000000000406997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d42ffa88b29e0d222021-12-21 10:41:25.945root 11241100x8000000000000000406998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3916517ecbed5c2f2021-12-21 10:41:25.945root 11241100x8000000000000000406999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c0314b1ddbdf0e12021-12-21 10:41:25.945root 11241100x8000000000000000407000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0960f981f0d668322021-12-21 10:41:25.945root 11241100x8000000000000000407001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fed34dcf6d9705c2021-12-21 10:41:25.945root 11241100x8000000000000000407002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1915681672161b102021-12-21 10:41:25.946root 11241100x8000000000000000407003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c3282ad5628b1d2021-12-21 10:41:25.946root 11241100x8000000000000000407004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.787daae4785c0ba22021-12-21 10:41:25.946root 11241100x8000000000000000407005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b331fadb2ec3562021-12-21 10:41:25.946root 11241100x8000000000000000407006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb55cf5c19baa4f2021-12-21 10:41:25.946root 11241100x8000000000000000407007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b2c0c5b309af64c2021-12-21 10:41:25.946root 11241100x8000000000000000407008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46eb4e1d3c57befd2021-12-21 10:41:25.947root 11241100x8000000000000000407009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.defceb4ce96bcee82021-12-21 10:41:25.947root 11241100x8000000000000000407010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.829a7fa83aa8645a2021-12-21 10:41:25.947root 11241100x8000000000000000407011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.992ac2c38d2ec21e2021-12-21 10:41:25.947root 11241100x8000000000000000407012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.278cac1337b0ab802021-12-21 10:41:25.947root 11241100x8000000000000000407013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.863617da86e94f7f2021-12-21 10:41:25.948root 11241100x8000000000000000407014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8935f893aea26ca2021-12-21 10:41:25.948root 11241100x8000000000000000407015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e184fa0043ead722021-12-21 10:41:25.948root 11241100x8000000000000000407016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c54094816a4d27c2021-12-21 10:41:25.948root 11241100x8000000000000000407017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e228db1ab82bde2021-12-21 10:41:25.948root 11241100x8000000000000000407018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833e1d01f2bf56402021-12-21 10:41:25.949root 11241100x8000000000000000407019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bfa2f6abe16ffd32021-12-21 10:41:25.949root 11241100x8000000000000000407020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:25.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5936ba89d1f683182021-12-21 10:41:25.949root 11241100x8000000000000000407021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b9ccb2b89b2ff42021-12-21 10:41:26.443root 11241100x8000000000000000407022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b94938bf408091f22021-12-21 10:41:26.443root 11241100x8000000000000000407023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c63b4e65ca9dec12021-12-21 10:41:26.443root 11241100x8000000000000000407024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c50ec95e1f9b75212021-12-21 10:41:26.443root 11241100x8000000000000000407025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66f4485351d0d1392021-12-21 10:41:26.444root 11241100x8000000000000000407026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f8eda4ea4a7a482021-12-21 10:41:26.444root 11241100x8000000000000000407027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc41b046b57602b2021-12-21 10:41:26.444root 11241100x8000000000000000407028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c2af6504a0ff7122021-12-21 10:41:26.444root 11241100x8000000000000000407029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f33d136b5c5b483d2021-12-21 10:41:26.444root 11241100x8000000000000000407030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a266479dea14ef1f2021-12-21 10:41:26.444root 11241100x8000000000000000407031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0692fead2042f992021-12-21 10:41:26.445root 11241100x8000000000000000407032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ead088bfafeaefd2021-12-21 10:41:26.445root 11241100x8000000000000000407033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.125a7e60408b54d72021-12-21 10:41:26.445root 11241100x8000000000000000407034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce7f389ac423e822021-12-21 10:41:26.445root 11241100x8000000000000000407035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73516831add3e0642021-12-21 10:41:26.445root 11241100x8000000000000000407036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b82f5acbd917a0b2021-12-21 10:41:26.445root 11241100x8000000000000000407037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c6a11500e95b682021-12-21 10:41:26.445root 11241100x8000000000000000407038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db828a72b85f57ad2021-12-21 10:41:26.445root 11241100x8000000000000000407039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.940dba1267dbb9512021-12-21 10:41:26.445root 11241100x8000000000000000407040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d50725aad58f53582021-12-21 10:41:26.445root 11241100x8000000000000000407041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baca16cdb5e723362021-12-21 10:41:26.446root 11241100x8000000000000000407042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e86bfbdd28cacc2021-12-21 10:41:26.446root 11241100x8000000000000000407043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a8270b5bbe01372021-12-21 10:41:26.446root 11241100x8000000000000000407044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf6dbe937bc3df9e2021-12-21 10:41:26.446root 11241100x8000000000000000407045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad9829a0dd788c72021-12-21 10:41:26.446root 11241100x8000000000000000407046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42a431541e1a90332021-12-21 10:41:26.446root 11241100x8000000000000000407047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4baee34770cde2d22021-12-21 10:41:26.447root 11241100x8000000000000000407048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3241ded15e75df02021-12-21 10:41:26.447root 11241100x8000000000000000407049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c007faeb3a93f9d2021-12-21 10:41:26.447root 11241100x8000000000000000407050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd1aaa01c792c502021-12-21 10:41:26.447root 11241100x8000000000000000407051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.026fa2eebe382c362021-12-21 10:41:26.447root 11241100x8000000000000000407052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea2f342612fc1922021-12-21 10:41:26.943root 11241100x8000000000000000407053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.298465360724d5012021-12-21 10:41:26.943root 11241100x8000000000000000407054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9125df5ccbd711082021-12-21 10:41:26.943root 11241100x8000000000000000407055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.511049c6b687b70f2021-12-21 10:41:26.944root 11241100x8000000000000000407056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df85760b3324bdd2021-12-21 10:41:26.944root 11241100x8000000000000000407057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f5d58de361e189f2021-12-21 10:41:26.944root 11241100x8000000000000000407058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.577d5f4f3cd7a5402021-12-21 10:41:26.944root 11241100x8000000000000000407059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649b880c4ab40a6f2021-12-21 10:41:26.944root 11241100x8000000000000000407060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01449b4e3de9ffbf2021-12-21 10:41:26.945root 11241100x8000000000000000407061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f93174bb44b7cc92021-12-21 10:41:26.945root 11241100x8000000000000000407062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c092757995bad1212021-12-21 10:41:26.945root 11241100x8000000000000000407063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a13f7b7acd18d92021-12-21 10:41:26.945root 11241100x8000000000000000407064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e2a7c733886c4f22021-12-21 10:41:26.945root 11241100x8000000000000000407065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c3b641dee7d63c2021-12-21 10:41:26.945root 11241100x8000000000000000407066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3488e03bed11eb022021-12-21 10:41:26.945root 11241100x8000000000000000407067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ec8f97f05b6a172021-12-21 10:41:26.946root 11241100x8000000000000000407068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9611a4c3772ea4fa2021-12-21 10:41:26.946root 11241100x8000000000000000407069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d7f60dff6b75c9e2021-12-21 10:41:26.946root 11241100x8000000000000000407070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e39d39f40f2128f82021-12-21 10:41:26.946root 11241100x8000000000000000407071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f426f2655db2ba82021-12-21 10:41:26.946root 11241100x8000000000000000407072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab00d730a58a930f2021-12-21 10:41:26.946root 11241100x8000000000000000407073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.007ac6758a1ecd272021-12-21 10:41:26.946root 11241100x8000000000000000407074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad407fc9c81bf5d2021-12-21 10:41:26.947root 11241100x8000000000000000407075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad5250c6b61446302021-12-21 10:41:26.947root 11241100x8000000000000000407076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8635f3b9b43fcebf2021-12-21 10:41:26.947root 11241100x8000000000000000407077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1cd25c35af4a1542021-12-21 10:41:26.947root 11241100x8000000000000000407078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d6da808ed04c1f72021-12-21 10:41:26.947root 11241100x8000000000000000407079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.450629091de965dd2021-12-21 10:41:26.947root 11241100x8000000000000000407080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:26.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b239eabb2c0d7a9a2021-12-21 10:41:26.950root 354300x8000000000000000407081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.101{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47462-false10.0.1.12-8000- 11241100x8000000000000000407082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e7090d86f6d8fb2021-12-21 10:41:27.443root 11241100x8000000000000000407083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.577c92e43214e9992021-12-21 10:41:27.443root 11241100x8000000000000000407084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ece63e434a7d9e072021-12-21 10:41:27.443root 11241100x8000000000000000407085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.363d71df4b82b0092021-12-21 10:41:27.443root 11241100x8000000000000000407086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d80b307553b95452021-12-21 10:41:27.443root 11241100x8000000000000000407087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10989f3e1564f2f32021-12-21 10:41:27.444root 11241100x8000000000000000407088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05fa77ee16df8d5a2021-12-21 10:41:27.444root 11241100x8000000000000000407089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f1ea612894ddb4d2021-12-21 10:41:27.444root 11241100x8000000000000000407090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.733f09a20cc5ed652021-12-21 10:41:27.444root 11241100x8000000000000000407091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ddf109f1476c8e2021-12-21 10:41:27.445root 11241100x8000000000000000407092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e4bc3383e953c02021-12-21 10:41:27.446root 11241100x8000000000000000407093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0090103c41d79f2021-12-21 10:41:27.447root 11241100x8000000000000000407094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.951510e96f3a0d262021-12-21 10:41:27.447root 11241100x8000000000000000407095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0769fbed37ab58ce2021-12-21 10:41:27.447root 11241100x8000000000000000407096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54bc9299b06af6432021-12-21 10:41:27.447root 11241100x8000000000000000407097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c63f6428b59f7db42021-12-21 10:41:27.447root 11241100x8000000000000000407098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.208855bf6f9bddc52021-12-21 10:41:27.448root 11241100x8000000000000000407099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7cd59d4929619c62021-12-21 10:41:27.448root 11241100x8000000000000000407100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ee9a14a0e853eca2021-12-21 10:41:27.448root 11241100x8000000000000000407101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ceea5fe6bd8c00d2021-12-21 10:41:27.448root 11241100x8000000000000000407102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df13cb5e8b3b860d2021-12-21 10:41:27.448root 11241100x8000000000000000407103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a1a21626545ca22021-12-21 10:41:27.448root 11241100x8000000000000000407104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f41dd9da9ebdf22021-12-21 10:41:27.448root 11241100x8000000000000000407105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.850267192327fc842021-12-21 10:41:27.449root 11241100x8000000000000000407106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e14887ec0004a7b02021-12-21 10:41:27.449root 11241100x8000000000000000407107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed8b445dceb191722021-12-21 10:41:27.449root 11241100x8000000000000000407108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6508ca0ec6b54f12021-12-21 10:41:27.449root 11241100x8000000000000000407109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a06d131480836d62021-12-21 10:41:27.449root 11241100x8000000000000000407110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cce460ece42eb632021-12-21 10:41:27.449root 11241100x8000000000000000407111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725d8a9ca7a5e7c12021-12-21 10:41:27.449root 11241100x8000000000000000407112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3515194d97f08dc82021-12-21 10:41:27.450root 11241100x8000000000000000407113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25c24e32426d914d2021-12-21 10:41:27.450root 11241100x8000000000000000407114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1812143d305c543f2021-12-21 10:41:27.450root 11241100x8000000000000000407115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be50872dea2c0102021-12-21 10:41:27.450root 11241100x8000000000000000407116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3438bec33499f8472021-12-21 10:41:27.450root 11241100x8000000000000000407117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.206124603f3194752021-12-21 10:41:27.943root 11241100x8000000000000000407118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad0ef445d6af7fa2021-12-21 10:41:27.943root 11241100x8000000000000000407119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9530b5049bf8a9a2021-12-21 10:41:27.943root 11241100x8000000000000000407120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce37932b5c89dd92021-12-21 10:41:27.943root 11241100x8000000000000000407121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b3442a00bf2f5c72021-12-21 10:41:27.944root 11241100x8000000000000000407122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb0e697b5411abb82021-12-21 10:41:27.944root 11241100x8000000000000000407123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d12e3e2ee21400d2021-12-21 10:41:27.944root 11241100x8000000000000000407124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.202c5c5dd4cc38082021-12-21 10:41:27.944root 11241100x8000000000000000407125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb1133738a99ee9e2021-12-21 10:41:27.944root 11241100x8000000000000000407126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3761dee549c46ba42021-12-21 10:41:27.944root 11241100x8000000000000000407127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8102b8070db8ae8b2021-12-21 10:41:27.944root 11241100x8000000000000000407128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2048e43ce0036e402021-12-21 10:41:27.944root 11241100x8000000000000000407129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f70bb47487d29c62021-12-21 10:41:27.944root 11241100x8000000000000000407130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04f6d515e61ff9122021-12-21 10:41:27.944root 11241100x8000000000000000407131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d726b5e2bb7beb4c2021-12-21 10:41:27.944root 11241100x8000000000000000407132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad12a66b8b0c3342021-12-21 10:41:27.945root 11241100x8000000000000000407133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b313bfe2c2c3f6792021-12-21 10:41:27.945root 11241100x8000000000000000407134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c42758eee1d6962021-12-21 10:41:27.945root 11241100x8000000000000000407135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f3bf45b02e738632021-12-21 10:41:27.945root 11241100x8000000000000000407136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138e58073afeb1262021-12-21 10:41:27.945root 11241100x8000000000000000407137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.502bd7bf93d9fb812021-12-21 10:41:27.945root 11241100x8000000000000000407138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e0b1e30cda6ced32021-12-21 10:41:27.945root 11241100x8000000000000000407139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9669e9b36234d6432021-12-21 10:41:27.945root 11241100x8000000000000000407140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7747ed1e00f6ac62021-12-21 10:41:27.945root 11241100x8000000000000000407141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c4479eefa7521392021-12-21 10:41:27.945root 11241100x8000000000000000407142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1be091848fceaa7e2021-12-21 10:41:27.945root 11241100x8000000000000000407143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.350fce48f0add6862021-12-21 10:41:27.945root 11241100x8000000000000000407144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.046ba6b208e8b7e02021-12-21 10:41:27.945root 11241100x8000000000000000407145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.723386dc819917872021-12-21 10:41:27.945root 11241100x8000000000000000407146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a8eb1186a8929d72021-12-21 10:41:27.945root 11241100x8000000000000000407147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e14128c946037a922021-12-21 10:41:27.946root 11241100x8000000000000000407148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e00cf0b026e59c7d2021-12-21 10:41:27.946root 11241100x8000000000000000407149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e89248aba6fd0b2021-12-21 10:41:27.946root 11241100x8000000000000000407150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbc65dfd95eb977f2021-12-21 10:41:27.946root 11241100x8000000000000000407151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0caeafcc984eb9702021-12-21 10:41:27.946root 11241100x8000000000000000407152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b295c848fa71a9a72021-12-21 10:41:27.946root 11241100x8000000000000000407153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34fbb9ce1e9a6c2f2021-12-21 10:41:27.946root 11241100x8000000000000000407154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddc27f63a91cd0362021-12-21 10:41:27.946root 11241100x8000000000000000407155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa7e88396af412fe2021-12-21 10:41:27.946root 11241100x8000000000000000407156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476504ff166665d42021-12-21 10:41:27.946root 11241100x8000000000000000407157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f14f3a561521a1012021-12-21 10:41:27.946root 11241100x8000000000000000407158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f05383b8843f658b2021-12-21 10:41:27.946root 11241100x8000000000000000407159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.992378deba7464792021-12-21 10:41:27.946root 11241100x8000000000000000407160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4796e496bcbc2afa2021-12-21 10:41:27.946root 11241100x8000000000000000407161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1460789d1d783c122021-12-21 10:41:27.946root 11241100x8000000000000000407162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6481b425d4e6fcd32021-12-21 10:41:27.946root 11241100x8000000000000000407163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3c3e09055082782021-12-21 10:41:27.947root 11241100x8000000000000000407164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa40a50c99523472021-12-21 10:41:27.947root 11241100x8000000000000000407165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0092673bedcf41552021-12-21 10:41:27.947root 11241100x8000000000000000407166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.488de05c610ae5eb2021-12-21 10:41:27.947root 11241100x8000000000000000407167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a07ef7e2717dd3f2021-12-21 10:41:27.947root 11241100x8000000000000000407168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bd5d5f0efcfb5b52021-12-21 10:41:27.947root 11241100x8000000000000000407169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6700524e3b73f3c92021-12-21 10:41:27.948root 11241100x8000000000000000407170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cdb021a6aa2d0692021-12-21 10:41:27.948root 11241100x8000000000000000407171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f99cdc66132a50ed2021-12-21 10:41:27.948root 11241100x8000000000000000407172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc0ce729650895d2021-12-21 10:41:27.948root 11241100x8000000000000000407173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3490b3151026372c2021-12-21 10:41:27.948root 11241100x8000000000000000407174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.337ddba98fb956742021-12-21 10:41:27.948root 11241100x8000000000000000407175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.530e119c8e50f1d32021-12-21 10:41:27.948root 11241100x8000000000000000407176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d865e17ffc25b62021-12-21 10:41:27.948root 11241100x8000000000000000407177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf197f6abfc42f42021-12-21 10:41:27.949root 11241100x8000000000000000407178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6863512aed3ccb2d2021-12-21 10:41:27.949root 11241100x8000000000000000407179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7d9fcec33b01aa2021-12-21 10:41:27.949root 11241100x8000000000000000407180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12da625fa1e050722021-12-21 10:41:27.949root 11241100x8000000000000000407181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ecd4d68d616ae752021-12-21 10:41:27.949root 11241100x8000000000000000407182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce6663148da634e2021-12-21 10:41:27.949root 11241100x8000000000000000407183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bdb30802130a9b42021-12-21 10:41:27.949root 11241100x8000000000000000407184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0628230c7ce66b7d2021-12-21 10:41:27.949root 11241100x8000000000000000407185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f276a39c300c3e2021-12-21 10:41:27.949root 11241100x8000000000000000407186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09b65564629a2a832021-12-21 10:41:27.950root 11241100x8000000000000000407187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fdbaebae60443222021-12-21 10:41:27.950root 11241100x8000000000000000407188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae95ba565d058e2e2021-12-21 10:41:27.950root 11241100x8000000000000000407189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d180f47fdf75ddf2021-12-21 10:41:27.950root 11241100x8000000000000000407190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e2221ef7907e962021-12-21 10:41:27.950root 11241100x8000000000000000407191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a189a930346a7e5b2021-12-21 10:41:27.950root 11241100x8000000000000000407192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f67b6caf2321c0002021-12-21 10:41:27.950root 11241100x8000000000000000407193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ea80123fbea31d2021-12-21 10:41:27.950root 11241100x8000000000000000407194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:27.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a8b0e8d8c1f01f02021-12-21 10:41:27.950root 11241100x8000000000000000407195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08a37308d3af0ae22021-12-21 10:41:28.443root 11241100x8000000000000000407196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2036c8c16c3e5afb2021-12-21 10:41:28.443root 11241100x8000000000000000407197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a895e37eda44732021-12-21 10:41:28.444root 11241100x8000000000000000407198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17fb8e18597fe1002021-12-21 10:41:28.444root 11241100x8000000000000000407199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0cd9f7dab92f3bf2021-12-21 10:41:28.444root 11241100x8000000000000000407200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be71dfd876adbc922021-12-21 10:41:28.444root 11241100x8000000000000000407201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b4d4d37819670dd2021-12-21 10:41:28.444root 11241100x8000000000000000407202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.328ac340292560852021-12-21 10:41:28.445root 11241100x8000000000000000407203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5efd78a76eb23c4b2021-12-21 10:41:28.445root 11241100x8000000000000000407204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a7ef7a299fb1b552021-12-21 10:41:28.445root 11241100x8000000000000000407205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b45a85daf537e6362021-12-21 10:41:28.445root 11241100x8000000000000000407206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbeba0d6ead801442021-12-21 10:41:28.445root 11241100x8000000000000000407207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.634b5c420a57b9b72021-12-21 10:41:28.446root 11241100x8000000000000000407208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7381f061e411ef12021-12-21 10:41:28.446root 11241100x8000000000000000407209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e2483673a4cac62021-12-21 10:41:28.446root 11241100x8000000000000000407210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59cad51aaba5c2322021-12-21 10:41:28.446root 11241100x8000000000000000407211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eaa24dc68722ebf2021-12-21 10:41:28.446root 11241100x8000000000000000407212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:28.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.733bfb91409677b22021-12-21 10:41:28.447root 11241100x8000000000000000407213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:28.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d45cd1dbf43572762021-12-21 10:41:28.447root 11241100x8000000000000000407214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:28.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.119592721e7db6002021-12-21 10:41:28.447root 11241100x8000000000000000407215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:28.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44930efbc5ba37692021-12-21 10:41:28.447root 11241100x8000000000000000407216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:28.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e09088c53dc6d1a2021-12-21 10:41:28.447root 11241100x8000000000000000407217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:28.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1a3876385e2a92d2021-12-21 10:41:28.447root 11241100x8000000000000000407218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:28.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e5ee942690deb6e2021-12-21 10:41:28.447root 11241100x8000000000000000407219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:28.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa77ac457ce9c1d2021-12-21 10:41:28.448root 11241100x8000000000000000407220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:28.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f1db04fe412538e2021-12-21 10:41:28.448root 11241100x8000000000000000407221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:28.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d8e4f231a5f3f62021-12-21 10:41:28.448root 11241100x8000000000000000407222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:28.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f24bdd17798b8c2021-12-21 10:41:28.942root 11241100x8000000000000000407223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa33ad5a1ac2b8a42021-12-21 10:41:28.943root 11241100x8000000000000000407224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b319fc894f71670a2021-12-21 10:41:28.943root 11241100x8000000000000000407225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6ced684836a8b9a2021-12-21 10:41:28.943root 11241100x8000000000000000407226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6589ac766f58ea8d2021-12-21 10:41:28.943root 11241100x8000000000000000407227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b231fd9429c1779a2021-12-21 10:41:28.943root 11241100x8000000000000000407228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7291c2d167350c52021-12-21 10:41:28.943root 11241100x8000000000000000407229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1612e0b5384831f2021-12-21 10:41:28.943root 11241100x8000000000000000407230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55295482c40016332021-12-21 10:41:28.943root 11241100x8000000000000000407231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.884971fcad4946eb2021-12-21 10:41:28.943root 11241100x8000000000000000407232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de12a3cabc79a2882021-12-21 10:41:28.943root 11241100x8000000000000000407233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f7560bd1ff7d58f2021-12-21 10:41:28.943root 11241100x8000000000000000407234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77cbbb37c5ab71b02021-12-21 10:41:28.943root 11241100x8000000000000000407235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.911223559606a2892021-12-21 10:41:28.943root 11241100x8000000000000000407236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1efc06b2676b7f142021-12-21 10:41:28.944root 11241100x8000000000000000407237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a755cafcd5058b2021-12-21 10:41:28.944root 11241100x8000000000000000407238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d81b1688859f8a342021-12-21 10:41:28.944root 11241100x8000000000000000407239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d97acf83c1f7378c2021-12-21 10:41:28.944root 11241100x8000000000000000407240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df24f250fe5e863c2021-12-21 10:41:28.944root 11241100x8000000000000000407241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4b184eec8e083302021-12-21 10:41:28.944root 11241100x8000000000000000407242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3076672c95f63e462021-12-21 10:41:28.944root 11241100x8000000000000000407243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db393894911a12a52021-12-21 10:41:28.944root 11241100x8000000000000000407244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc6e430defb56012021-12-21 10:41:28.944root 11241100x8000000000000000407245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9948d3951200ab8a2021-12-21 10:41:28.944root 11241100x8000000000000000407246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a76691ff74b158bf2021-12-21 10:41:28.944root 11241100x8000000000000000407247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed459ba8238122482021-12-21 10:41:28.944root 11241100x8000000000000000407248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c627b626e88e0b3b2021-12-21 10:41:28.944root 11241100x8000000000000000407249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.950e52f847d7f2c52021-12-21 10:41:28.944root 11241100x8000000000000000407250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98cb9a1be8ff8e552021-12-21 10:41:29.443root 11241100x8000000000000000407251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ced419ef01fb752021-12-21 10:41:29.443root 11241100x8000000000000000407252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.338f2b145272c6172021-12-21 10:41:29.443root 11241100x8000000000000000407253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11712b892241c8b52021-12-21 10:41:29.443root 11241100x8000000000000000407254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2c4eb74752e18b02021-12-21 10:41:29.443root 11241100x8000000000000000407255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a8c776ad50b10c2021-12-21 10:41:29.443root 11241100x8000000000000000407256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e1f48071c09ab52021-12-21 10:41:29.444root 11241100x8000000000000000407257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be8519b5234bdfc72021-12-21 10:41:29.444root 11241100x8000000000000000407258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a638db398897402021-12-21 10:41:29.444root 11241100x8000000000000000407259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5e7480293af67f52021-12-21 10:41:29.444root 11241100x8000000000000000407260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081acf72bbffcdba2021-12-21 10:41:29.444root 11241100x8000000000000000407261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bea4c6b7e6435752021-12-21 10:41:29.444root 11241100x8000000000000000407262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.553304d9bfb62b422021-12-21 10:41:29.444root 11241100x8000000000000000407263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb63fcedb59f238c2021-12-21 10:41:29.444root 11241100x8000000000000000407264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1532c6d654ab5782021-12-21 10:41:29.444root 11241100x8000000000000000407265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4713035faebbb4402021-12-21 10:41:29.444root 11241100x8000000000000000407266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f35d288cb660cfe32021-12-21 10:41:29.444root 11241100x8000000000000000407267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e08f1fd9b7562c2021-12-21 10:41:29.444root 11241100x8000000000000000407268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b0342ced48a00552021-12-21 10:41:29.444root 11241100x8000000000000000407269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e46f511f1d8162212021-12-21 10:41:29.444root 11241100x8000000000000000407270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d969c653a61b18332021-12-21 10:41:29.444root 11241100x8000000000000000407271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15268dd980b9d9682021-12-21 10:41:29.445root 11241100x8000000000000000407272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d926ba5cc4c1312021-12-21 10:41:29.445root 11241100x8000000000000000407273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8301d0be477d0b52021-12-21 10:41:29.445root 11241100x8000000000000000407274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6fa83989bd149222021-12-21 10:41:29.445root 11241100x8000000000000000407275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e17b4658574714052021-12-21 10:41:29.445root 11241100x8000000000000000407276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1f75368f627cbe2021-12-21 10:41:29.445root 11241100x8000000000000000407277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1e7d89db4777d6d2021-12-21 10:41:29.943root 11241100x8000000000000000407278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d73b71ae787178382021-12-21 10:41:29.943root 11241100x8000000000000000407279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f14b3a6f4d96debd2021-12-21 10:41:29.943root 11241100x8000000000000000407280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6247a9627908c4192021-12-21 10:41:29.943root 11241100x8000000000000000407281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71adac540db39d1e2021-12-21 10:41:29.944root 11241100x8000000000000000407282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ddbb7b6f4bf14222021-12-21 10:41:29.944root 11241100x8000000000000000407283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f60f4b6056419da02021-12-21 10:41:29.944root 11241100x8000000000000000407284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a10634758fc08e482021-12-21 10:41:29.944root 11241100x8000000000000000407285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fb699db69a6a39a2021-12-21 10:41:29.944root 11241100x8000000000000000407286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e4dd559e1e1efa2021-12-21 10:41:29.944root 11241100x8000000000000000407287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a140c40f85cf362021-12-21 10:41:29.944root 11241100x8000000000000000407288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.686289eb897120942021-12-21 10:41:29.944root 11241100x8000000000000000407289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29cce8b181b3ca4a2021-12-21 10:41:29.944root 11241100x8000000000000000407290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcb7d021b9dde2aa2021-12-21 10:41:29.944root 11241100x8000000000000000407291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1dd07efd568617e2021-12-21 10:41:29.944root 11241100x8000000000000000407292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b3f09ea2a7aa1b2021-12-21 10:41:29.944root 11241100x8000000000000000407293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5830bc0fa3d510e2021-12-21 10:41:29.944root 11241100x8000000000000000407294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.846ddcd792302b852021-12-21 10:41:29.944root 11241100x8000000000000000407295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80a34c3b3401f45c2021-12-21 10:41:29.944root 11241100x8000000000000000407296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e39a16bb88d3de2021-12-21 10:41:29.945root 11241100x8000000000000000407297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0237de8602e0e1202021-12-21 10:41:29.945root 11241100x8000000000000000407298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87dcd43c461db15d2021-12-21 10:41:29.945root 11241100x8000000000000000407299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.256ea31aa3df4ca82021-12-21 10:41:29.945root 11241100x8000000000000000407300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6779b542cb661de2021-12-21 10:41:29.945root 11241100x8000000000000000407301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5137b09911f925ae2021-12-21 10:41:29.945root 11241100x8000000000000000407302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2278a80f035c9bbb2021-12-21 10:41:29.945root 11241100x8000000000000000407303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a07b9fb057f6dd42021-12-21 10:41:29.945root 154100x8000000000000000407304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.269{ec2b6afe-af5a-61c1-6894-617f08560000}9759/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 11241100x8000000000000000407305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.270{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c87cedd59a2b572021-12-21 10:41:30.270root 11241100x8000000000000000407306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.270{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.935ea02ab73e89bb2021-12-21 10:41:30.270root 11241100x8000000000000000407307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.271{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd13eb3fd35d1caf2021-12-21 10:41:30.271root 11241100x8000000000000000407308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.271{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea11bc3480244e02021-12-21 10:41:30.271root 11241100x8000000000000000407309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.271{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffe36698496a74352021-12-21 10:41:30.271root 11241100x8000000000000000407310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.271{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7139823b3160718e2021-12-21 10:41:30.271root 11241100x8000000000000000407311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.272{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2b0163be9ad08c72021-12-21 10:41:30.272root 11241100x8000000000000000407312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.272{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292dada1023784422021-12-21 10:41:30.272root 11241100x8000000000000000407313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.272{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.575f27de313b53652021-12-21 10:41:30.272root 11241100x8000000000000000407314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.272{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd15aa3e78e34412021-12-21 10:41:30.272root 11241100x8000000000000000407315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.272{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24613626fd2565442021-12-21 10:41:30.272root 11241100x8000000000000000407316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.272{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3fcd24295a921952021-12-21 10:41:30.272root 11241100x8000000000000000407317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.272{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3432e9f7108004362021-12-21 10:41:30.272root 11241100x8000000000000000407318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.272{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e62a66dc34b6398b2021-12-21 10:41:30.272root 11241100x8000000000000000407319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.272{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.764bc4cf769db48f2021-12-21 10:41:30.272root 11241100x8000000000000000407320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.272{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1037891e8f548e792021-12-21 10:41:30.272root 11241100x8000000000000000407321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.273{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.679a2912b7c598092021-12-21 10:41:30.273root 11241100x8000000000000000407322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.273{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf56f4ed28498d12021-12-21 10:41:30.273root 11241100x8000000000000000407323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.273{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9583cba5f2c136e2021-12-21 10:41:30.273root 11241100x8000000000000000407324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.273{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2eb5f17e476e47a2021-12-21 10:41:30.273root 11241100x8000000000000000407325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.273{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5481291f51bd56152021-12-21 10:41:30.273root 11241100x8000000000000000407326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.273{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.456cf5433ce6b4a82021-12-21 10:41:30.273root 11241100x8000000000000000407327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.273{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb220b0d7df51f5d2021-12-21 10:41:30.273root 11241100x8000000000000000407328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.273{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9271f1acc87e27ac2021-12-21 10:41:30.273root 11241100x8000000000000000407329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.273{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b695d6ce314a6e42021-12-21 10:41:30.273root 11241100x8000000000000000407330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.274{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7364e3f9bc03e4942021-12-21 10:41:30.274root 11241100x8000000000000000407331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.274{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a0f5bf2088c245f2021-12-21 10:41:30.274root 11241100x8000000000000000407332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.274{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b639b9ce25d56b2021-12-21 10:41:30.274root 11241100x8000000000000000407333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.274{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc3842741ef9b882021-12-21 10:41:30.274root 11241100x8000000000000000407334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.274{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a746dbd19fe348932021-12-21 10:41:30.274root 11241100x8000000000000000407335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.274{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85907619952882022021-12-21 10:41:30.274root 11241100x8000000000000000407336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.274{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18420d69d59be0b22021-12-21 10:41:30.274root 534500x8000000000000000407337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.280{ec2b6afe-af5a-61c1-6894-617f08560000}9759/bin/psroot 11241100x8000000000000000407338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a98a7a13b38f112021-12-21 10:41:30.693root 11241100x8000000000000000407339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d67cb90bdb3b1c2021-12-21 10:41:30.693root 11241100x8000000000000000407340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56e31f29a17471b2021-12-21 10:41:30.693root 11241100x8000000000000000407341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88dd2757d95996c42021-12-21 10:41:30.693root 11241100x8000000000000000407342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e67c80e9db292d2021-12-21 10:41:30.693root 11241100x8000000000000000407343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ae911961e66a0992021-12-21 10:41:30.693root 11241100x8000000000000000407344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1e12f53d5ea708f2021-12-21 10:41:30.693root 11241100x8000000000000000407345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c44d359f6cdf2a02021-12-21 10:41:30.693root 11241100x8000000000000000407346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79cccee793687b322021-12-21 10:41:30.693root 11241100x8000000000000000407347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc77b83e48ccb49f2021-12-21 10:41:30.693root 11241100x8000000000000000407348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5678e85d6c1837d2021-12-21 10:41:30.694root 11241100x8000000000000000407349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f791ffe14066fbc2021-12-21 10:41:30.694root 11241100x8000000000000000407350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c509dfa47248842021-12-21 10:41:30.694root 11241100x8000000000000000407351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1296c746d6bbef8e2021-12-21 10:41:30.694root 11241100x8000000000000000407352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.716a8836f731f70a2021-12-21 10:41:30.694root 11241100x8000000000000000407353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c464b8407a9a022021-12-21 10:41:30.694root 11241100x8000000000000000407354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af471b1c25634b8f2021-12-21 10:41:30.694root 11241100x8000000000000000407355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa15119ee18f4002021-12-21 10:41:30.694root 11241100x8000000000000000407356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4cf89b15e22e86b2021-12-21 10:41:30.694root 11241100x8000000000000000407357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a897f9a960590d82021-12-21 10:41:30.694root 11241100x8000000000000000407358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31ce68cd26b0a4d92021-12-21 10:41:30.694root 11241100x8000000000000000407359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78219810bfb26e292021-12-21 10:41:30.694root 11241100x8000000000000000407360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48a29e1a0f7fe62c2021-12-21 10:41:30.695root 11241100x8000000000000000407361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b87709c7959aa0462021-12-21 10:41:30.695root 11241100x8000000000000000407362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8501bd6ec3efc3f42021-12-21 10:41:30.695root 11241100x8000000000000000407363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df36f43ac13f3fd52021-12-21 10:41:30.695root 11241100x8000000000000000407364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b75ee9dd1fc1a23c2021-12-21 10:41:30.695root 11241100x8000000000000000407365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ebbca838a26a422021-12-21 10:41:30.695root 11241100x8000000000000000407366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c3f528bb07a8fc2021-12-21 10:41:30.695root 11241100x8000000000000000407367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.289ced75089ad2332021-12-21 10:41:30.695root 11241100x8000000000000000407368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a582e3f302287ad42021-12-21 10:41:30.695root 11241100x8000000000000000407369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b9b148d98e78fc42021-12-21 10:41:30.695root 11241100x8000000000000000407370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0078d3eb6ac1a512021-12-21 10:41:30.695root 11241100x8000000000000000407371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d94ff632f790e952021-12-21 10:41:30.696root 11241100x8000000000000000407372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc83c15c61caf5d2021-12-21 10:41:30.696root 11241100x8000000000000000407373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d4da28e1220db72021-12-21 10:41:30.696root 11241100x8000000000000000407374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a5e8165675031ae2021-12-21 10:41:30.696root 11241100x8000000000000000407375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.692b1c8ba551e06d2021-12-21 10:41:30.696root 11241100x8000000000000000407376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbfe8211a472d0dc2021-12-21 10:41:30.696root 11241100x8000000000000000407377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d05c596bdae05b2021-12-21 10:41:30.696root 11241100x8000000000000000407378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4909ee7ffd77c0782021-12-21 10:41:30.696root 11241100x8000000000000000407379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e40eab85fd03fd12021-12-21 10:41:31.193root 11241100x8000000000000000407380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a481a43a48a6b422021-12-21 10:41:31.193root 11241100x8000000000000000407381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3227779235980af82021-12-21 10:41:31.193root 11241100x8000000000000000407382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f966bde4ec4026dc2021-12-21 10:41:31.193root 11241100x8000000000000000407383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600f0c7600871ba02021-12-21 10:41:31.193root 11241100x8000000000000000407384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad675d6ff9c520132021-12-21 10:41:31.193root 11241100x8000000000000000407385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c3947b91449ca52021-12-21 10:41:31.193root 11241100x8000000000000000407386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf0078654e569fd52021-12-21 10:41:31.193root 11241100x8000000000000000407387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd660edfc2cde21d2021-12-21 10:41:31.193root 11241100x8000000000000000407388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20d7acbde55909df2021-12-21 10:41:31.193root 11241100x8000000000000000407389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6feeba01fddd658c2021-12-21 10:41:31.193root 11241100x8000000000000000407390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f713676c3ef23212021-12-21 10:41:31.193root 11241100x8000000000000000407391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e86eeb21b35fb72021-12-21 10:41:31.193root 11241100x8000000000000000407392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae2dcd31307707412021-12-21 10:41:31.194root 11241100x8000000000000000407393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2125d1ec6845d2f12021-12-21 10:41:31.194root 11241100x8000000000000000407394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72b1f073ec0eec02021-12-21 10:41:31.194root 11241100x8000000000000000407395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d9ccdacaefcd9d52021-12-21 10:41:31.194root 11241100x8000000000000000407396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.504014f7fe1004752021-12-21 10:41:31.194root 11241100x8000000000000000407397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.058807ea43a5f76d2021-12-21 10:41:31.194root 11241100x8000000000000000407398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.514467e9420f64322021-12-21 10:41:31.194root 11241100x8000000000000000407399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ca8e9a21635ca52021-12-21 10:41:31.194root 11241100x8000000000000000407400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327bd8564f48119a2021-12-21 10:41:31.194root 11241100x8000000000000000407401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85273a3e90b40cc62021-12-21 10:41:31.194root 11241100x8000000000000000407402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba6481a98d2f6892021-12-21 10:41:31.194root 11241100x8000000000000000407403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afe1a7bb16bf24922021-12-21 10:41:31.194root 11241100x8000000000000000407404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcb0a44794d617882021-12-21 10:41:31.194root 11241100x8000000000000000407405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc292eeec01de6c52021-12-21 10:41:31.194root 11241100x8000000000000000407406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca828dbfdfd1767d2021-12-21 10:41:31.194root 11241100x8000000000000000407407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cfe513cf9a7735c2021-12-21 10:41:31.194root 11241100x8000000000000000407408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d7227606b168eb52021-12-21 10:41:31.195root 11241100x8000000000000000407409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c6672fbe3cdab82021-12-21 10:41:31.195root 11241100x8000000000000000407410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.315c59c639aeb8532021-12-21 10:41:31.195root 11241100x8000000000000000407411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b449f15d6607614a2021-12-21 10:41:31.195root 11241100x8000000000000000407412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b8c821c7f45f0412021-12-21 10:41:31.195root 11241100x8000000000000000407413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d36efbcd7e537c2021-12-21 10:41:31.195root 11241100x8000000000000000407414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6ce9178b49cd552021-12-21 10:41:31.195root 11241100x8000000000000000407415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29c98489555970322021-12-21 10:41:31.195root 11241100x8000000000000000407416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b110ed964360cef2021-12-21 10:41:31.195root 11241100x8000000000000000407417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.686381c738d093802021-12-21 10:41:31.195root 11241100x8000000000000000407418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb5b6d91c87f44992021-12-21 10:41:31.196root 11241100x8000000000000000407419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a09f44b046a59c02021-12-21 10:41:31.196root 11241100x8000000000000000407420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e02f08f0b6c9e24e2021-12-21 10:41:31.196root 11241100x8000000000000000407421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa59a4ed4f0d7e912021-12-21 10:41:31.196root 11241100x8000000000000000407422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b76fe0046fe7162021-12-21 10:41:31.196root 11241100x8000000000000000407423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.807be12eedfae5902021-12-21 10:41:31.197root 11241100x8000000000000000407424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bcb8382eb4c430e2021-12-21 10:41:31.197root 11241100x8000000000000000407425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.172193460d275c362021-12-21 10:41:31.197root 11241100x8000000000000000407426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d726d7bb3a1bf02021-12-21 10:41:31.197root 11241100x8000000000000000407427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40985298022f51642021-12-21 10:41:31.197root 11241100x8000000000000000407428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f03a7109c864e1de2021-12-21 10:41:31.197root 11241100x8000000000000000407429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de3209256201c52e2021-12-21 10:41:31.197root 11241100x8000000000000000407430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e6a31075720f1142021-12-21 10:41:31.197root 11241100x8000000000000000407431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.633a16257b10258c2021-12-21 10:41:31.197root 11241100x8000000000000000407432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d583a884506f8932021-12-21 10:41:31.197root 11241100x8000000000000000407433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a320312ba858a86f2021-12-21 10:41:31.197root 11241100x8000000000000000407434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b32b78d7d2bd6e82021-12-21 10:41:31.197root 11241100x8000000000000000407435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.700d33a0329e9cf52021-12-21 10:41:31.197root 11241100x8000000000000000407436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f32a3d881984dcb2021-12-21 10:41:31.197root 11241100x8000000000000000407437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66afda1fd835324d2021-12-21 10:41:31.198root 11241100x8000000000000000407438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9dbfdea196008712021-12-21 10:41:31.198root 11241100x8000000000000000407439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf080e041ec971c2021-12-21 10:41:31.198root 11241100x8000000000000000407440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bcd763752802d2e2021-12-21 10:41:31.198root 11241100x8000000000000000407441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35dab35c7fdf9cb02021-12-21 10:41:31.198root 11241100x8000000000000000407442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d5bc7dbeae57582021-12-21 10:41:31.198root 11241100x8000000000000000407443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de9facc90eecb3832021-12-21 10:41:31.198root 11241100x8000000000000000407444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad497a3e818b566e2021-12-21 10:41:31.199root 11241100x8000000000000000407445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48675e3619c95e842021-12-21 10:41:31.199root 11241100x8000000000000000407446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ffbb7264706f532021-12-21 10:41:31.693root 11241100x8000000000000000407447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a8fb73128166732021-12-21 10:41:31.693root 11241100x8000000000000000407448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c673b790cc0a1b82021-12-21 10:41:31.693root 11241100x8000000000000000407449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e732283ec885a0992021-12-21 10:41:31.693root 11241100x8000000000000000407450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6837478bfe5e0fc2021-12-21 10:41:31.694root 11241100x8000000000000000407451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.196b14a87df6f7442021-12-21 10:41:31.694root 11241100x8000000000000000407452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9695793a456355d92021-12-21 10:41:31.694root 11241100x8000000000000000407453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc5afc6463f8f0a92021-12-21 10:41:31.694root 11241100x8000000000000000407454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f5f6973903aad22021-12-21 10:41:31.694root 11241100x8000000000000000407455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6afd5069b6e9460f2021-12-21 10:41:31.694root 11241100x8000000000000000407456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82030a4003ea3922021-12-21 10:41:31.694root 11241100x8000000000000000407457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e480fd70d9356a2021-12-21 10:41:31.694root 11241100x8000000000000000407458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b95171fc1d73a8be2021-12-21 10:41:31.694root 11241100x8000000000000000407459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd6739ba3584d6a2021-12-21 10:41:31.694root 11241100x8000000000000000407460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88c427c364dd83b92021-12-21 10:41:31.694root 11241100x8000000000000000407461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a255cee6f8797b2021-12-21 10:41:31.694root 11241100x8000000000000000407462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe83820502695c42021-12-21 10:41:31.694root 11241100x8000000000000000407463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65e9897d67217d082021-12-21 10:41:31.695root 11241100x8000000000000000407464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b73da3e97f58a52021-12-21 10:41:31.695root 11241100x8000000000000000407465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1037854fac97982021-12-21 10:41:31.695root 11241100x8000000000000000407466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56cb0aae386903752021-12-21 10:41:31.695root 11241100x8000000000000000407467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb716202302c35142021-12-21 10:41:31.695root 11241100x8000000000000000407468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6660c7854f02506e2021-12-21 10:41:31.695root 11241100x8000000000000000407469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ee8b5112e0d6c72021-12-21 10:41:31.695root 11241100x8000000000000000407470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82aa022dd20a17b72021-12-21 10:41:31.695root 11241100x8000000000000000407471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cfede3196e8078b2021-12-21 10:41:31.695root 11241100x8000000000000000407472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b3fc52c6c3297b42021-12-21 10:41:31.695root 11241100x8000000000000000407473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0afe5dafc7e2addf2021-12-21 10:41:31.695root 11241100x8000000000000000407474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e11e4a58ee90722021-12-21 10:41:31.695root 11241100x8000000000000000407475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ca407bcb9dd9df2021-12-21 10:41:32.193root 11241100x8000000000000000407476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5aa607e205ee7f2021-12-21 10:41:32.194root 11241100x8000000000000000407477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f235d5e7b670472021-12-21 10:41:32.194root 11241100x8000000000000000407478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9894bda5cdf4eedd2021-12-21 10:41:32.194root 11241100x8000000000000000407479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7284cc6131098ec2021-12-21 10:41:32.194root 11241100x8000000000000000407480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d4dfc678ad7f8a2021-12-21 10:41:32.194root 11241100x8000000000000000407481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3508b1153d52b9082021-12-21 10:41:32.194root 11241100x8000000000000000407482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.006e1acdcc599dec2021-12-21 10:41:32.194root 11241100x8000000000000000407483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b0b2d9233618f4e2021-12-21 10:41:32.194root 11241100x8000000000000000407484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a1e08032720830a2021-12-21 10:41:32.194root 11241100x8000000000000000407485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67206b696db6db6b2021-12-21 10:41:32.195root 11241100x8000000000000000407486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48570fc05c8242332021-12-21 10:41:32.195root 11241100x8000000000000000407487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3990b411475d0b7f2021-12-21 10:41:32.195root 11241100x8000000000000000407488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.036ef529785eb9972021-12-21 10:41:32.195root 11241100x8000000000000000407489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64e2000856708002021-12-21 10:41:32.195root 11241100x8000000000000000407490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.711f60eeb04c0b4f2021-12-21 10:41:32.195root 11241100x8000000000000000407491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1734ef4e322c93772021-12-21 10:41:32.195root 11241100x8000000000000000407492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e730772e6a36b79f2021-12-21 10:41:32.195root 11241100x8000000000000000407493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34635f7d07a52ee22021-12-21 10:41:32.195root 11241100x8000000000000000407494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f1c9fb0ec294b1f2021-12-21 10:41:32.195root 11241100x8000000000000000407495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf9f5b403eff7ac2021-12-21 10:41:32.195root 11241100x8000000000000000407496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7137a6af4980609b2021-12-21 10:41:32.195root 11241100x8000000000000000407497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d17e74b7a735f12021-12-21 10:41:32.195root 11241100x8000000000000000407498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f89b33c0ed02872021-12-21 10:41:32.196root 11241100x8000000000000000407499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79c048b86078d93f2021-12-21 10:41:32.196root 11241100x8000000000000000407500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d256c1965a5e7f42021-12-21 10:41:32.196root 11241100x8000000000000000407501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca0bdd6612a6abc32021-12-21 10:41:32.196root 11241100x8000000000000000407502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87aff50c230f5bfc2021-12-21 10:41:32.196root 11241100x8000000000000000407503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0f1ba62998235ac2021-12-21 10:41:32.196root 354300x8000000000000000407504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.235{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47464-false10.0.1.12-8000- 11241100x8000000000000000407505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99da3d50309e1ecb2021-12-21 10:41:32.693root 11241100x8000000000000000407506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c6f9c2710fe9482021-12-21 10:41:32.693root 11241100x8000000000000000407507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a71e15420bf3abac2021-12-21 10:41:32.693root 11241100x8000000000000000407508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6334041c2841ee862021-12-21 10:41:32.693root 11241100x8000000000000000407509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8bd2ea57c18df4b2021-12-21 10:41:32.694root 11241100x8000000000000000407510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.372719def6adc5c32021-12-21 10:41:32.694root 11241100x8000000000000000407511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.402460bc638773b12021-12-21 10:41:32.694root 11241100x8000000000000000407512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d60086d30624b12021-12-21 10:41:32.694root 11241100x8000000000000000407513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a2df3ae108281e2021-12-21 10:41:32.694root 11241100x8000000000000000407514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c3c76b3cebeeb92021-12-21 10:41:32.694root 11241100x8000000000000000407515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c93270a9ffbc052e2021-12-21 10:41:32.694root 11241100x8000000000000000407516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1b461ee7bc6406a2021-12-21 10:41:32.694root 11241100x8000000000000000407517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76e2486e6915c1522021-12-21 10:41:32.694root 11241100x8000000000000000407518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af363afca27893bb2021-12-21 10:41:32.694root 11241100x8000000000000000407519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.700fb70c3db040532021-12-21 10:41:32.694root 11241100x8000000000000000407520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d8e5684359ce022021-12-21 10:41:32.694root 11241100x8000000000000000407521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35591564eff81ca72021-12-21 10:41:32.694root 11241100x8000000000000000407522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa8ac35a62f81502021-12-21 10:41:32.694root 11241100x8000000000000000407523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c847906afcfaa62021-12-21 10:41:32.694root 11241100x8000000000000000407524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d473b2100b55e42021-12-21 10:41:32.695root 11241100x8000000000000000407525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07801693eb1715f32021-12-21 10:41:32.695root 11241100x8000000000000000407526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d74242b2d5d17052021-12-21 10:41:32.695root 11241100x8000000000000000407527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601f29cd7b7672592021-12-21 10:41:32.695root 11241100x8000000000000000407528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.133764a5b53ec3ce2021-12-21 10:41:32.695root 11241100x8000000000000000407529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5422f73dca7fd3062021-12-21 10:41:32.695root 11241100x8000000000000000407530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f6c9038c39ca2cb2021-12-21 10:41:32.695root 11241100x8000000000000000407531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de0bab4f4eeb1a72021-12-21 10:41:32.695root 11241100x8000000000000000407532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be2443cb1b4294b2021-12-21 10:41:32.695root 11241100x8000000000000000407533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.776d60be056ec4d52021-12-21 10:41:32.695root 11241100x8000000000000000407534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64aaa5593f00e2822021-12-21 10:41:32.695root 11241100x8000000000000000407535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ed167332a4d1b142021-12-21 10:41:33.193root 11241100x8000000000000000407536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e5364dd4d6f4af2021-12-21 10:41:33.193root 11241100x8000000000000000407537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eabdc3f3a34151362021-12-21 10:41:33.193root 11241100x8000000000000000407538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3630e71b93319bea2021-12-21 10:41:33.193root 11241100x8000000000000000407539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a95d96f48e83e42021-12-21 10:41:33.193root 11241100x8000000000000000407540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d80543264b2c582f2021-12-21 10:41:33.194root 11241100x8000000000000000407541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35ed88dec2638f262021-12-21 10:41:33.194root 11241100x8000000000000000407542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4fed08618024932021-12-21 10:41:33.194root 11241100x8000000000000000407543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba6a18adcdc56a92021-12-21 10:41:33.194root 11241100x8000000000000000407544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d5244f1188b9be52021-12-21 10:41:33.194root 11241100x8000000000000000407545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b51195691a38b1f12021-12-21 10:41:33.194root 11241100x8000000000000000407546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a51da3cb449e702021-12-21 10:41:33.194root 11241100x8000000000000000407547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3261e12eca28d042021-12-21 10:41:33.194root 11241100x8000000000000000407548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbc1f65dbeb6fcdc2021-12-21 10:41:33.194root 11241100x8000000000000000407549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.988bd7c1b4fe343c2021-12-21 10:41:33.194root 11241100x8000000000000000407550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.284b71495887a6a02021-12-21 10:41:33.194root 11241100x8000000000000000407551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c409c4a8597f84852021-12-21 10:41:33.195root 11241100x8000000000000000407552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2051ad3aa3fcced2021-12-21 10:41:33.195root 11241100x8000000000000000407553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc347a0387a1b1242021-12-21 10:41:33.195root 11241100x8000000000000000407554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.149f10e14bff00a42021-12-21 10:41:33.195root 11241100x8000000000000000407555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4708e40a3a60332021-12-21 10:41:33.195root 11241100x8000000000000000407556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9367f2f2fdb3b492021-12-21 10:41:33.195root 11241100x8000000000000000407557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de71e9e1f7deadde2021-12-21 10:41:33.195root 11241100x8000000000000000407558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.220b42fcf9a53ee62021-12-21 10:41:33.195root 11241100x8000000000000000407559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53de064cd493b032021-12-21 10:41:33.195root 11241100x8000000000000000407560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b00229e2d987574c2021-12-21 10:41:33.196root 11241100x8000000000000000407561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20df4bc3057cd40c2021-12-21 10:41:33.196root 11241100x8000000000000000407562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37d6ee04f1d8a6e2021-12-21 10:41:33.196root 11241100x8000000000000000407563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1fd658edfbae6f12021-12-21 10:41:33.196root 11241100x8000000000000000407564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c7f7943e5689482021-12-21 10:41:33.196root 11241100x8000000000000000407565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a24f1fd2c920f9dd2021-12-21 10:41:33.693root 11241100x8000000000000000407566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd712d5605cbccd32021-12-21 10:41:33.694root 11241100x8000000000000000407567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e66c54f8233437b2021-12-21 10:41:33.694root 11241100x8000000000000000407568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f98ac9939b5b63e2021-12-21 10:41:33.694root 11241100x8000000000000000407569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5eee57ebae98cdc2021-12-21 10:41:33.694root 11241100x8000000000000000407570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440fe600173479c92021-12-21 10:41:33.695root 11241100x8000000000000000407571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.278f8ac76f6103262021-12-21 10:41:33.695root 11241100x8000000000000000407572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09b94e3b36790d522021-12-21 10:41:33.695root 11241100x8000000000000000407573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5af85041d27ba0b2021-12-21 10:41:33.695root 11241100x8000000000000000407574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c75ebc7956e554c62021-12-21 10:41:33.695root 11241100x8000000000000000407575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b85dba64079ba42021-12-21 10:41:33.695root 11241100x8000000000000000407576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d222e956c0960cb22021-12-21 10:41:33.695root 11241100x8000000000000000407577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50640229cf15d55c2021-12-21 10:41:33.695root 11241100x8000000000000000407578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b72b3e8a46d9d3f22021-12-21 10:41:33.695root 11241100x8000000000000000407579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6bf14d338be901e2021-12-21 10:41:33.695root 11241100x8000000000000000407580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb1f7580d3079932021-12-21 10:41:33.696root 11241100x8000000000000000407581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b155d3668aff718a2021-12-21 10:41:33.696root 11241100x8000000000000000407582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e016497b16e3875f2021-12-21 10:41:33.696root 11241100x8000000000000000407583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84aa3bc353d6f5912021-12-21 10:41:33.696root 11241100x8000000000000000407584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a109532474933d742021-12-21 10:41:33.696root 11241100x8000000000000000407585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a74b5e2e1a07b332021-12-21 10:41:33.696root 11241100x8000000000000000407586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2cb1a5ba9455fd32021-12-21 10:41:33.696root 11241100x8000000000000000407587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc765c674024ca5c2021-12-21 10:41:33.696root 11241100x8000000000000000407588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa65802c9a8c2052021-12-21 10:41:33.696root 11241100x8000000000000000407589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf5fae1cdb286cef2021-12-21 10:41:33.696root 11241100x8000000000000000407590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35822de01e9828562021-12-21 10:41:33.697root 11241100x8000000000000000407591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01436aa3c9967aca2021-12-21 10:41:33.697root 11241100x8000000000000000407592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b04f832bdba00d2021-12-21 10:41:33.697root 11241100x8000000000000000407593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4245ea39dbda15522021-12-21 10:41:33.697root 11241100x8000000000000000407594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:33.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e3b7aa57e653d812021-12-21 10:41:33.697root 11241100x8000000000000000407595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b161baa5147c7b2021-12-21 10:41:34.193root 11241100x8000000000000000407596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7eb55675f5451a22021-12-21 10:41:34.193root 11241100x8000000000000000407597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e6f2bfb0538a02e2021-12-21 10:41:34.193root 11241100x8000000000000000407598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb8ef35ae63946b92021-12-21 10:41:34.194root 11241100x8000000000000000407599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.710bc90e88fe403e2021-12-21 10:41:34.194root 11241100x8000000000000000407600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2b925df8f56e6e2021-12-21 10:41:34.194root 11241100x8000000000000000407601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4462f8f0c11b7cc2021-12-21 10:41:34.194root 11241100x8000000000000000407602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f525e12b011968772021-12-21 10:41:34.194root 11241100x8000000000000000407603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99328639cd1634322021-12-21 10:41:34.195root 11241100x8000000000000000407604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4893366d455540f2021-12-21 10:41:34.195root 11241100x8000000000000000407605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08be08089e8e643b2021-12-21 10:41:34.195root 11241100x8000000000000000407606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad523160bda169b12021-12-21 10:41:34.195root 11241100x8000000000000000407607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.303520f43387a4772021-12-21 10:41:34.195root 11241100x8000000000000000407608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d95f244dbc098e82021-12-21 10:41:34.195root 11241100x8000000000000000407609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3685e3530a6f962c2021-12-21 10:41:34.195root 11241100x8000000000000000407610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.139eb9773fc24e962021-12-21 10:41:34.195root 11241100x8000000000000000407611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d780de738b3b55f2021-12-21 10:41:34.195root 11241100x8000000000000000407612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36df38ffd40d53d02021-12-21 10:41:34.195root 11241100x8000000000000000407613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.334e0f8f240416e92021-12-21 10:41:34.195root 11241100x8000000000000000407614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd4eda3ba9a37fd12021-12-21 10:41:34.195root 11241100x8000000000000000407615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17eb91640e828a32021-12-21 10:41:34.195root 11241100x8000000000000000407616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c902826e9dc38f2021-12-21 10:41:34.195root 11241100x8000000000000000407617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a249cb33aeda092e2021-12-21 10:41:34.196root 11241100x8000000000000000407618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b43995cdf7638d562021-12-21 10:41:34.196root 11241100x8000000000000000407619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f8083febf532622021-12-21 10:41:34.196root 11241100x8000000000000000407620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69ccd1cb671d47002021-12-21 10:41:34.196root 11241100x8000000000000000407621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe1d843f56a494e2021-12-21 10:41:34.196root 11241100x8000000000000000407622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181191de568964342021-12-21 10:41:34.196root 11241100x8000000000000000407623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d6d9d88f4120f782021-12-21 10:41:34.196root 11241100x8000000000000000407624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.105c7fb37a0d82da2021-12-21 10:41:34.196root 11241100x8000000000000000407625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5aebda213bd1e2e2021-12-21 10:41:34.196root 11241100x8000000000000000407626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752d0ab1f97095f82021-12-21 10:41:34.196root 11241100x8000000000000000407627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9521a67022eb7bb02021-12-21 10:41:34.196root 11241100x8000000000000000407628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee523e50411890be2021-12-21 10:41:34.196root 11241100x8000000000000000407629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53afefab843ba0052021-12-21 10:41:34.196root 11241100x8000000000000000407630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed1e3f99999bd3cb2021-12-21 10:41:34.196root 11241100x8000000000000000407631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecaf69c1cdf092ea2021-12-21 10:41:34.693root 11241100x8000000000000000407632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13174822042e9d62021-12-21 10:41:34.693root 11241100x8000000000000000407633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8edb75fc721b5b9a2021-12-21 10:41:34.693root 11241100x8000000000000000407634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66b7c37f428b7a202021-12-21 10:41:34.693root 11241100x8000000000000000407635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c181db2b37119842021-12-21 10:41:34.693root 11241100x8000000000000000407636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.983b87ebf924fd1e2021-12-21 10:41:34.693root 11241100x8000000000000000407637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93e32e47163c32a2021-12-21 10:41:34.693root 11241100x8000000000000000407638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faba5c883fc2d8622021-12-21 10:41:34.693root 11241100x8000000000000000407639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3471a758d83613f2021-12-21 10:41:34.693root 11241100x8000000000000000407640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a7bd0c1b39a82a12021-12-21 10:41:34.694root 11241100x8000000000000000407641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0079e9d349a14c002021-12-21 10:41:34.694root 11241100x8000000000000000407642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d02101e61e43062021-12-21 10:41:34.694root 11241100x8000000000000000407643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f82ef73ed1b2502021-12-21 10:41:34.695root 11241100x8000000000000000407644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5efe73044030000a2021-12-21 10:41:34.695root 11241100x8000000000000000407645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb216c165246c632021-12-21 10:41:34.695root 11241100x8000000000000000407646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9bf98b8e0c3c5432021-12-21 10:41:34.695root 11241100x8000000000000000407647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b01ba8f9b2f15832021-12-21 10:41:34.695root 11241100x8000000000000000407648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b780022573eac8c32021-12-21 10:41:34.696root 11241100x8000000000000000407649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9887530c8814b84e2021-12-21 10:41:34.696root 11241100x8000000000000000407650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e21cb384c4b8ab502021-12-21 10:41:34.696root 11241100x8000000000000000407651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02022dd7dcacab4c2021-12-21 10:41:34.698root 11241100x8000000000000000407652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe2652bf0abcdda2021-12-21 10:41:34.698root 11241100x8000000000000000407653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.845e047e18b45c2c2021-12-21 10:41:34.698root 11241100x8000000000000000407654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd56dd8578e055e2021-12-21 10:41:34.698root 11241100x8000000000000000407655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76536170c644d9ef2021-12-21 10:41:34.698root 11241100x8000000000000000407656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72cc9aa475ced8402021-12-21 10:41:34.698root 11241100x8000000000000000407657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.867ea528b03fe44a2021-12-21 10:41:34.699root 11241100x8000000000000000407658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29c8cce6d497f49a2021-12-21 10:41:34.699root 11241100x8000000000000000407659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a3419516c4677272021-12-21 10:41:34.699root 11241100x8000000000000000407660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d960b287c72d9e2021-12-21 10:41:34.699root 11241100x8000000000000000407661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8fca76c8d7a8022021-12-21 10:41:34.700root 11241100x8000000000000000407662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.707aab64777fed352021-12-21 10:41:34.700root 11241100x8000000000000000407663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92bda118c6ebfc6e2021-12-21 10:41:34.700root 11241100x8000000000000000407664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03f434026a812382021-12-21 10:41:34.700root 11241100x8000000000000000407665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e372dbc406ab2e2021-12-21 10:41:34.700root 11241100x8000000000000000407666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b7a03cb9a3d6aeb2021-12-21 10:41:34.701root 11241100x8000000000000000407667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.397832031ec187a52021-12-21 10:41:34.701root 11241100x8000000000000000407668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3164ce51577228682021-12-21 10:41:34.701root 11241100x8000000000000000407669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b18293e3dfa7432021-12-21 10:41:34.703root 11241100x8000000000000000407670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d62e74bf236581d2021-12-21 10:41:34.703root 11241100x8000000000000000407671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a61f6bf7218ef6d82021-12-21 10:41:34.703root 11241100x8000000000000000407672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3848b2643c115dd92021-12-21 10:41:34.703root 11241100x8000000000000000407673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c85239e71e7c3b52021-12-21 10:41:34.704root 11241100x8000000000000000407674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cb8fff47f5543eb2021-12-21 10:41:34.704root 11241100x8000000000000000407675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c1830158872ed42021-12-21 10:41:34.704root 11241100x8000000000000000407676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd677f88dcd224602021-12-21 10:41:34.704root 11241100x8000000000000000407677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20f30e1bbfd60a052021-12-21 10:41:34.704root 11241100x8000000000000000407678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db5294de43e97e422021-12-21 10:41:34.704root 11241100x8000000000000000407679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989637e7354422712021-12-21 10:41:34.705root 11241100x8000000000000000407680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31f2544f88e0731a2021-12-21 10:41:34.705root 11241100x8000000000000000407681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.631753f0690ad9622021-12-21 10:41:34.705root 11241100x8000000000000000407682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd27b29f304375ff2021-12-21 10:41:34.705root 11241100x8000000000000000407683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac9d80510150dde42021-12-21 10:41:34.705root 11241100x8000000000000000407684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7bc4ff387b3d88e2021-12-21 10:41:34.707root 11241100x8000000000000000407685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536888c13ef7d2922021-12-21 10:41:34.707root 11241100x8000000000000000407686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fabcaf808dfe249d2021-12-21 10:41:34.708root 11241100x8000000000000000407687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d430877dc37dac2021-12-21 10:41:34.708root 11241100x8000000000000000407688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6bdeb2ee5f54fe32021-12-21 10:41:34.708root 11241100x8000000000000000407689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd1ae5744c9063ad2021-12-21 10:41:34.708root 11241100x8000000000000000407690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2264c6b8e47f23e2021-12-21 10:41:34.708root 11241100x8000000000000000407691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cef6c5ced4885212021-12-21 10:41:34.708root 11241100x8000000000000000407692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a89ae61a709ea03f2021-12-21 10:41:34.709root 11241100x8000000000000000407693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e143691a04c97992021-12-21 10:41:34.709root 11241100x8000000000000000407694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93480eefdc35efbc2021-12-21 10:41:34.709root 11241100x8000000000000000407695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7c79baad011a7e2021-12-21 10:41:34.710root 11241100x8000000000000000407696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bac8751943a9d352021-12-21 10:41:34.710root 11241100x8000000000000000407697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.711{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0378f55be6f184b52021-12-21 10:41:34.711root 11241100x8000000000000000407698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.711{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c70a8a9f543e70f2021-12-21 10:41:34.711root 11241100x8000000000000000407699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae87c5815670be6c2021-12-21 10:41:34.712root 11241100x8000000000000000407700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e427d58b6a26ae02021-12-21 10:41:34.712root 11241100x8000000000000000407701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1764836ac70fd2422021-12-21 10:41:34.714root 11241100x8000000000000000407702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e8f95a1cd5b4112021-12-21 10:41:34.714root 11241100x8000000000000000407703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2fde937acf815442021-12-21 10:41:34.714root 11241100x8000000000000000407704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44187d9952a832282021-12-21 10:41:34.714root 11241100x8000000000000000407705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd0d42c125eee802021-12-21 10:41:34.715root 11241100x8000000000000000407706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5751fbb54373037f2021-12-21 10:41:34.715root 11241100x8000000000000000407707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2293717df20bbabc2021-12-21 10:41:34.710root 11241100x8000000000000000407708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3651d2b973e74eac2021-12-21 10:41:34.710root 11241100x8000000000000000407709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e7df4c46e6d9ca02021-12-21 10:41:34.710root 11241100x8000000000000000407710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8601df33317c2ab02021-12-21 10:41:34.716root 11241100x8000000000000000407711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14473b32c7efaf802021-12-21 10:41:34.717root 11241100x8000000000000000407712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e94d0899d9cb0b2021-12-21 10:41:34.717root 11241100x8000000000000000407713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7438dccac10991ad2021-12-21 10:41:34.717root 11241100x8000000000000000407714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3ca706bd2dc1bb2021-12-21 10:41:34.717root 11241100x8000000000000000407715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd5583f234f3d95c2021-12-21 10:41:34.717root 11241100x8000000000000000407716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef1f2a617a2a63042021-12-21 10:41:34.717root 11241100x8000000000000000407717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8fbdfb3c6ab9a592021-12-21 10:41:34.718root 11241100x8000000000000000407718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec8112cf65e8e8b22021-12-21 10:41:34.719root 11241100x8000000000000000407719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05333bbb2d92d4552021-12-21 10:41:34.719root 11241100x8000000000000000407720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dfa6a9fa8b5e12a2021-12-21 10:41:34.719root 11241100x8000000000000000407721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b73c78ea65d4a332021-12-21 10:41:34.719root 11241100x8000000000000000407722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53535003fc1eb8a12021-12-21 10:41:34.719root 11241100x8000000000000000407723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe0f82ef11290a32021-12-21 10:41:34.719root 11241100x8000000000000000407724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff81c533edb5bc172021-12-21 10:41:34.719root 11241100x8000000000000000407725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0edae16ab888d9412021-12-21 10:41:34.720root 11241100x8000000000000000407726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad462a9c8b91b9462021-12-21 10:41:34.720root 11241100x8000000000000000407727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed6ef4eb894fe0b22021-12-21 10:41:34.720root 11241100x8000000000000000407728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.721{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c302a18e89adbe802021-12-21 10:41:34.721root 11241100x8000000000000000407729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.721{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a388c0c438244622021-12-21 10:41:34.721root 11241100x8000000000000000407730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e60d766b43f78d22021-12-21 10:41:34.722root 11241100x8000000000000000407731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1a4c8f7de140512021-12-21 10:41:34.722root 11241100x8000000000000000407732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:34.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a30a7bb9b5ca2f2021-12-21 10:41:34.722root 11241100x8000000000000000407733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4988c7a3aeaee3a72021-12-21 10:41:35.193root 11241100x8000000000000000407734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d23cae3a8b171b8f2021-12-21 10:41:35.193root 11241100x8000000000000000407735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a37da7a64e9bc742021-12-21 10:41:35.193root 11241100x8000000000000000407736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9829a11598f453b02021-12-21 10:41:35.193root 11241100x8000000000000000407737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cdf5caf0a5bc1412021-12-21 10:41:35.193root 11241100x8000000000000000407738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.890d0ecbb014ac752021-12-21 10:41:35.193root 11241100x8000000000000000407739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.512bcc85dcc5056b2021-12-21 10:41:35.193root 11241100x8000000000000000407740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536fe858b8ce25922021-12-21 10:41:35.193root 11241100x8000000000000000407741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4781fc005fa6db9f2021-12-21 10:41:35.193root 11241100x8000000000000000407742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f2d3be05aae1e0e2021-12-21 10:41:35.193root 11241100x8000000000000000407743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44d6a042fb6455d52021-12-21 10:41:35.193root 11241100x8000000000000000407744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af2da3afc5681e02021-12-21 10:41:35.194root 11241100x8000000000000000407745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b5f30d56e5851e92021-12-21 10:41:35.194root 11241100x8000000000000000407746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fba1236301414bf32021-12-21 10:41:35.194root 11241100x8000000000000000407747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f260ae768648d262021-12-21 10:41:35.194root 11241100x8000000000000000407748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30b920a8de1a419e2021-12-21 10:41:35.194root 11241100x8000000000000000407749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfd69b6addf6dbab2021-12-21 10:41:35.194root 11241100x8000000000000000407750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3b7eaa8ad17b1132021-12-21 10:41:35.194root 11241100x8000000000000000407751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a91e4f3efdcc87942021-12-21 10:41:35.194root 11241100x8000000000000000407752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f9a7482c95dc7952021-12-21 10:41:35.194root 11241100x8000000000000000407753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8029522809e4952c2021-12-21 10:41:35.194root 11241100x8000000000000000407754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a3d2c35af27f66d2021-12-21 10:41:35.194root 11241100x8000000000000000407755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ba268b1898dcad2021-12-21 10:41:35.195root 11241100x8000000000000000407756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ce5c866208c0e262021-12-21 10:41:35.195root 11241100x8000000000000000407757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81036820d33d2e7a2021-12-21 10:41:35.195root 11241100x8000000000000000407758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c07282353b5bad2021-12-21 10:41:35.195root 11241100x8000000000000000407759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4bbe6feb0cb15032021-12-21 10:41:35.195root 11241100x8000000000000000407760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e23b27b63b9770692021-12-21 10:41:35.195root 11241100x8000000000000000407761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c7a781aa3c73342021-12-21 10:41:35.195root 11241100x8000000000000000407762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3149c0f8b2a7e7822021-12-21 10:41:35.195root 11241100x8000000000000000407763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf054edda7831c8f2021-12-21 10:41:35.195root 11241100x8000000000000000407764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2adc3ef22d1a0d472021-12-21 10:41:35.195root 11241100x8000000000000000407765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c941caa9071b26d2021-12-21 10:41:35.195root 11241100x8000000000000000407766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5ee4b95b5f71bba2021-12-21 10:41:35.195root 11241100x8000000000000000407767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dfa20fb139c4feb2021-12-21 10:41:35.195root 11241100x8000000000000000407768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d2949fd6cb5d5132021-12-21 10:41:35.195root 11241100x8000000000000000407769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd8e29c65b4afba82021-12-21 10:41:35.196root 11241100x8000000000000000407770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b8a4109a968e702021-12-21 10:41:35.693root 11241100x8000000000000000407771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af9a8dd3b4f6b7c2021-12-21 10:41:35.693root 11241100x8000000000000000407772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d7d4e319aa5594a2021-12-21 10:41:35.694root 11241100x8000000000000000407773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7c2e9241045db02021-12-21 10:41:35.694root 11241100x8000000000000000407774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.145d62ba9726e38f2021-12-21 10:41:35.694root 11241100x8000000000000000407775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e014184e7d88d3b02021-12-21 10:41:35.694root 11241100x8000000000000000407776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695a21454e53f1b62021-12-21 10:41:35.694root 11241100x8000000000000000407777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a096701a0be00072021-12-21 10:41:35.694root 11241100x8000000000000000407778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00a5cc93448f693d2021-12-21 10:41:35.694root 11241100x8000000000000000407779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.503844bfd348e2d22021-12-21 10:41:35.694root 11241100x8000000000000000407780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e711b3e5c9e4d32021-12-21 10:41:35.694root 11241100x8000000000000000407781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ff27e8509d7b3362021-12-21 10:41:35.694root 11241100x8000000000000000407782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf91060210a88ad02021-12-21 10:41:35.694root 11241100x8000000000000000407783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db87fb2df292a5552021-12-21 10:41:35.694root 11241100x8000000000000000407784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f203022cd9ea7382021-12-21 10:41:35.694root 11241100x8000000000000000407785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c40e31604bce1412021-12-21 10:41:35.694root 11241100x8000000000000000407786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae4a9498d945232d2021-12-21 10:41:35.694root 11241100x8000000000000000407787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3664a1b1c1e019ca2021-12-21 10:41:35.695root 11241100x8000000000000000407788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.495c02ad0752b0422021-12-21 10:41:35.695root 11241100x8000000000000000407789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.777c2782723342d62021-12-21 10:41:35.695root 11241100x8000000000000000407790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b3b5fef2dcf44402021-12-21 10:41:35.695root 11241100x8000000000000000407791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c24730ed07167eb02021-12-21 10:41:35.695root 11241100x8000000000000000407792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e38ce5c592b62bb2021-12-21 10:41:35.695root 11241100x8000000000000000407793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61fe51e9d62192de2021-12-21 10:41:35.695root 11241100x8000000000000000407794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30685b81e90fef542021-12-21 10:41:35.695root 11241100x8000000000000000407795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44984f49497529ac2021-12-21 10:41:35.695root 11241100x8000000000000000407796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f6f571a4085e102021-12-21 10:41:35.695root 11241100x8000000000000000407797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9446567a91f556bd2021-12-21 10:41:35.695root 11241100x8000000000000000407798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2cde11547987a122021-12-21 10:41:35.695root 11241100x8000000000000000407799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a208e9c1a01ba82021-12-21 10:41:35.695root 11241100x8000000000000000407800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf393eb15a8f14b2021-12-21 10:41:35.695root 11241100x8000000000000000407801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c573c70b6427d0d2021-12-21 10:41:35.696root 11241100x8000000000000000407802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde3bb2147fe4b512021-12-21 10:41:35.696root 11241100x8000000000000000407803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055d8b62eb75fe302021-12-21 10:41:35.696root 11241100x8000000000000000407804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f3fc0f38f35acd82021-12-21 10:41:36.193root 11241100x8000000000000000407805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b6cd7d5e7ac6f382021-12-21 10:41:36.193root 11241100x8000000000000000407806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc2488fc40841a42021-12-21 10:41:36.193root 11241100x8000000000000000407807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41108168d0c587b62021-12-21 10:41:36.193root 11241100x8000000000000000407808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd922de949fc89b2021-12-21 10:41:36.193root 11241100x8000000000000000407809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc268660057f40d2021-12-21 10:41:36.196root 11241100x8000000000000000407810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf689e539c48f592021-12-21 10:41:36.196root 11241100x8000000000000000407811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3fdb945d5d8d4ef2021-12-21 10:41:36.196root 11241100x8000000000000000407812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091ff19af864c74b2021-12-21 10:41:36.196root 11241100x8000000000000000407813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b7ce4d2ca6c68582021-12-21 10:41:36.196root 11241100x8000000000000000407814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd1e89fff919005e2021-12-21 10:41:36.196root 11241100x8000000000000000407815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d80c2ac72d367f82021-12-21 10:41:36.196root 11241100x8000000000000000407816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe41498ea1396ff2021-12-21 10:41:36.196root 11241100x8000000000000000407817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f70be539e78701e2021-12-21 10:41:36.196root 11241100x8000000000000000407818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b221570b94a143f12021-12-21 10:41:36.196root 11241100x8000000000000000407819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9759c49f99723fe02021-12-21 10:41:36.196root 11241100x8000000000000000407820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f48aec65577c9b262021-12-21 10:41:36.196root 11241100x8000000000000000407821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a513141a1c56b0a12021-12-21 10:41:36.197root 11241100x8000000000000000407822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6452fd43ccca1f8e2021-12-21 10:41:36.197root 11241100x8000000000000000407823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef17f81c219a32a2021-12-21 10:41:36.197root 11241100x8000000000000000407824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33cefe41b75dbf252021-12-21 10:41:36.197root 11241100x8000000000000000407825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b707c8d19e1b60242021-12-21 10:41:36.197root 11241100x8000000000000000407826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb9249230f4b29282021-12-21 10:41:36.197root 11241100x8000000000000000407827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c085383d5550972021-12-21 10:41:36.197root 11241100x8000000000000000407828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029752d0a5d24a5a2021-12-21 10:41:36.197root 11241100x8000000000000000407829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccde9c5598765bf72021-12-21 10:41:36.197root 11241100x8000000000000000407830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.854701739c0d7dfc2021-12-21 10:41:36.197root 11241100x8000000000000000407831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a78ce98688b96d7f2021-12-21 10:41:36.197root 11241100x8000000000000000407832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f4405dba4ed57a2021-12-21 10:41:36.197root 11241100x8000000000000000407833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4554d9f62b6f67fb2021-12-21 10:41:36.197root 11241100x8000000000000000407834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92b58b0f6fc514b22021-12-21 10:41:36.197root 11241100x8000000000000000407835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.345{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 10:41:36.345root 11241100x8000000000000000407836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.864dd03eaa209eaa2021-12-21 10:41:36.693root 11241100x8000000000000000407837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4758576f12d0c1b12021-12-21 10:41:36.693root 11241100x8000000000000000407838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a71adc48be01814c2021-12-21 10:41:36.693root 11241100x8000000000000000407839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75fbbcbb58b661d82021-12-21 10:41:36.694root 11241100x8000000000000000407840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34010e6f106245782021-12-21 10:41:36.694root 11241100x8000000000000000407841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0637433ba9a89a7f2021-12-21 10:41:36.694root 11241100x8000000000000000407842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf9913202defcc72021-12-21 10:41:36.694root 11241100x8000000000000000407843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca78b83fc2bdecf2021-12-21 10:41:36.694root 11241100x8000000000000000407844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8968f97fd1e5f0272021-12-21 10:41:36.694root 11241100x8000000000000000407845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd27e5fc5cff09e2021-12-21 10:41:36.694root 11241100x8000000000000000407846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a750ef910638a0bc2021-12-21 10:41:36.694root 11241100x8000000000000000407847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f31e6184961154da2021-12-21 10:41:36.694root 11241100x8000000000000000407848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071ea66efc77eac42021-12-21 10:41:36.694root 11241100x8000000000000000407849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a444228430f979d72021-12-21 10:41:36.694root 11241100x8000000000000000407850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd9fa6cdcebbde52021-12-21 10:41:36.694root 11241100x8000000000000000407851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c15eefe91ecda0de2021-12-21 10:41:36.694root 11241100x8000000000000000407852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9828cc7e89cd8bb92021-12-21 10:41:36.694root 11241100x8000000000000000407853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d36079eaa8d68932021-12-21 10:41:36.694root 11241100x8000000000000000407854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8546547785e442102021-12-21 10:41:36.694root 11241100x8000000000000000407855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f55190cf9b5b8672021-12-21 10:41:36.695root 11241100x8000000000000000407856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926a6bbcd13476042021-12-21 10:41:36.695root 11241100x8000000000000000407857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d28b7e2fdb6630b2021-12-21 10:41:36.695root 11241100x8000000000000000407858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b0e1eb4a08c3d72021-12-21 10:41:36.695root 11241100x8000000000000000407859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da9d13b9710f24fe2021-12-21 10:41:36.695root 11241100x8000000000000000407860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f36037a6f6a2e59c2021-12-21 10:41:36.695root 11241100x8000000000000000407861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c61a5de2955d26c2021-12-21 10:41:36.695root 11241100x8000000000000000407862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed9a148be260a3e2021-12-21 10:41:36.695root 11241100x8000000000000000407863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b671902b7180f012021-12-21 10:41:36.695root 11241100x8000000000000000407864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b94d03a2a1d3fcf2021-12-21 10:41:36.695root 11241100x8000000000000000407865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c6b560f597b68112021-12-21 10:41:36.695root 11241100x8000000000000000407866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:36.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3da3d570af4ad6a2021-12-21 10:41:36.696root 11241100x8000000000000000407867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf9ddc0b0abaa592021-12-21 10:41:37.193root 11241100x8000000000000000407868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5439155a6b5cffa82021-12-21 10:41:37.193root 11241100x8000000000000000407869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e6dde65e3587b2d2021-12-21 10:41:37.193root 11241100x8000000000000000407870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0032bfb82a11cde82021-12-21 10:41:37.193root 11241100x8000000000000000407871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d7aaba16cf6dff2021-12-21 10:41:37.193root 11241100x8000000000000000407872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3aba75a016790032021-12-21 10:41:37.193root 11241100x8000000000000000407873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b62d6f56d2e3fd02021-12-21 10:41:37.193root 11241100x8000000000000000407874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee1b1e2f4e76bf52021-12-21 10:41:37.194root 11241100x8000000000000000407875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e71e7d3d6180b42021-12-21 10:41:37.194root 11241100x8000000000000000407876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56dec4067326828b2021-12-21 10:41:37.194root 11241100x8000000000000000407877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15eed7f23ca59fe72021-12-21 10:41:37.194root 11241100x8000000000000000407878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d781425dc8b6e292021-12-21 10:41:37.194root 11241100x8000000000000000407879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e778dec58a92d72021-12-21 10:41:37.194root 11241100x8000000000000000407880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b250123c266ed9e2021-12-21 10:41:37.195root 11241100x8000000000000000407881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e7121cdab8ec2dd2021-12-21 10:41:37.195root 11241100x8000000000000000407882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b4839a8b13ef9b52021-12-21 10:41:37.195root 11241100x8000000000000000407883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7994f8916e6463822021-12-21 10:41:37.195root 11241100x8000000000000000407884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18eb04684cf7d8c2021-12-21 10:41:37.195root 11241100x8000000000000000407885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea046b1af7ef99a2021-12-21 10:41:37.196root 11241100x8000000000000000407886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46ff530b3865905f2021-12-21 10:41:37.196root 11241100x8000000000000000407887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4c9088b20e8194e2021-12-21 10:41:37.196root 11241100x8000000000000000407888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9440c9221b847ca32021-12-21 10:41:37.196root 11241100x8000000000000000407889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e0610fb97e8e5392021-12-21 10:41:37.196root 11241100x8000000000000000407890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c77ca97a7ad9002021-12-21 10:41:37.196root 11241100x8000000000000000407891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7266929a2e1f63242021-12-21 10:41:37.196root 11241100x8000000000000000407892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35939509724f8c8a2021-12-21 10:41:37.196root 11241100x8000000000000000407893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59eff8faf2e199af2021-12-21 10:41:37.196root 11241100x8000000000000000407894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242d732500483e2f2021-12-21 10:41:37.196root 11241100x8000000000000000407895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9fbc65c167950612021-12-21 10:41:37.196root 11241100x8000000000000000407896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a299d91b80b8f96a2021-12-21 10:41:37.197root 11241100x8000000000000000407897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c52a734a296461d2021-12-21 10:41:37.197root 11241100x8000000000000000407898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.493c2286971984912021-12-21 10:41:37.198root 11241100x8000000000000000407899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ab95e35f29abcc2021-12-21 10:41:37.198root 11241100x8000000000000000407900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed55b6b986449b4c2021-12-21 10:41:37.198root 11241100x8000000000000000407901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6f1cb5d18069fe2021-12-21 10:41:37.198root 11241100x8000000000000000407902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3188ab5ad874a62021-12-21 10:41:37.693root 11241100x8000000000000000407903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8820566198ecf0132021-12-21 10:41:37.694root 11241100x8000000000000000407904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.099f4b2362f149462021-12-21 10:41:37.694root 11241100x8000000000000000407905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.182bbd62382c73742021-12-21 10:41:37.694root 11241100x8000000000000000407906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c3504e0699e52ca2021-12-21 10:41:37.694root 11241100x8000000000000000407907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e5b50c1615ddb52021-12-21 10:41:37.695root 11241100x8000000000000000407908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d308250111f45ac92021-12-21 10:41:37.695root 11241100x8000000000000000407909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a0d6dd1e23ed6c2021-12-21 10:41:37.695root 11241100x8000000000000000407910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37898106c638941a2021-12-21 10:41:37.695root 11241100x8000000000000000407911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31233eb2dbbc01842021-12-21 10:41:37.695root 11241100x8000000000000000407912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47d9675eded87bf2021-12-21 10:41:37.695root 11241100x8000000000000000407913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a184fc893c6f952021-12-21 10:41:37.695root 11241100x8000000000000000407914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfa39815aeef71222021-12-21 10:41:37.696root 11241100x8000000000000000407915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47be274c06926cf32021-12-21 10:41:37.696root 11241100x8000000000000000407916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c056a5ff5a37834b2021-12-21 10:41:37.696root 11241100x8000000000000000407917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7ab6f4b9cb9534b2021-12-21 10:41:37.696root 11241100x8000000000000000407918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a7e82f1fd89c92f2021-12-21 10:41:37.696root 11241100x8000000000000000407919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b0dad5faaf6d472021-12-21 10:41:37.696root 11241100x8000000000000000407920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a97a6d662ea2f5e2021-12-21 10:41:37.697root 11241100x8000000000000000407921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f6f579dc89b4e682021-12-21 10:41:37.697root 11241100x8000000000000000407922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb51f5f0fb09cee42021-12-21 10:41:37.697root 11241100x8000000000000000407923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0135a034214a800e2021-12-21 10:41:37.697root 11241100x8000000000000000407924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5ed162cd96f43af2021-12-21 10:41:37.697root 11241100x8000000000000000407925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.925a2261c16efcbc2021-12-21 10:41:37.697root 11241100x8000000000000000407926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72eb44a4327b4432021-12-21 10:41:37.697root 11241100x8000000000000000407927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de65a849fe442b992021-12-21 10:41:37.697root 11241100x8000000000000000407928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128641020ade56bf2021-12-21 10:41:37.697root 11241100x8000000000000000407929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4888ecfc6dea16202021-12-21 10:41:37.697root 11241100x8000000000000000407930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.501abccc3632b61f2021-12-21 10:41:37.697root 11241100x8000000000000000407931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.793d4f3676d67f812021-12-21 10:41:37.697root 11241100x8000000000000000407932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:37.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ace4016c4d2479202021-12-21 10:41:37.697root 354300x8000000000000000407933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.135{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47466-false10.0.1.12-8000- 11241100x8000000000000000407934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.136{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfcd2fd1d2aeb19c2021-12-21 10:41:38.136root 11241100x8000000000000000407935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.136{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a796b123560a9362021-12-21 10:41:38.136root 11241100x8000000000000000407936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.136{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea2ba7935fb87b92021-12-21 10:41:38.136root 11241100x8000000000000000407937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e8e5c8bbe9870b32021-12-21 10:41:38.137root 11241100x8000000000000000407938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a07ecc11b29d792021-12-21 10:41:38.137root 11241100x8000000000000000407939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.301e368c5754fc282021-12-21 10:41:38.137root 11241100x8000000000000000407940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef02ac0bf633767e2021-12-21 10:41:38.137root 11241100x8000000000000000407941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d333946a008ba682021-12-21 10:41:38.137root 11241100x8000000000000000407942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99c9307f19f242622021-12-21 10:41:38.137root 11241100x8000000000000000407943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a48c22119acf92df2021-12-21 10:41:38.137root 11241100x8000000000000000407944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d11f8bd5716ab712021-12-21 10:41:38.137root 11241100x8000000000000000407945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09bb446564a657912021-12-21 10:41:38.137root 11241100x8000000000000000407946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21f20281ba0c593c2021-12-21 10:41:38.137root 11241100x8000000000000000407947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adc1fca3bef0b9922021-12-21 10:41:38.137root 11241100x8000000000000000407948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05855e2ec1ba2e352021-12-21 10:41:38.138root 11241100x8000000000000000407949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a300729175f5072021-12-21 10:41:38.138root 11241100x8000000000000000407950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a41467ac97cc752021-12-21 10:41:38.138root 11241100x8000000000000000407951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12fc6ea46684f1ca2021-12-21 10:41:38.138root 11241100x8000000000000000407952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.909a3a272f1c6eb12021-12-21 10:41:38.138root 11241100x8000000000000000407953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eef4402973ed09c2021-12-21 10:41:38.138root 11241100x8000000000000000407954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9117d459675777432021-12-21 10:41:38.138root 11241100x8000000000000000407955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1055cf71833bd4af2021-12-21 10:41:38.138root 11241100x8000000000000000407956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de5a4d020ff6198a2021-12-21 10:41:38.138root 11241100x8000000000000000407957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed03cb7b51ea353d2021-12-21 10:41:38.138root 11241100x8000000000000000407958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.459de1ec23f45b4d2021-12-21 10:41:38.138root 11241100x8000000000000000407959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e9fffab542ba8a2021-12-21 10:41:38.139root 11241100x8000000000000000407960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd7589d383fc52532021-12-21 10:41:38.139root 11241100x8000000000000000407961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.420340922ff309b32021-12-21 10:41:38.139root 11241100x8000000000000000407962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d590efc1eab612c2021-12-21 10:41:38.139root 11241100x8000000000000000407963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a82ed8559d7baeae2021-12-21 10:41:38.139root 11241100x8000000000000000407964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca3a01cacdfcfcd92021-12-21 10:41:38.139root 11241100x8000000000000000407965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76693d61ed12b0af2021-12-21 10:41:38.139root 11241100x8000000000000000407966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.779b3b36de494c0e2021-12-21 10:41:38.139root 11241100x8000000000000000407967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07dba32a8d6e7d792021-12-21 10:41:38.139root 11241100x8000000000000000407968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a46dc718860d1f2021-12-21 10:41:38.139root 11241100x8000000000000000407969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6aa738f165dcb82021-12-21 10:41:38.139root 11241100x8000000000000000407970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b537f8345699e70b2021-12-21 10:41:38.140root 11241100x8000000000000000407971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd7c5c2069c8f01e2021-12-21 10:41:38.140root 11241100x8000000000000000407972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac4a9ceefd5805d12021-12-21 10:41:38.140root 11241100x8000000000000000407973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e67422627ad5ed2021-12-21 10:41:38.140root 11241100x8000000000000000407974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.367553e1741b0f1d2021-12-21 10:41:38.140root 11241100x8000000000000000407975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fc7f69433df436d2021-12-21 10:41:38.140root 11241100x8000000000000000407976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d49190d53491e82021-12-21 10:41:38.140root 11241100x8000000000000000407977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b5a75253c85acc2021-12-21 10:41:38.140root 11241100x8000000000000000407978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb3acc18b5cfba82021-12-21 10:41:38.140root 11241100x8000000000000000407979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e019c4532968ddea2021-12-21 10:41:38.140root 11241100x8000000000000000407980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f25bf3265563c782021-12-21 10:41:38.140root 11241100x8000000000000000407981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3c85513004fdb02021-12-21 10:41:38.141root 11241100x8000000000000000407982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3a3d547425cb0de2021-12-21 10:41:38.141root 11241100x8000000000000000407983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8639db109a5a01b2021-12-21 10:41:38.141root 11241100x8000000000000000407984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e7c485487ee94f2021-12-21 10:41:38.141root 11241100x8000000000000000407985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0657668be2b08c402021-12-21 10:41:38.141root 11241100x8000000000000000407986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5748f1deec8a2d0e2021-12-21 10:41:38.141root 11241100x8000000000000000407987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d434088e4e33cc42021-12-21 10:41:38.141root 11241100x8000000000000000407988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8fc6d9ce69a04052021-12-21 10:41:38.141root 11241100x8000000000000000407989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89706db064409a032021-12-21 10:41:38.141root 11241100x8000000000000000407990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a827290964eefb52021-12-21 10:41:38.141root 11241100x8000000000000000407991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.897521ff7a987e332021-12-21 10:41:38.141root 11241100x8000000000000000407992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5fad8e8ff77c6e02021-12-21 10:41:38.141root 11241100x8000000000000000407993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.198a221af17b40072021-12-21 10:41:38.142root 11241100x8000000000000000407994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ea5358480f72df2021-12-21 10:41:38.142root 11241100x8000000000000000407995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9bb552047c2ecd32021-12-21 10:41:38.142root 11241100x8000000000000000407996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae1e10721444842c2021-12-21 10:41:38.142root 11241100x8000000000000000407997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ffcc504601626112021-12-21 10:41:38.142root 11241100x8000000000000000407998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ef2410fedfaad542021-12-21 10:41:38.142root 11241100x8000000000000000407999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c63b497555f7bdd2021-12-21 10:41:38.142root 11241100x8000000000000000408000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59b3c9322ee1ece32021-12-21 10:41:38.142root 11241100x8000000000000000408001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.972c977211def56e2021-12-21 10:41:38.142root 11241100x8000000000000000408002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bccf68c600908a492021-12-21 10:41:38.142root 11241100x8000000000000000408003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5af859ddb10ddb522021-12-21 10:41:38.142root 11241100x8000000000000000408004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b0f9b7fa4f358232021-12-21 10:41:38.143root 11241100x8000000000000000408005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.057edbbc524e2af82021-12-21 10:41:38.143root 11241100x8000000000000000408006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe26761073ef0582021-12-21 10:41:38.143root 11241100x8000000000000000408007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6405394059947132021-12-21 10:41:38.143root 11241100x8000000000000000408008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d87345be64ea70a2021-12-21 10:41:38.143root 11241100x8000000000000000408009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64f8e4176f7351a2021-12-21 10:41:38.143root 11241100x8000000000000000408010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb89af0652e2efd42021-12-21 10:41:38.143root 11241100x8000000000000000408011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f14bcf4273e3712021-12-21 10:41:38.143root 11241100x8000000000000000408012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cbdecb3098658502021-12-21 10:41:38.143root 11241100x8000000000000000408013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c3fb01acad03b62021-12-21 10:41:38.143root 11241100x8000000000000000408014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00a4662bf295a9ec2021-12-21 10:41:38.143root 11241100x8000000000000000408015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4b89d3d963f6f982021-12-21 10:41:38.144root 11241100x8000000000000000408016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53883572fce314ad2021-12-21 10:41:38.144root 11241100x8000000000000000408017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d43f31ea8676c43b2021-12-21 10:41:38.144root 11241100x8000000000000000408018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f6e842465a879602021-12-21 10:41:38.144root 11241100x8000000000000000408019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cac630776ccfe9b2021-12-21 10:41:38.144root 11241100x8000000000000000408020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ad61c02d088db62021-12-21 10:41:38.144root 11241100x8000000000000000408021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9831ec647bd171e02021-12-21 10:41:38.144root 11241100x8000000000000000408022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6efa6c9d4ee53cd2021-12-21 10:41:38.144root 11241100x8000000000000000408023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb7eb832e2c26c02021-12-21 10:41:38.145root 11241100x8000000000000000408024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b25c49f228cea72021-12-21 10:41:38.145root 11241100x8000000000000000408025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a31e1107b43f4ed2021-12-21 10:41:38.145root 11241100x8000000000000000408026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84081c215a784db52021-12-21 10:41:38.145root 11241100x8000000000000000408027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d70a707880a03832021-12-21 10:41:38.442root 11241100x8000000000000000408028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c15281c9549cc32021-12-21 10:41:38.442root 11241100x8000000000000000408029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45d6c815da2b4c12021-12-21 10:41:38.443root 11241100x8000000000000000408030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be83623aebffbce2021-12-21 10:41:38.443root 11241100x8000000000000000408031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.321a7d3d2062e6ff2021-12-21 10:41:38.443root 11241100x8000000000000000408032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6248560f961bfbe22021-12-21 10:41:38.444root 11241100x8000000000000000408033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f0fee7fd58f0a7f2021-12-21 10:41:38.444root 11241100x8000000000000000408034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.027a8e11bb2527f52021-12-21 10:41:38.444root 11241100x8000000000000000408035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb2aaa668c9a2e92021-12-21 10:41:38.444root 11241100x8000000000000000408036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e40d75ec82d4af2021-12-21 10:41:38.444root 11241100x8000000000000000408037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb14a0f776862f22021-12-21 10:41:38.444root 11241100x8000000000000000408038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0108eb9ac459d59b2021-12-21 10:41:38.445root 11241100x8000000000000000408039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c12d533b71c6092021-12-21 10:41:38.445root 11241100x8000000000000000408040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a14f4910d0851f2021-12-21 10:41:38.445root 11241100x8000000000000000408041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.963fffa4d603ef302021-12-21 10:41:38.445root 11241100x8000000000000000408042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d427fa6f22c4959f2021-12-21 10:41:38.445root 11241100x8000000000000000408043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9404a2a741192ed2021-12-21 10:41:38.445root 11241100x8000000000000000408044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f29ac6135d21d64e2021-12-21 10:41:38.446root 11241100x8000000000000000408045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08979bc0a9db17ff2021-12-21 10:41:38.446root 11241100x8000000000000000408046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c23f9aeab962bc62021-12-21 10:41:38.446root 11241100x8000000000000000408047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.535f347c47a97af62021-12-21 10:41:38.446root 11241100x8000000000000000408048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7afc2a9bf1108892021-12-21 10:41:38.446root 11241100x8000000000000000408049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccff2851d3d7d3462021-12-21 10:41:38.446root 11241100x8000000000000000408050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b11cf532affe46e62021-12-21 10:41:38.446root 11241100x8000000000000000408051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6886da8c609c052021-12-21 10:41:38.446root 11241100x8000000000000000408052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f7ee4d63967cbc2021-12-21 10:41:38.446root 11241100x8000000000000000408053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be188d9f58e3b7992021-12-21 10:41:38.447root 11241100x8000000000000000408054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7bf707eaa1bf7022021-12-21 10:41:38.447root 11241100x8000000000000000408055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c4a58b228af4e22021-12-21 10:41:38.447root 11241100x8000000000000000408056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c3d7843fc84346d2021-12-21 10:41:38.447root 11241100x8000000000000000408057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.228e2b7d6d33c39b2021-12-21 10:41:38.447root 11241100x8000000000000000408058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6c850b294f2ce12021-12-21 10:41:38.447root 11241100x8000000000000000408059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.298dc0ec73d2cde02021-12-21 10:41:38.447root 11241100x8000000000000000408060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebb4ecda0f3cf2c72021-12-21 10:41:38.448root 11241100x8000000000000000408061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96814b842ebd5aee2021-12-21 10:41:38.448root 11241100x8000000000000000408062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.615422e5c916a2ae2021-12-21 10:41:38.448root 11241100x8000000000000000408063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6304700c5e3a93282021-12-21 10:41:38.448root 11241100x8000000000000000408064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6241ee1ee4b1fd2f2021-12-21 10:41:38.448root 11241100x8000000000000000408065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f67b1ec124727e772021-12-21 10:41:38.448root 11241100x8000000000000000408066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.929026935446dee72021-12-21 10:41:38.448root 11241100x8000000000000000408067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3727352994771fe2021-12-21 10:41:38.449root 11241100x8000000000000000408068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5b14d63e667e9352021-12-21 10:41:38.449root 11241100x8000000000000000408069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d9057db892a96fd2021-12-21 10:41:38.449root 11241100x8000000000000000408070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c8ad004566da972021-12-21 10:41:38.449root 11241100x8000000000000000408071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b854b07d32027dc2021-12-21 10:41:38.449root 11241100x8000000000000000408072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea4a81af0a236ca2021-12-21 10:41:38.449root 11241100x8000000000000000408073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ef1da82c1d050cd2021-12-21 10:41:38.449root 11241100x8000000000000000408074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07ecedda280d8ce2021-12-21 10:41:38.449root 11241100x8000000000000000408075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a09e92cc0cd2682021-12-21 10:41:38.449root 11241100x8000000000000000408076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae37a7a99aba66242021-12-21 10:41:38.449root 11241100x8000000000000000408077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.646bc10041a69c332021-12-21 10:41:38.449root 11241100x8000000000000000408078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fee0881a0f9f7922021-12-21 10:41:38.450root 11241100x8000000000000000408079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3b7c847e248d492021-12-21 10:41:38.450root 11241100x8000000000000000408080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9534c6633eed86bb2021-12-21 10:41:38.450root 11241100x8000000000000000408081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5505f93eca18d212021-12-21 10:41:38.450root 11241100x8000000000000000408082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e803c516abcc947b2021-12-21 10:41:38.450root 11241100x8000000000000000408083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b519fb07f78a21962021-12-21 10:41:38.450root 11241100x8000000000000000408084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb9e2897a5f34392021-12-21 10:41:38.450root 11241100x8000000000000000408085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b24b9f359927799f2021-12-21 10:41:38.450root 11241100x8000000000000000408086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074fbbbaa9c918b32021-12-21 10:41:38.450root 11241100x8000000000000000408087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf9f77c55e661bbd2021-12-21 10:41:38.450root 11241100x8000000000000000408088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57055d1cc0bc45692021-12-21 10:41:38.450root 11241100x8000000000000000408089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.112273eda1bec1292021-12-21 10:41:38.450root 11241100x8000000000000000408090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb908a4a71757d9f2021-12-21 10:41:38.450root 11241100x8000000000000000408091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f07259b24a6621492021-12-21 10:41:38.450root 11241100x8000000000000000408092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a409fb8bdc7d162021-12-21 10:41:38.450root 11241100x8000000000000000408093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a09342864046332021-12-21 10:41:38.450root 11241100x8000000000000000408094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14236e96513b59d72021-12-21 10:41:38.451root 11241100x8000000000000000408095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff806c845770f0112021-12-21 10:41:38.451root 11241100x8000000000000000408096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d721f687ce42d6622021-12-21 10:41:38.451root 11241100x8000000000000000408097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.751c2a58d98b363c2021-12-21 10:41:38.451root 11241100x8000000000000000408098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf9b7b93277344a02021-12-21 10:41:38.943root 11241100x8000000000000000408099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1afbec42d35685062021-12-21 10:41:38.943root 11241100x8000000000000000408100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e423db39830eb1d72021-12-21 10:41:38.943root 11241100x8000000000000000408101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff216b243ee2f60c2021-12-21 10:41:38.943root 11241100x8000000000000000408102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea012facd9bb99d42021-12-21 10:41:38.944root 11241100x8000000000000000408103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72794d51d44efa402021-12-21 10:41:38.944root 11241100x8000000000000000408104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd3338d1dac2aa42021-12-21 10:41:38.944root 11241100x8000000000000000408105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.875f19ed570efd412021-12-21 10:41:38.944root 11241100x8000000000000000408106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.265ee12956a20fab2021-12-21 10:41:38.944root 11241100x8000000000000000408107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f6268a2ca5d51c2021-12-21 10:41:38.944root 11241100x8000000000000000408108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01de53955b467fbd2021-12-21 10:41:38.944root 11241100x8000000000000000408109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58413d9f63551e3c2021-12-21 10:41:38.944root 11241100x8000000000000000408110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e968ee28de163beb2021-12-21 10:41:38.944root 11241100x8000000000000000408111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c49bbd6fa57ac62021-12-21 10:41:38.944root 11241100x8000000000000000408112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba0259520d723ae2021-12-21 10:41:38.944root 11241100x8000000000000000408113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c3b6844733ab4852021-12-21 10:41:38.944root 11241100x8000000000000000408114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c8e671866d23ab82021-12-21 10:41:38.944root 11241100x8000000000000000408115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267de0c03325923a2021-12-21 10:41:38.944root 11241100x8000000000000000408116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a153442ebd539da2021-12-21 10:41:38.945root 11241100x8000000000000000408117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a12581f58fdd59c2021-12-21 10:41:38.945root 11241100x8000000000000000408118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4eb9383f80a06802021-12-21 10:41:38.945root 11241100x8000000000000000408119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b59c641cb70d91dc2021-12-21 10:41:38.945root 11241100x8000000000000000408120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2464eb74fe9af1172021-12-21 10:41:38.945root 11241100x8000000000000000408121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e19f1d1d81179bfd2021-12-21 10:41:38.945root 11241100x8000000000000000408122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428966984cd952312021-12-21 10:41:38.945root 11241100x8000000000000000408123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3509b86493193ddb2021-12-21 10:41:38.945root 11241100x8000000000000000408124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58fbc950203dd0d12021-12-21 10:41:38.945root 11241100x8000000000000000408125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1319f3b03b4097802021-12-21 10:41:38.945root 11241100x8000000000000000408126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941fac69496c17242021-12-21 10:41:38.945root 11241100x8000000000000000408127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86250156d0d0f4652021-12-21 10:41:38.945root 11241100x8000000000000000408128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff3dfbab85997382021-12-21 10:41:38.945root 11241100x8000000000000000408129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c82fae1d626fb92021-12-21 10:41:38.945root 23542300x8000000000000000408130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.346{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000408131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.347{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0090648c7dafaf92021-12-21 10:41:39.347root 11241100x8000000000000000408132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.422cbb5a2b73631e2021-12-21 10:41:39.348root 11241100x8000000000000000408133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1f18d8f7c7e3d02021-12-21 10:41:39.348root 11241100x8000000000000000408134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6570820bb7738892021-12-21 10:41:39.348root 11241100x8000000000000000408135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2677a262e9e82f112021-12-21 10:41:39.348root 11241100x8000000000000000408136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6843ec06924586b2021-12-21 10:41:39.349root 11241100x8000000000000000408137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f00ecbb3526ece42021-12-21 10:41:39.349root 11241100x8000000000000000408138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22e1d57125a34c82021-12-21 10:41:39.349root 11241100x8000000000000000408139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e09f8f3c4919e32021-12-21 10:41:39.349root 11241100x8000000000000000408140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a530ce3f66bd4772021-12-21 10:41:39.349root 11241100x8000000000000000408141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30cb715f947ea1112021-12-21 10:41:39.349root 11241100x8000000000000000408142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.161a6f13828437682021-12-21 10:41:39.349root 11241100x8000000000000000408143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.114c9c26c85c36fc2021-12-21 10:41:39.349root 11241100x8000000000000000408144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4cf87ae46b4f7772021-12-21 10:41:39.349root 11241100x8000000000000000408145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40da1f60777521122021-12-21 10:41:39.350root 11241100x8000000000000000408146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f7d24906ff5d3212021-12-21 10:41:39.350root 11241100x8000000000000000408147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c60c4445fee147a02021-12-21 10:41:39.350root 11241100x8000000000000000408148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.434da2afb1473cc82021-12-21 10:41:39.350root 11241100x8000000000000000408149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a253a073ae85602021-12-21 10:41:39.350root 11241100x8000000000000000408150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55242959851e3d072021-12-21 10:41:39.350root 11241100x8000000000000000408151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19c23c9f1eae3c462021-12-21 10:41:39.350root 11241100x8000000000000000408152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181595680bc0fcd72021-12-21 10:41:39.350root 11241100x8000000000000000408153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0996ef97ec1db7a2021-12-21 10:41:39.350root 11241100x8000000000000000408154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.620f9d96e097a3d42021-12-21 10:41:39.350root 11241100x8000000000000000408155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115166c9f0929cd82021-12-21 10:41:39.350root 11241100x8000000000000000408156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c43675e1f4798bf32021-12-21 10:41:39.350root 11241100x8000000000000000408157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91b5c319a7955882021-12-21 10:41:39.350root 11241100x8000000000000000408158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1b1d7d58ece9132021-12-21 10:41:39.350root 11241100x8000000000000000408159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b94d8dd19ff101ac2021-12-21 10:41:39.350root 11241100x8000000000000000408160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d80f38fb81b5a32021-12-21 10:41:39.351root 11241100x8000000000000000408161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e646273aadbf1a132021-12-21 10:41:39.351root 11241100x8000000000000000408162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38ccf7e23b4fde422021-12-21 10:41:39.351root 11241100x8000000000000000408163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b05a473b2144f82021-12-21 10:41:39.351root 11241100x8000000000000000408164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4112be4df9ab8bd42021-12-21 10:41:39.351root 11241100x8000000000000000408165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc66691f12b545bd2021-12-21 10:41:39.351root 11241100x8000000000000000408166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ad5974f0748c0a42021-12-21 10:41:39.693root 11241100x8000000000000000408167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf286fee432fb152021-12-21 10:41:39.693root 11241100x8000000000000000408168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b815b18c71c9610e2021-12-21 10:41:39.694root 11241100x8000000000000000408169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d60a69b1759de462021-12-21 10:41:39.694root 11241100x8000000000000000408170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7a69b3528ba6502021-12-21 10:41:39.694root 11241100x8000000000000000408171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef39258558cfc00f2021-12-21 10:41:39.695root 11241100x8000000000000000408172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76e29a2121f876672021-12-21 10:41:39.695root 11241100x8000000000000000408173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a202ceb693782f72021-12-21 10:41:39.695root 11241100x8000000000000000408174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d2ac1a07d21acc2021-12-21 10:41:39.695root 11241100x8000000000000000408175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.547cde7d5e34bab22021-12-21 10:41:39.695root 11241100x8000000000000000408176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df19ac1cac2dbce42021-12-21 10:41:39.695root 11241100x8000000000000000408177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d8d9e52fc5f28162021-12-21 10:41:39.696root 11241100x8000000000000000408178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8628427ed04639d42021-12-21 10:41:39.696root 11241100x8000000000000000408179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c53d9bd1431f1392021-12-21 10:41:39.696root 11241100x8000000000000000408180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7900056a2e84c06b2021-12-21 10:41:39.696root 11241100x8000000000000000408181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe653f4af16380082021-12-21 10:41:39.696root 11241100x8000000000000000408182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d187b38b8e4005fc2021-12-21 10:41:39.697root 11241100x8000000000000000408183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a6180e512b5d5e2021-12-21 10:41:39.697root 11241100x8000000000000000408184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f390f5dcd61acf7a2021-12-21 10:41:39.697root 11241100x8000000000000000408185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.406ff6d45fe451a02021-12-21 10:41:39.697root 11241100x8000000000000000408186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9491267d696c22362021-12-21 10:41:39.697root 11241100x8000000000000000408187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428d474f0458de9f2021-12-21 10:41:39.697root 11241100x8000000000000000408188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d63ac44dd86fb652021-12-21 10:41:39.698root 11241100x8000000000000000408189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e95e9c855d5d352021-12-21 10:41:39.698root 11241100x8000000000000000408190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165e44690dc820652021-12-21 10:41:39.698root 11241100x8000000000000000408191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff37dc7235047da2021-12-21 10:41:39.698root 11241100x8000000000000000408192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eebd2bba524d71dd2021-12-21 10:41:39.698root 11241100x8000000000000000408193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b706eac6d340c0f2021-12-21 10:41:39.698root 11241100x8000000000000000408194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8207446b80c4a4412021-12-21 10:41:39.698root 11241100x8000000000000000408195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee45cd7ce90ed0552021-12-21 10:41:39.698root 11241100x8000000000000000408196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9079f191dc12d2e32021-12-21 10:41:39.699root 11241100x8000000000000000408197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670f5e70e3af877a2021-12-21 10:41:39.699root 11241100x8000000000000000408198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:39.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1e72d0279c5f57a2021-12-21 10:41:39.699root 11241100x8000000000000000408199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.016f880d9ee8d6822021-12-21 10:41:40.193root 11241100x8000000000000000408200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a837093b25f98e2021-12-21 10:41:40.193root 11241100x8000000000000000408201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb590fad997da7342021-12-21 10:41:40.193root 11241100x8000000000000000408202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76dd35de7b496f4e2021-12-21 10:41:40.193root 11241100x8000000000000000408203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c15bc701a95292d92021-12-21 10:41:40.193root 11241100x8000000000000000408204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba0ef897e72d822f2021-12-21 10:41:40.193root 11241100x8000000000000000408205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db9851c3ad8fbb112021-12-21 10:41:40.193root 11241100x8000000000000000408206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb79f3a013e0da42021-12-21 10:41:40.194root 11241100x8000000000000000408207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a4bc181ca05a412021-12-21 10:41:40.194root 11241100x8000000000000000408208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e786dc1873940a0f2021-12-21 10:41:40.194root 11241100x8000000000000000408209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf35a896fe14baad2021-12-21 10:41:40.194root 11241100x8000000000000000408210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.169c9e7430cda5562021-12-21 10:41:40.194root 11241100x8000000000000000408211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c862073f1609957b2021-12-21 10:41:40.196root 11241100x8000000000000000408212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de0a996f348e1e122021-12-21 10:41:40.197root 11241100x8000000000000000408213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0803e40f950e56cd2021-12-21 10:41:40.197root 11241100x8000000000000000408214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77f186aa5ea100232021-12-21 10:41:40.197root 11241100x8000000000000000408215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa9ebd07632de79f2021-12-21 10:41:40.197root 11241100x8000000000000000408216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2af2260dff447142021-12-21 10:41:40.197root 11241100x8000000000000000408217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af86ca68be1595612021-12-21 10:41:40.197root 11241100x8000000000000000408218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.758dbbe6b7d77bdf2021-12-21 10:41:40.198root 11241100x8000000000000000408219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9aeff84729e0e592021-12-21 10:41:40.198root 11241100x8000000000000000408220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3490706dc1392e12021-12-21 10:41:40.198root 11241100x8000000000000000408221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06a1f8a50cffdb422021-12-21 10:41:40.198root 11241100x8000000000000000408222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ff0f2eab4dbb1972021-12-21 10:41:40.198root 11241100x8000000000000000408223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ea70c68832bf952021-12-21 10:41:40.198root 11241100x8000000000000000408224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e395b0effc91a1222021-12-21 10:41:40.198root 11241100x8000000000000000408225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29087d6d8d7393422021-12-21 10:41:40.199root 11241100x8000000000000000408226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f64bd95fc7c20cd2021-12-21 10:41:40.199root 11241100x8000000000000000408227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d588b1226c4157ff2021-12-21 10:41:40.199root 11241100x8000000000000000408228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b6c47f15c26cdf32021-12-21 10:41:40.199root 11241100x8000000000000000408229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b1e0b1c6d3b97b2021-12-21 10:41:40.199root 11241100x8000000000000000408230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da42f56df3f5cff2021-12-21 10:41:40.199root 11241100x8000000000000000408231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.124c7712fc3a7b312021-12-21 10:41:40.199root 11241100x8000000000000000408232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf6a721c55d5d6432021-12-21 10:41:40.199root 11241100x8000000000000000408233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34751ed3b662f24f2021-12-21 10:41:40.199root 11241100x8000000000000000408234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a75021e6c08eb2632021-12-21 10:41:40.200root 11241100x8000000000000000408235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c3e136fb4efa2b2021-12-21 10:41:40.200root 11241100x8000000000000000408236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18e966080ba87012021-12-21 10:41:40.200root 11241100x8000000000000000408237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c3f8f44faa6ad552021-12-21 10:41:40.200root 11241100x8000000000000000408238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.247bbc6f0e95ee252021-12-21 10:41:40.200root 11241100x8000000000000000408239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b8b5fcef4bd8b792021-12-21 10:41:40.200root 11241100x8000000000000000408240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda0c4efd3f872a32021-12-21 10:41:40.200root 11241100x8000000000000000408241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24509a39eec6eee12021-12-21 10:41:40.200root 11241100x8000000000000000408242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce40aa8d4b6c433c2021-12-21 10:41:40.201root 11241100x8000000000000000408243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeee69b5a57896d82021-12-21 10:41:40.201root 11241100x8000000000000000408244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cbcfafdf93deef42021-12-21 10:41:40.693root 11241100x8000000000000000408245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989d2dd8e804dd102021-12-21 10:41:40.693root 11241100x8000000000000000408246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6cd32b48ee253372021-12-21 10:41:40.693root 11241100x8000000000000000408247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a04a71567659a2a2021-12-21 10:41:40.693root 11241100x8000000000000000408248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0872d0d35a29a302021-12-21 10:41:40.693root 11241100x8000000000000000408249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5134c0d1bc88fe132021-12-21 10:41:40.694root 11241100x8000000000000000408250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc0ecd2c275a12f2021-12-21 10:41:40.694root 11241100x8000000000000000408251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad5e08cffc67787a2021-12-21 10:41:40.694root 11241100x8000000000000000408252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ceb5b8e88aafa62021-12-21 10:41:40.694root 11241100x8000000000000000408253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ccbe989b4625542021-12-21 10:41:40.694root 11241100x8000000000000000408254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fbda7a128dc628b2021-12-21 10:41:40.694root 11241100x8000000000000000408255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b839e3bfae9839e12021-12-21 10:41:40.694root 11241100x8000000000000000408256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99eb8e0d16484922021-12-21 10:41:40.695root 11241100x8000000000000000408257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1363311c05b195552021-12-21 10:41:40.695root 11241100x8000000000000000408258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37974fd27f3e0d922021-12-21 10:41:40.695root 11241100x8000000000000000408259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72f41331bec6c602021-12-21 10:41:40.695root 11241100x8000000000000000408260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.471831fa27cdf9e72021-12-21 10:41:40.695root 11241100x8000000000000000408261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f38e2d18507c00622021-12-21 10:41:40.695root 11241100x8000000000000000408262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb26fe3a1b283ab92021-12-21 10:41:40.695root 11241100x8000000000000000408263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b852b456f3284c852021-12-21 10:41:40.696root 11241100x8000000000000000408264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.161cebf6e432cf382021-12-21 10:41:40.696root 11241100x8000000000000000408265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbc74477487570d32021-12-21 10:41:40.696root 11241100x8000000000000000408266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db1138f6a0449a92021-12-21 10:41:40.696root 11241100x8000000000000000408267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eebcd974a92d9f12021-12-21 10:41:40.697root 11241100x8000000000000000408268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.202deeb45b4ecf262021-12-21 10:41:40.697root 11241100x8000000000000000408269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62993d0a3645fea42021-12-21 10:41:40.697root 11241100x8000000000000000408270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c77c24acd53d43162021-12-21 10:41:40.700root 11241100x8000000000000000408271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.905ed1b9b30785ee2021-12-21 10:41:40.700root 11241100x8000000000000000408272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ca6bc9c71138b42021-12-21 10:41:40.700root 11241100x8000000000000000408273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a25388199964f7db2021-12-21 10:41:40.700root 11241100x8000000000000000408274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6685c81119aaffb92021-12-21 10:41:40.700root 11241100x8000000000000000408275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f933e34f069ab8172021-12-21 10:41:40.700root 11241100x8000000000000000408276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16eed348a0862742021-12-21 10:41:40.701root 11241100x8000000000000000408277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:40.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab2a8a810c92539d2021-12-21 10:41:40.701root 11241100x8000000000000000408278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.557ebabd568a03ee2021-12-21 10:41:41.193root 11241100x8000000000000000408279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82d360956f68a1862021-12-21 10:41:41.193root 11241100x8000000000000000408280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fb1cf472b9bf0312021-12-21 10:41:41.193root 11241100x8000000000000000408281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d208cda246b9b8e2021-12-21 10:41:41.193root 11241100x8000000000000000408282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08f0c4017ffb04582021-12-21 10:41:41.193root 11241100x8000000000000000408283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.176171cd90e2a15d2021-12-21 10:41:41.194root 11241100x8000000000000000408284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83982df2c5b117262021-12-21 10:41:41.194root 11241100x8000000000000000408285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9518a557d5827d52021-12-21 10:41:41.194root 11241100x8000000000000000408286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f42d70e68c00b842021-12-21 10:41:41.194root 11241100x8000000000000000408287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d718bda23a65a382021-12-21 10:41:41.194root 11241100x8000000000000000408288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e9eff31a53ff9b2021-12-21 10:41:41.194root 11241100x8000000000000000408289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63fe4dc2ef2b35222021-12-21 10:41:41.194root 11241100x8000000000000000408290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12dfbaddd5f60a8d2021-12-21 10:41:41.195root 11241100x8000000000000000408291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f14e1decd3086b42021-12-21 10:41:41.195root 11241100x8000000000000000408292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07994f608bfd72a52021-12-21 10:41:41.195root 11241100x8000000000000000408293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2679f5f9cb6a283c2021-12-21 10:41:41.195root 11241100x8000000000000000408294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f60c0d1b81541a62021-12-21 10:41:41.195root 11241100x8000000000000000408295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede8395ff01d75862021-12-21 10:41:41.195root 11241100x8000000000000000408296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8c95554769b0df2021-12-21 10:41:41.195root 11241100x8000000000000000408297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649ead8c6e8bcabb2021-12-21 10:41:41.196root 11241100x8000000000000000408298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47c6f496d8192dc72021-12-21 10:41:41.196root 11241100x8000000000000000408299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa7c5e6b5e13a602021-12-21 10:41:41.196root 11241100x8000000000000000408300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16aae1b50e87529b2021-12-21 10:41:41.197root 11241100x8000000000000000408301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8880538090cd51c82021-12-21 10:41:41.197root 11241100x8000000000000000408302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc267431e7b6314d2021-12-21 10:41:41.198root 11241100x8000000000000000408303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df3d098280f9690b2021-12-21 10:41:41.198root 11241100x8000000000000000408304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaa2d1205bf897632021-12-21 10:41:41.198root 11241100x8000000000000000408305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07c80879fc6af3b2021-12-21 10:41:41.198root 11241100x8000000000000000408306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13178de38a650e02021-12-21 10:41:41.198root 11241100x8000000000000000408307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.571a779fe8bef16b2021-12-21 10:41:41.198root 11241100x8000000000000000408308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dad00655d9dcda22021-12-21 10:41:41.198root 11241100x8000000000000000408309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e1638f39c0ba0a2021-12-21 10:41:41.198root 11241100x8000000000000000408310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3063ce5f3151453c2021-12-21 10:41:41.198root 11241100x8000000000000000408311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be174aae30ca30582021-12-21 10:41:41.693root 11241100x8000000000000000408312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882905ec870acb142021-12-21 10:41:41.693root 11241100x8000000000000000408313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0bdb867f1d6dc782021-12-21 10:41:41.693root 11241100x8000000000000000408314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3acc34fbf3c73a8d2021-12-21 10:41:41.693root 11241100x8000000000000000408315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6733b1a1a414be5e2021-12-21 10:41:41.693root 11241100x8000000000000000408316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a6a3123991c7262021-12-21 10:41:41.693root 11241100x8000000000000000408317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03746c96eceaf03e2021-12-21 10:41:41.693root 11241100x8000000000000000408318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4336ae83fc7d3dbd2021-12-21 10:41:41.694root 11241100x8000000000000000408319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.897b39905e40aa902021-12-21 10:41:41.695root 11241100x8000000000000000408320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf4752bda388cbd2021-12-21 10:41:41.695root 11241100x8000000000000000408321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31880603bbf97de72021-12-21 10:41:41.695root 11241100x8000000000000000408322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d295c32fd4aa3e452021-12-21 10:41:41.695root 11241100x8000000000000000408323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c3380529f3b9b12021-12-21 10:41:41.696root 11241100x8000000000000000408324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8076c85789aa71de2021-12-21 10:41:41.696root 11241100x8000000000000000408325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c68dfdca8b001022021-12-21 10:41:41.696root 11241100x8000000000000000408326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a21d51add103fcd72021-12-21 10:41:41.696root 11241100x8000000000000000408327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a57cd00fdf8e8bc2021-12-21 10:41:41.696root 11241100x8000000000000000408328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f09bc27dd083a1a2021-12-21 10:41:41.696root 11241100x8000000000000000408329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10ce7f2392c6252c2021-12-21 10:41:41.696root 11241100x8000000000000000408330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c382cf291f277132021-12-21 10:41:41.697root 11241100x8000000000000000408331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f2fc07d12e5f352021-12-21 10:41:41.697root 11241100x8000000000000000408332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d3f45225c3a6ca82021-12-21 10:41:41.697root 11241100x8000000000000000408333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b9c1f18168a927a2021-12-21 10:41:41.697root 11241100x8000000000000000408334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c7b5e51ab41a44a2021-12-21 10:41:41.697root 11241100x8000000000000000408335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f364d6569033ea2021-12-21 10:41:41.697root 11241100x8000000000000000408336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.388a904fb991b1dd2021-12-21 10:41:41.697root 11241100x8000000000000000408337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca2f7caa5e23b9f22021-12-21 10:41:41.699root 11241100x8000000000000000408338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed35704af87df6e2021-12-21 10:41:41.701root 11241100x8000000000000000408339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2399fde1463362362021-12-21 10:41:41.701root 11241100x8000000000000000408340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c67a4b2d3009aa2021-12-21 10:41:41.701root 11241100x8000000000000000408341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ee916b778d2ee62021-12-21 10:41:41.701root 11241100x8000000000000000408342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd1ae353978dbee12021-12-21 10:41:41.701root 11241100x8000000000000000408343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56fb96db2f6c74292021-12-21 10:41:41.701root 11241100x8000000000000000408344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b58ad7bb8b2dd72021-12-21 10:41:41.701root 11241100x8000000000000000408345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881caff80b3f3db92021-12-21 10:41:41.701root 11241100x8000000000000000408346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e0401b404b21772021-12-21 10:41:41.701root 11241100x8000000000000000408347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0787e8461a9a5f792021-12-21 10:41:41.701root 11241100x8000000000000000408348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c82ea3baa1ec202021-12-21 10:41:41.701root 11241100x8000000000000000408349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:41.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18681eb4491b11af2021-12-21 10:41:41.701root 11241100x8000000000000000408350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b006c27bf3c0a3192021-12-21 10:41:42.193root 11241100x8000000000000000408351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b5741e2f18a929c2021-12-21 10:41:42.193root 11241100x8000000000000000408352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b59d3af10645c7da2021-12-21 10:41:42.193root 11241100x8000000000000000408353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.482b6d508839b93f2021-12-21 10:41:42.193root 11241100x8000000000000000408354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e25269cc44e864702021-12-21 10:41:42.193root 11241100x8000000000000000408355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c80d555c68739542021-12-21 10:41:42.193root 11241100x8000000000000000408356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.494c36c22b35b9c72021-12-21 10:41:42.193root 11241100x8000000000000000408357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2272e3d16f056862021-12-21 10:41:42.193root 11241100x8000000000000000408358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.415cd7af7e3fd7cc2021-12-21 10:41:42.193root 11241100x8000000000000000408359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f77997eb941d3d522021-12-21 10:41:42.193root 11241100x8000000000000000408360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327d01086bdf20c72021-12-21 10:41:42.194root 11241100x8000000000000000408361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb088ba6dc14e072021-12-21 10:41:42.194root 11241100x8000000000000000408362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.899d6bf9b269bb5a2021-12-21 10:41:42.194root 11241100x8000000000000000408363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea6b00135273519a2021-12-21 10:41:42.194root 11241100x8000000000000000408364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce193d84c68042d62021-12-21 10:41:42.194root 11241100x8000000000000000408365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56a870867719b632021-12-21 10:41:42.194root 11241100x8000000000000000408366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.958e5d2ae1d9bbd22021-12-21 10:41:42.194root 11241100x8000000000000000408367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.135b24f43c4061b82021-12-21 10:41:42.195root 11241100x8000000000000000408368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba29c96dac203b462021-12-21 10:41:42.195root 11241100x8000000000000000408369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47dbe5160778650c2021-12-21 10:41:42.195root 11241100x8000000000000000408370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd37775614254012021-12-21 10:41:42.195root 11241100x8000000000000000408371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c59fa754524e3fd42021-12-21 10:41:42.195root 11241100x8000000000000000408372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16f7bef24c615da92021-12-21 10:41:42.195root 11241100x8000000000000000408373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eaf335e317e920e2021-12-21 10:41:42.195root 11241100x8000000000000000408374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1661a74b4cf10062021-12-21 10:41:42.196root 11241100x8000000000000000408375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2642ee4e0138fe532021-12-21 10:41:42.196root 11241100x8000000000000000408376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b9ca97072d887922021-12-21 10:41:42.196root 11241100x8000000000000000408377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195f4351e881e3122021-12-21 10:41:42.196root 11241100x8000000000000000408378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa137b72dd28bc12021-12-21 10:41:42.196root 11241100x8000000000000000408379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c172c2cbee22a9f2021-12-21 10:41:42.197root 11241100x8000000000000000408380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b31dc8c3f6ef2d72021-12-21 10:41:42.197root 11241100x8000000000000000408381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed8f9e20c7c43aaf2021-12-21 10:41:42.197root 11241100x8000000000000000408382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ff2f051d8b6067f2021-12-21 10:41:42.197root 11241100x8000000000000000408383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ad9fc14f8420a72021-12-21 10:41:42.693root 11241100x8000000000000000408384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea90d9a03b4998a12021-12-21 10:41:42.693root 11241100x8000000000000000408385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b00dc1ba973c21052021-12-21 10:41:42.693root 11241100x8000000000000000408386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b48835d98ed7f53a2021-12-21 10:41:42.693root 11241100x8000000000000000408387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b6021db501f8642021-12-21 10:41:42.693root 11241100x8000000000000000408388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc8cb09621816c412021-12-21 10:41:42.693root 11241100x8000000000000000408389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26380609382776032021-12-21 10:41:42.693root 11241100x8000000000000000408390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7408df443f5ca4ee2021-12-21 10:41:42.693root 11241100x8000000000000000408391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d165a9e01d7081f22021-12-21 10:41:42.694root 11241100x8000000000000000408392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f9fe6a2080d7aea2021-12-21 10:41:42.694root 11241100x8000000000000000408393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c7da365f3966082021-12-21 10:41:42.694root 11241100x8000000000000000408394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a95e466fbba9c35c2021-12-21 10:41:42.694root 11241100x8000000000000000408395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a58e320e8251f9f32021-12-21 10:41:42.694root 11241100x8000000000000000408396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.329b880a637f945f2021-12-21 10:41:42.694root 11241100x8000000000000000408397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89440b1edda443c12021-12-21 10:41:42.694root 11241100x8000000000000000408398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7b0e537dffb1feb2021-12-21 10:41:42.694root 11241100x8000000000000000408399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49bd2d57dfffd22c2021-12-21 10:41:42.694root 11241100x8000000000000000408400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ab250b2f60a39f2021-12-21 10:41:42.695root 11241100x8000000000000000408401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a80b4169b22cc0672021-12-21 10:41:42.695root 11241100x8000000000000000408402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb026aeb6bff12182021-12-21 10:41:42.695root 11241100x8000000000000000408403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe0cc11b258173a2021-12-21 10:41:42.695root 11241100x8000000000000000408404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fb9a3f7cf86580d2021-12-21 10:41:42.695root 11241100x8000000000000000408405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18dc92adc11d7d1e2021-12-21 10:41:42.695root 11241100x8000000000000000408406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5857ad14a221d472021-12-21 10:41:42.695root 11241100x8000000000000000408407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5e0a0f5d01a285c2021-12-21 10:41:42.696root 11241100x8000000000000000408408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.668eed59f290cc842021-12-21 10:41:42.696root 11241100x8000000000000000408409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fa182ece4edb2f92021-12-21 10:41:42.696root 11241100x8000000000000000408410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.877a35f650bd39502021-12-21 10:41:42.696root 11241100x8000000000000000408411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ce853f8df05f5d2021-12-21 10:41:42.696root 11241100x8000000000000000408412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.281e8bbb9866934a2021-12-21 10:41:42.696root 11241100x8000000000000000408413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0cbff9aa91168d52021-12-21 10:41:42.696root 11241100x8000000000000000408414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ed6a3611135ac92021-12-21 10:41:42.696root 11241100x8000000000000000408415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608285586bf25e9f2021-12-21 10:41:42.697root 11241100x8000000000000000408416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39614419810598272021-12-21 10:41:42.697root 11241100x8000000000000000408417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c6d0e28b1ef6682021-12-21 10:41:42.697root 11241100x8000000000000000408418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24953b1f6bee65952021-12-21 10:41:42.697root 11241100x8000000000000000408419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d94dc4466542dd2021-12-21 10:41:42.698root 11241100x8000000000000000408420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3911491f4b162ce82021-12-21 10:41:42.698root 11241100x8000000000000000408421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e9fc5d557f51c602021-12-21 10:41:42.698root 11241100x8000000000000000408422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ade13cf66d4150e32021-12-21 10:41:42.698root 11241100x8000000000000000408423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.672fa68a46478d5f2021-12-21 10:41:42.698root 11241100x8000000000000000408424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c983ee2023b16e1d2021-12-21 10:41:42.698root 11241100x8000000000000000408425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdcd5f3e35d396882021-12-21 10:41:42.699root 11241100x8000000000000000408426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ba224a7b02080442021-12-21 10:41:42.699root 11241100x8000000000000000408427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f51d17b1e28e0a32021-12-21 10:41:42.699root 11241100x8000000000000000408428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a3dd573f11c8ad52021-12-21 10:41:42.699root 11241100x8000000000000000408429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22cbbcc200019e9f2021-12-21 10:41:42.699root 11241100x8000000000000000408430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98709904557713252021-12-21 10:41:42.699root 11241100x8000000000000000408431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa6f5286f296adb2021-12-21 10:41:42.699root 11241100x8000000000000000408432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd006fd170f38a8e2021-12-21 10:41:42.699root 11241100x8000000000000000408433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91faa4765cc2fb562021-12-21 10:41:42.700root 11241100x8000000000000000408434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50d1d42acebb871e2021-12-21 10:41:42.700root 11241100x8000000000000000408435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d34b30926b5ad442021-12-21 10:41:42.700root 11241100x8000000000000000408436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feec92f8a7816aac2021-12-21 10:41:42.700root 11241100x8000000000000000408437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:42.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.620bc73612f1f6e62021-12-21 10:41:42.700root 354300x8000000000000000408438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.183{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47468-false10.0.1.12-8000- 11241100x8000000000000000408439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.184{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e731cc9273139b82021-12-21 10:41:43.184root 11241100x8000000000000000408440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.185{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a884b81387aca2af2021-12-21 10:41:43.185root 11241100x8000000000000000408441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.185{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2672d7fe363a3db2021-12-21 10:41:43.185root 11241100x8000000000000000408442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.185{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e28bcc4c1ca97b392021-12-21 10:41:43.185root 11241100x8000000000000000408443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.185{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb0dc2720b6109392021-12-21 10:41:43.185root 11241100x8000000000000000408444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.185{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5d3c67d723d19122021-12-21 10:41:43.185root 11241100x8000000000000000408445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.185{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0559a965ccaeb6a82021-12-21 10:41:43.185root 11241100x8000000000000000408446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bfffeb7af1cb5862021-12-21 10:41:43.186root 11241100x8000000000000000408447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da914abf97e6d5a42021-12-21 10:41:43.186root 11241100x8000000000000000408448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a44bfa237377b1ca2021-12-21 10:41:43.186root 11241100x8000000000000000408449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0616806b17e094bf2021-12-21 10:41:43.186root 11241100x8000000000000000408450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e8fe556cb7478912021-12-21 10:41:43.186root 11241100x8000000000000000408451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3def842b6240f37a2021-12-21 10:41:43.186root 11241100x8000000000000000408452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d04dde2dedfbfbf32021-12-21 10:41:43.186root 11241100x8000000000000000408453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5580413223751de92021-12-21 10:41:43.186root 11241100x8000000000000000408454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f7a5514385ed852021-12-21 10:41:43.186root 11241100x8000000000000000408455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f06e6d665af3f32021-12-21 10:41:43.186root 11241100x8000000000000000408456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d56392367c9fc3e2021-12-21 10:41:43.187root 11241100x8000000000000000408457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21d196c68143fd002021-12-21 10:41:43.187root 11241100x8000000000000000408458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d618a0c7e7d1cf12021-12-21 10:41:43.187root 11241100x8000000000000000408459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac0d681c0883c66e2021-12-21 10:41:43.187root 11241100x8000000000000000408460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c512ee6dfa6cda692021-12-21 10:41:43.187root 11241100x8000000000000000408461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c3ca839b4d493db2021-12-21 10:41:43.187root 11241100x8000000000000000408462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec68e28fbef831aa2021-12-21 10:41:43.187root 11241100x8000000000000000408463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2dcbf00a8eddb132021-12-21 10:41:43.187root 11241100x8000000000000000408464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30df859d29af23522021-12-21 10:41:43.187root 11241100x8000000000000000408465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8be92c169fa59802021-12-21 10:41:43.187root 11241100x8000000000000000408466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.188{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf89372f3e3cab822021-12-21 10:41:43.188root 11241100x8000000000000000408467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.188{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e3a2802a6e6b31f2021-12-21 10:41:43.188root 11241100x8000000000000000408468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.188{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf02edcc40d365c42021-12-21 10:41:43.188root 11241100x8000000000000000408469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.188{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc0d05a36b13e1d2021-12-21 10:41:43.188root 11241100x8000000000000000408470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.188{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29ae07445c164a132021-12-21 10:41:43.188root 11241100x8000000000000000408471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.188{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c8038cfe2b3a292021-12-21 10:41:43.188root 11241100x8000000000000000408472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.188{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbfe25bf185d19822021-12-21 10:41:43.188root 11241100x8000000000000000408473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.188{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f28ff3315b66e5a62021-12-21 10:41:43.188root 11241100x8000000000000000408474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.189{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc06290f98a71af02021-12-21 10:41:43.189root 11241100x8000000000000000408475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.189{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c73e7a73cc7cd7692021-12-21 10:41:43.189root 11241100x8000000000000000408476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.189{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f71d7019f4b8f72021-12-21 10:41:43.189root 11241100x8000000000000000408477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.189{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5820df35907466472021-12-21 10:41:43.189root 11241100x8000000000000000408478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.189{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d96a8fb011507cb42021-12-21 10:41:43.189root 11241100x8000000000000000408479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.189{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dad0ea3d38017f92021-12-21 10:41:43.189root 11241100x8000000000000000408480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.189{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.623724eaa40757962021-12-21 10:41:43.189root 11241100x8000000000000000408481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.190{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c01a5577eb99592021-12-21 10:41:43.190root 11241100x8000000000000000408482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec3302ec30c403f2021-12-21 10:41:43.443root 11241100x8000000000000000408483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.239a1bd57d09ea642021-12-21 10:41:43.443root 11241100x8000000000000000408484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.129851bae33223962021-12-21 10:41:43.443root 11241100x8000000000000000408485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c62f8ec261261ce92021-12-21 10:41:43.443root 11241100x8000000000000000408486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eacb151a4d40ae22021-12-21 10:41:43.443root 11241100x8000000000000000408487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c661a25aa2020cfd2021-12-21 10:41:43.443root 11241100x8000000000000000408488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a944f7fee9523a72021-12-21 10:41:43.443root 11241100x8000000000000000408489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1be797b75ec8a1042021-12-21 10:41:43.444root 11241100x8000000000000000408490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4ab7da461501bc32021-12-21 10:41:43.444root 11241100x8000000000000000408491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.602c195d0857ab3b2021-12-21 10:41:43.444root 11241100x8000000000000000408492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4e616c733ccb4ab2021-12-21 10:41:43.444root 11241100x8000000000000000408493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a75fb0000eac99582021-12-21 10:41:43.444root 11241100x8000000000000000408494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5910dc0c3182d8a82021-12-21 10:41:43.444root 11241100x8000000000000000408495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69dae09da99b39ac2021-12-21 10:41:43.444root 11241100x8000000000000000408496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaefa68f6a2b91c92021-12-21 10:41:43.444root 11241100x8000000000000000408497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f38bd84f44a586a52021-12-21 10:41:43.444root 11241100x8000000000000000408498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.497b678f81daeb9f2021-12-21 10:41:43.444root 11241100x8000000000000000408499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac4461f0a908f352021-12-21 10:41:43.445root 11241100x8000000000000000408500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f2997abb6970f6e2021-12-21 10:41:43.445root 11241100x8000000000000000408501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9accd298ccd99bb02021-12-21 10:41:43.445root 11241100x8000000000000000408502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd76dd17746a83ab2021-12-21 10:41:43.445root 11241100x8000000000000000408503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec81ca80653dd5c42021-12-21 10:41:43.445root 11241100x8000000000000000408504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601367213cdae6702021-12-21 10:41:43.445root 11241100x8000000000000000408505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6475376c917820f2021-12-21 10:41:43.445root 11241100x8000000000000000408506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7d887be6320d932021-12-21 10:41:43.445root 11241100x8000000000000000408507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61cf015615835bd22021-12-21 10:41:43.446root 11241100x8000000000000000408508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3786158cbcd0f0282021-12-21 10:41:43.446root 11241100x8000000000000000408509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.756272be4cad34632021-12-21 10:41:43.446root 11241100x8000000000000000408510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c5a74d1710d5dc2021-12-21 10:41:43.446root 11241100x8000000000000000408511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb614b8bda2c67b02021-12-21 10:41:43.446root 11241100x8000000000000000408512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05d02aed5581123f2021-12-21 10:41:43.446root 11241100x8000000000000000408513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8baaa85f4349e2f2021-12-21 10:41:43.446root 11241100x8000000000000000408514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b67d7412f915fb22021-12-21 10:41:43.447root 11241100x8000000000000000408515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c88ae2bccc5434612021-12-21 10:41:43.447root 11241100x8000000000000000408516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059d08f51583ae122021-12-21 10:41:43.447root 11241100x8000000000000000408517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df3c21355dd261392021-12-21 10:41:43.447root 11241100x8000000000000000408518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b26a5766576295592021-12-21 10:41:43.448root 11241100x8000000000000000408519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f5b3177755ee69f2021-12-21 10:41:43.448root 11241100x8000000000000000408520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3733366c11584cd62021-12-21 10:41:43.448root 11241100x8000000000000000408521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3eae2ad6fb1af622021-12-21 10:41:43.448root 11241100x8000000000000000408522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb040ba3c1313b8a2021-12-21 10:41:43.449root 11241100x8000000000000000408523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95e3461fa08b26f82021-12-21 10:41:43.449root 11241100x8000000000000000408524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.137c4646a4cef2162021-12-21 10:41:43.449root 11241100x8000000000000000408525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15313e4a4030092a2021-12-21 10:41:43.943root 11241100x8000000000000000408526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d66bdf6ba7ab2a572021-12-21 10:41:43.943root 11241100x8000000000000000408527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e75f2bc84d93c1d22021-12-21 10:41:43.943root 11241100x8000000000000000408528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c444ac338b7347a2021-12-21 10:41:43.943root 11241100x8000000000000000408529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd4b7061b38aa982021-12-21 10:41:43.944root 11241100x8000000000000000408530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10141637cf50b842021-12-21 10:41:43.944root 11241100x8000000000000000408531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ceda750635236162021-12-21 10:41:43.944root 11241100x8000000000000000408532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b72fb1b8d4cd67a2021-12-21 10:41:43.944root 11241100x8000000000000000408533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.257075781e1ecc352021-12-21 10:41:43.944root 11241100x8000000000000000408534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50aa582d24e647c22021-12-21 10:41:43.945root 11241100x8000000000000000408535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92065e8260bcdefc2021-12-21 10:41:43.945root 11241100x8000000000000000408536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e631e3e56e6644b52021-12-21 10:41:43.945root 11241100x8000000000000000408537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.441c3c2bc829755a2021-12-21 10:41:43.945root 11241100x8000000000000000408538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a0d1b0397657e42021-12-21 10:41:43.945root 11241100x8000000000000000408539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00a71e5aa7e072412021-12-21 10:41:43.945root 11241100x8000000000000000408540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7992c724a8cc8662021-12-21 10:41:43.946root 11241100x8000000000000000408541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f10bf10df9e7ff2021-12-21 10:41:43.946root 11241100x8000000000000000408542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddfdb1b2cb33f64d2021-12-21 10:41:43.946root 11241100x8000000000000000408543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2426f94f51b89e482021-12-21 10:41:43.946root 11241100x8000000000000000408544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e61ecddc991ee4592021-12-21 10:41:43.947root 11241100x8000000000000000408545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f31f124699438342021-12-21 10:41:43.947root 11241100x8000000000000000408546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e747d321e2dc0e52021-12-21 10:41:43.947root 11241100x8000000000000000408547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0808641b7c2e12492021-12-21 10:41:43.947root 11241100x8000000000000000408548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.231cb2317fc36d2c2021-12-21 10:41:43.947root 11241100x8000000000000000408549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d2aeb47e2d38272021-12-21 10:41:43.947root 11241100x8000000000000000408550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c507d3544c2a20992021-12-21 10:41:43.947root 11241100x8000000000000000408551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42463ae19f6d06602021-12-21 10:41:43.948root 11241100x8000000000000000408552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c2bc5f144c667592021-12-21 10:41:43.948root 11241100x8000000000000000408553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a4176977e71c6492021-12-21 10:41:43.948root 11241100x8000000000000000408554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41adc3812e856e192021-12-21 10:41:43.948root 11241100x8000000000000000408555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8ed93c73ddc399c2021-12-21 10:41:43.948root 11241100x8000000000000000408556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc3074c0c22715e2021-12-21 10:41:43.948root 11241100x8000000000000000408557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdec3e31a18cc8a72021-12-21 10:41:43.948root 11241100x8000000000000000408558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2018626fe71e9d6b2021-12-21 10:41:43.948root 11241100x8000000000000000408559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.613aeae81ffc835c2021-12-21 10:41:43.949root 11241100x8000000000000000408560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75641fee9ddc86c62021-12-21 10:41:43.949root 11241100x8000000000000000408561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e17c12ea4712fc52021-12-21 10:41:43.949root 11241100x8000000000000000408562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a563bec2e7b3a1ce2021-12-21 10:41:43.949root 11241100x8000000000000000408563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:43.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15fd3489da38b382021-12-21 10:41:43.949root 11241100x8000000000000000408564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be2d1728c361f7722021-12-21 10:41:44.443root 11241100x8000000000000000408565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d0c5927557c45282021-12-21 10:41:44.443root 11241100x8000000000000000408566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce24e69b04c37b42021-12-21 10:41:44.443root 11241100x8000000000000000408567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52336eae37fceea32021-12-21 10:41:44.443root 11241100x8000000000000000408568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.788d83dfeebf4c2c2021-12-21 10:41:44.444root 11241100x8000000000000000408569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19b0d8c61cfaeeae2021-12-21 10:41:44.444root 11241100x8000000000000000408570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b47ed06ec2eefedf2021-12-21 10:41:44.444root 11241100x8000000000000000408571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c7d4fffd97d64572021-12-21 10:41:44.444root 11241100x8000000000000000408572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20efeb1317f31d132021-12-21 10:41:44.444root 11241100x8000000000000000408573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba4be9996b2b511b2021-12-21 10:41:44.444root 11241100x8000000000000000408574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9513f2e775c81a412021-12-21 10:41:44.444root 11241100x8000000000000000408575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b1f5de520eefb2b2021-12-21 10:41:44.445root 11241100x8000000000000000408576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9769c97f3ef76a1c2021-12-21 10:41:44.445root 11241100x8000000000000000408577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c2d4b30ba2569902021-12-21 10:41:44.445root 11241100x8000000000000000408578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e225c0e8ba24e6122021-12-21 10:41:44.445root 11241100x8000000000000000408579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5284a20e5ea449d2021-12-21 10:41:44.445root 11241100x8000000000000000408580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a409c6577aac1512021-12-21 10:41:44.445root 11241100x8000000000000000408581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a0f1e923d335c842021-12-21 10:41:44.445root 11241100x8000000000000000408582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b6e1d244e4c51e32021-12-21 10:41:44.445root 11241100x8000000000000000408583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d21948c76268a1452021-12-21 10:41:44.445root 11241100x8000000000000000408584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01756d8f149276442021-12-21 10:41:44.446root 11241100x8000000000000000408585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b13b685cce93332021-12-21 10:41:44.446root 11241100x8000000000000000408586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3e319bb37ca897b2021-12-21 10:41:44.446root 11241100x8000000000000000408587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f379ae142f50c62021-12-21 10:41:44.446root 11241100x8000000000000000408588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b49a7dc1a5295de62021-12-21 10:41:44.446root 11241100x8000000000000000408589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac43ef57ba395772021-12-21 10:41:44.446root 11241100x8000000000000000408590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9077ba2685d7d9052021-12-21 10:41:44.446root 11241100x8000000000000000408591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b405c67ee3f0f8f2021-12-21 10:41:44.446root 11241100x8000000000000000408592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6896504f33d93f072021-12-21 10:41:44.447root 11241100x8000000000000000408593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c190fdfb86191c32021-12-21 10:41:44.447root 11241100x8000000000000000408594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcad15bf51aed8442021-12-21 10:41:44.447root 11241100x8000000000000000408595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.700bfb2a3a83d23c2021-12-21 10:41:44.447root 11241100x8000000000000000408596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.481872803a06347e2021-12-21 10:41:44.447root 11241100x8000000000000000408597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd7ad0e579e8c60c2021-12-21 10:41:44.448root 11241100x8000000000000000408598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db6e7196fb2d4d992021-12-21 10:41:44.448root 11241100x8000000000000000408599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a581d2f9d3064f42021-12-21 10:41:44.448root 11241100x8000000000000000408600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75fc9f5c6ea97fee2021-12-21 10:41:44.448root 11241100x8000000000000000408601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d99596a15db283332021-12-21 10:41:44.448root 11241100x8000000000000000408602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c288cac4b612e0ae2021-12-21 10:41:44.448root 11241100x8000000000000000408603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d96eaa3e10ceb42021-12-21 10:41:44.448root 11241100x8000000000000000408604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac647c715c2e3def2021-12-21 10:41:44.448root 11241100x8000000000000000408605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae8f43580c7db0402021-12-21 10:41:44.449root 11241100x8000000000000000408606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f36e4e5f09d6ee2021-12-21 10:41:44.449root 11241100x8000000000000000408607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3360d2d5ff17a312021-12-21 10:41:44.449root 11241100x8000000000000000408608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5621a67569aaa952021-12-21 10:41:44.449root 11241100x8000000000000000408609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90af0defe1b9690f2021-12-21 10:41:44.449root 11241100x8000000000000000408610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2b94a89852947a2021-12-21 10:41:44.450root 11241100x8000000000000000408611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b44b643769290d2021-12-21 10:41:44.450root 11241100x8000000000000000408612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f232707f2e8b562021-12-21 10:41:44.943root 11241100x8000000000000000408613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f15c6bf435c19e1f2021-12-21 10:41:44.943root 11241100x8000000000000000408614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde17edbe61e6aaa2021-12-21 10:41:44.944root 11241100x8000000000000000408615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37825dfcdc47cc092021-12-21 10:41:44.944root 11241100x8000000000000000408616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a0b09c096ce9c42021-12-21 10:41:44.944root 11241100x8000000000000000408617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dfc1da0e1b2247c2021-12-21 10:41:44.944root 11241100x8000000000000000408618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9c33603339b2a82021-12-21 10:41:44.944root 11241100x8000000000000000408619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af14fc8eef5cf03a2021-12-21 10:41:44.944root 11241100x8000000000000000408620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0df69d5953fc262b2021-12-21 10:41:44.945root 11241100x8000000000000000408621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d995d5c8a30dfa2021-12-21 10:41:44.945root 11241100x8000000000000000408622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1977281e78d2848e2021-12-21 10:41:44.945root 11241100x8000000000000000408623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.046361af326423d32021-12-21 10:41:44.945root 11241100x8000000000000000408624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28dfe203c2ceb4372021-12-21 10:41:44.945root 11241100x8000000000000000408625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7749c3c7fd545a842021-12-21 10:41:44.945root 11241100x8000000000000000408626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4cab9c1b5e7107e2021-12-21 10:41:44.945root 11241100x8000000000000000408627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41120f1b4fcc45722021-12-21 10:41:44.945root 11241100x8000000000000000408628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a1a4074e94cb68c2021-12-21 10:41:44.945root 11241100x8000000000000000408629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f228258c1def1bd92021-12-21 10:41:44.945root 11241100x8000000000000000408630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b578fd76104e664f2021-12-21 10:41:44.946root 11241100x8000000000000000408631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b87ea1dfef23d2772021-12-21 10:41:44.946root 11241100x8000000000000000408632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae45eccf1d42649e2021-12-21 10:41:44.946root 11241100x8000000000000000408633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb4851ae394acb0d2021-12-21 10:41:44.946root 11241100x8000000000000000408634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b97b910728b8c1ed2021-12-21 10:41:44.946root 11241100x8000000000000000408635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e50fb8142925a2962021-12-21 10:41:44.946root 11241100x8000000000000000408636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8b4eddf72c702962021-12-21 10:41:44.946root 11241100x8000000000000000408637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec5383556ad2d222021-12-21 10:41:44.946root 11241100x8000000000000000408638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce36b6e75bd392c2021-12-21 10:41:44.946root 11241100x8000000000000000408639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d1473c7668f1a372021-12-21 10:41:44.947root 11241100x8000000000000000408640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.555959f59dcb87aa2021-12-21 10:41:44.947root 11241100x8000000000000000408641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db33a8f69af00e7c2021-12-21 10:41:44.947root 11241100x8000000000000000408642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42456894a84329b62021-12-21 10:41:44.947root 11241100x8000000000000000408643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38b270473183094e2021-12-21 10:41:44.947root 11241100x8000000000000000408644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e8066eb42bb3942021-12-21 10:41:44.947root 11241100x8000000000000000408645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:44.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f679584390edfc32021-12-21 10:41:44.947root 11241100x8000000000000000408646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd724363895560192021-12-21 10:41:45.443root 11241100x8000000000000000408647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3cae15fb4b2dce62021-12-21 10:41:45.443root 11241100x8000000000000000408648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e82b946b4de2c6c2021-12-21 10:41:45.443root 11241100x8000000000000000408649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be6eae3c086773f2021-12-21 10:41:45.443root 11241100x8000000000000000408650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77711c4705410ac82021-12-21 10:41:45.444root 11241100x8000000000000000408651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e05e6cf03e05bebc2021-12-21 10:41:45.444root 11241100x8000000000000000408652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82dcddc768063a182021-12-21 10:41:45.444root 11241100x8000000000000000408653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a37113bfa040e0d2021-12-21 10:41:45.444root 11241100x8000000000000000408654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e3588f423a7de02021-12-21 10:41:45.444root 11241100x8000000000000000408655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa8d99e74a091e642021-12-21 10:41:45.444root 11241100x8000000000000000408656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f445b92d1cc4424f2021-12-21 10:41:45.444root 11241100x8000000000000000408657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe7ac865426a8c22021-12-21 10:41:45.444root 11241100x8000000000000000408658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a44782ae6fde142021-12-21 10:41:45.444root 11241100x8000000000000000408659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23bd470fabcc81e82021-12-21 10:41:45.444root 11241100x8000000000000000408660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f6551da4661c8c2021-12-21 10:41:45.444root 11241100x8000000000000000408661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3250108cea86b9922021-12-21 10:41:45.444root 11241100x8000000000000000408662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c2b1a9e6cd187412021-12-21 10:41:45.444root 11241100x8000000000000000408663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e326fddd48279a212021-12-21 10:41:45.444root 11241100x8000000000000000408664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1f38e8924afed0f2021-12-21 10:41:45.444root 11241100x8000000000000000408665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2bb5e0b171391262021-12-21 10:41:45.445root 11241100x8000000000000000408666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f48a5c6c0141ef522021-12-21 10:41:45.445root 11241100x8000000000000000408667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7dc7ecea03f035e2021-12-21 10:41:45.445root 11241100x8000000000000000408668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.995720c181f9ec102021-12-21 10:41:45.445root 11241100x8000000000000000408669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.354f06fba3d69a6b2021-12-21 10:41:45.445root 11241100x8000000000000000408670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc849fae8149e7f32021-12-21 10:41:45.445root 11241100x8000000000000000408671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e0118d87f21d9ee2021-12-21 10:41:45.445root 11241100x8000000000000000408672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7adac7df2dfc97922021-12-21 10:41:45.445root 11241100x8000000000000000408673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee373a1774accc582021-12-21 10:41:45.445root 11241100x8000000000000000408674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6142f2e0dbbb1ba52021-12-21 10:41:45.445root 11241100x8000000000000000408675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.237eef8080cf7c522021-12-21 10:41:45.445root 11241100x8000000000000000408676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74747237e74e3a2b2021-12-21 10:41:45.445root 11241100x8000000000000000408677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40da9e115c4260752021-12-21 10:41:45.445root 11241100x8000000000000000408678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16f36b65abc062302021-12-21 10:41:45.445root 11241100x8000000000000000408679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdbe083fe262ca612021-12-21 10:41:45.446root 11241100x8000000000000000408680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac5f79147a8079422021-12-21 10:41:45.446root 11241100x8000000000000000408681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e030accbe39f012021-12-21 10:41:45.943root 11241100x8000000000000000408682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c6556dc9dfc1892021-12-21 10:41:45.943root 11241100x8000000000000000408683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d119a617945bd562021-12-21 10:41:45.943root 11241100x8000000000000000408684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e84c30c5b9caf4612021-12-21 10:41:45.943root 11241100x8000000000000000408685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f321b89bf3fbea2021-12-21 10:41:45.943root 11241100x8000000000000000408686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b9f28b74e1919e2021-12-21 10:41:45.943root 11241100x8000000000000000408687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.667bb391db04e0b42021-12-21 10:41:45.943root 11241100x8000000000000000408688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f21af23dede33872021-12-21 10:41:45.943root 11241100x8000000000000000408689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b9f8dec7568b2f2021-12-21 10:41:45.943root 11241100x8000000000000000408690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee5785944101e6de2021-12-21 10:41:45.943root 11241100x8000000000000000408691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff770b84aed092992021-12-21 10:41:45.944root 11241100x8000000000000000408692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600582901d9116c62021-12-21 10:41:45.944root 11241100x8000000000000000408693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72ba43d59b264e02021-12-21 10:41:45.944root 11241100x8000000000000000408694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8ded0db7a242e872021-12-21 10:41:45.944root 11241100x8000000000000000408695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a48900ba96826d542021-12-21 10:41:45.944root 11241100x8000000000000000408696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b3e2392e20b9e42021-12-21 10:41:45.944root 11241100x8000000000000000408697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adc08b366bb088db2021-12-21 10:41:45.944root 11241100x8000000000000000408698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb7b759647fd7fb62021-12-21 10:41:45.944root 11241100x8000000000000000408699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef01480257b8c002021-12-21 10:41:45.945root 11241100x8000000000000000408700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02a0604b8e45a1292021-12-21 10:41:45.945root 11241100x8000000000000000408701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb2530328c452532021-12-21 10:41:45.945root 11241100x8000000000000000408702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f132673f6196a0132021-12-21 10:41:45.946root 11241100x8000000000000000408703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f32f4934bb0238812021-12-21 10:41:45.946root 11241100x8000000000000000408704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de79a4236a2ffc2d2021-12-21 10:41:45.946root 11241100x8000000000000000408705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb1466d5ad1b5e22021-12-21 10:41:45.946root 11241100x8000000000000000408706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d2b179f146034472021-12-21 10:41:45.946root 11241100x8000000000000000408707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfde997c605bf9662021-12-21 10:41:45.946root 11241100x8000000000000000408708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.041def5e6ed9c6912021-12-21 10:41:45.946root 11241100x8000000000000000408709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3394785bf50888f32021-12-21 10:41:45.946root 11241100x8000000000000000408710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f9f2f7c85c591172021-12-21 10:41:45.947root 11241100x8000000000000000408711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b205d5abbd6a1442021-12-21 10:41:45.947root 11241100x8000000000000000408712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d4e6d7c80468612021-12-21 10:41:45.947root 11241100x8000000000000000408713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c41d83599e35a72021-12-21 10:41:45.947root 11241100x8000000000000000408714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d63d71ea127955d22021-12-21 10:41:45.947root 11241100x8000000000000000408715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e4d882944ee510d2021-12-21 10:41:45.947root 11241100x8000000000000000408716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d11feeca4e16b7f2021-12-21 10:41:45.947root 11241100x8000000000000000408717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b97a4263be41f2fb2021-12-21 10:41:45.947root 11241100x8000000000000000408718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.404ed4a332fde99e2021-12-21 10:41:45.948root 11241100x8000000000000000408719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4617168a335605f2021-12-21 10:41:45.948root 11241100x8000000000000000408720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1b0a4a7e27db2932021-12-21 10:41:45.948root 11241100x8000000000000000408721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69cba43a16f4464a2021-12-21 10:41:45.948root 11241100x8000000000000000408722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ed9ff4a4154a2342021-12-21 10:41:45.948root 11241100x8000000000000000408723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d84575c23ca05dac2021-12-21 10:41:45.948root 11241100x8000000000000000408724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59fba547da8b75512021-12-21 10:41:45.949root 11241100x8000000000000000408725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4232827ea62af462021-12-21 10:41:45.949root 11241100x8000000000000000408726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba5bd933c02f59bf2021-12-21 10:41:45.949root 11241100x8000000000000000408727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae4e80fecd8b8bf2021-12-21 10:41:45.949root 11241100x8000000000000000408728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.551484391b8627db2021-12-21 10:41:45.949root 11241100x8000000000000000408729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5009f7394a33c94b2021-12-21 10:41:45.949root 11241100x8000000000000000408730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff5f270e4f811852021-12-21 10:41:45.949root 11241100x8000000000000000408731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a7764dfc48903a2021-12-21 10:41:45.949root 11241100x8000000000000000408732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39180dc6bc0e2d512021-12-21 10:41:45.949root 11241100x8000000000000000408733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32ed8ef11c485952021-12-21 10:41:45.949root 11241100x8000000000000000408734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.631321ad8c2049bf2021-12-21 10:41:45.949root 11241100x8000000000000000408735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:45.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64b533dea99b525f2021-12-21 10:41:45.950root 11241100x8000000000000000408736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c3aa1ecec1ddbec2021-12-21 10:41:46.443root 11241100x8000000000000000408737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b37dae8a200cb8b92021-12-21 10:41:46.443root 11241100x8000000000000000408738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5750012acecffbf2021-12-21 10:41:46.443root 11241100x8000000000000000408739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98268a752042c5f82021-12-21 10:41:46.443root 11241100x8000000000000000408740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52dafdfb2e264c452021-12-21 10:41:46.443root 11241100x8000000000000000408741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d86b93622eb57ab52021-12-21 10:41:46.443root 11241100x8000000000000000408742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df3303ce695acaaa2021-12-21 10:41:46.444root 11241100x8000000000000000408743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a049474e2651292021-12-21 10:41:46.444root 11241100x8000000000000000408744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6608ed266b07cbd2021-12-21 10:41:46.444root 11241100x8000000000000000408745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d7d1b9f4815a8c2021-12-21 10:41:46.444root 11241100x8000000000000000408746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a065c5cad81b6d42021-12-21 10:41:46.444root 11241100x8000000000000000408747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3930d0507588eac02021-12-21 10:41:46.444root 11241100x8000000000000000408748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b5025367413ed092021-12-21 10:41:46.445root 11241100x8000000000000000408749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.161fd46e93f8c4772021-12-21 10:41:46.445root 11241100x8000000000000000408750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c347e561a16105b52021-12-21 10:41:46.445root 11241100x8000000000000000408751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f88e1b72dcf0f30e2021-12-21 10:41:46.445root 11241100x8000000000000000408752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.094539acbd0da9422021-12-21 10:41:46.445root 11241100x8000000000000000408753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a5e0778020592ff2021-12-21 10:41:46.446root 11241100x8000000000000000408754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.306560285c0b2a6c2021-12-21 10:41:46.446root 11241100x8000000000000000408755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c91cb80535758d22021-12-21 10:41:46.446root 11241100x8000000000000000408756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd9272025d1a7fe52021-12-21 10:41:46.446root 11241100x8000000000000000408757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24261687b5c5dfe2021-12-21 10:41:46.446root 11241100x8000000000000000408758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b382dc7e7912c92021-12-21 10:41:46.446root 11241100x8000000000000000408759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47391769619888b42021-12-21 10:41:46.447root 11241100x8000000000000000408760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f640034fa0756562021-12-21 10:41:46.447root 11241100x8000000000000000408761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1529fae7cc4c8902021-12-21 10:41:46.447root 11241100x8000000000000000408762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62f630a16965de922021-12-21 10:41:46.447root 11241100x8000000000000000408763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a3dc20b22453932021-12-21 10:41:46.447root 11241100x8000000000000000408764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00a57bd386626bac2021-12-21 10:41:46.448root 11241100x8000000000000000408765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d72b25c01f57f89d2021-12-21 10:41:46.448root 11241100x8000000000000000408766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a6253643790f522021-12-21 10:41:46.448root 11241100x8000000000000000408767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.230d20bebd54ede42021-12-21 10:41:46.449root 11241100x8000000000000000408768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d0e87e613c37d62021-12-21 10:41:46.449root 11241100x8000000000000000408769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670629933bc46c512021-12-21 10:41:46.449root 11241100x8000000000000000408770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa695c0379c0edbc2021-12-21 10:41:46.449root 11241100x8000000000000000408771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d990c73004ac81b2021-12-21 10:41:46.450root 11241100x8000000000000000408772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3a8333b686974802021-12-21 10:41:46.450root 11241100x8000000000000000408773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb9a8da0d00dc15e2021-12-21 10:41:46.450root 11241100x8000000000000000408774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0265ac038cfac9bb2021-12-21 10:41:46.451root 11241100x8000000000000000408775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db4250e32dcbd0d12021-12-21 10:41:46.451root 11241100x8000000000000000408776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0d34111d2d51972021-12-21 10:41:46.451root 11241100x8000000000000000408777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e006ccf6424f6c2021-12-21 10:41:46.451root 11241100x8000000000000000408778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c1cb3513a7736b2021-12-21 10:41:46.453root 11241100x8000000000000000408779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882f10e9c7d431de2021-12-21 10:41:46.453root 11241100x8000000000000000408780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a859d0d7876a9b3b2021-12-21 10:41:46.454root 11241100x8000000000000000408781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f56973b27237c982021-12-21 10:41:46.454root 11241100x8000000000000000408782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f3d18b44e1a8bd2021-12-21 10:41:46.455root 11241100x8000000000000000408783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718f256100a28d362021-12-21 10:41:46.455root 11241100x8000000000000000408784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6463ecddae0732e2021-12-21 10:41:46.455root 11241100x8000000000000000408785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e0de13d6a6d9ba2021-12-21 10:41:46.942root 11241100x8000000000000000408786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ce9dfde71e365022021-12-21 10:41:46.943root 11241100x8000000000000000408787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a549aa777b45202021-12-21 10:41:46.943root 11241100x8000000000000000408788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6b1bec44b6b38282021-12-21 10:41:46.943root 11241100x8000000000000000408789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04d4630214e1e6f92021-12-21 10:41:46.944root 11241100x8000000000000000408790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410107b5dab995ba2021-12-21 10:41:46.945root 11241100x8000000000000000408791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6330ce8ca67f6ba32021-12-21 10:41:46.945root 11241100x8000000000000000408792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7ce5aa5a0f7b80f2021-12-21 10:41:46.945root 11241100x8000000000000000408793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.702c7c9bd17bf0a22021-12-21 10:41:46.945root 11241100x8000000000000000408794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2567f807b13c6172021-12-21 10:41:46.945root 11241100x8000000000000000408795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ae6cbb3cd834cf2021-12-21 10:41:46.945root 11241100x8000000000000000408796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a69f8b13d6bd9aef2021-12-21 10:41:46.946root 11241100x8000000000000000408797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e3f7e3842ad5b812021-12-21 10:41:46.946root 11241100x8000000000000000408798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.809a30911481d7cf2021-12-21 10:41:46.946root 11241100x8000000000000000408799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a5a5bfc2133dc42021-12-21 10:41:46.946root 11241100x8000000000000000408800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.481c224220d58e242021-12-21 10:41:46.946root 11241100x8000000000000000408801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b39eecc627a58d42021-12-21 10:41:46.946root 11241100x8000000000000000408802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.156f7ec8ef816c1e2021-12-21 10:41:46.946root 11241100x8000000000000000408803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf9a1f6992faea502021-12-21 10:41:46.946root 11241100x8000000000000000408804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5a0cda9e46981c92021-12-21 10:41:46.946root 11241100x8000000000000000408805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d975c1d7c65fd12021-12-21 10:41:46.946root 11241100x8000000000000000408806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69db9ce88de48f162021-12-21 10:41:46.946root 11241100x8000000000000000408807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ca2b3d815316e222021-12-21 10:41:46.946root 11241100x8000000000000000408808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dcbaa805f2f54f12021-12-21 10:41:46.947root 11241100x8000000000000000408809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66f097d4427e5ea72021-12-21 10:41:46.947root 11241100x8000000000000000408810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6601ed7d2b17ad42021-12-21 10:41:46.947root 11241100x8000000000000000408811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee6060ef3ef920a32021-12-21 10:41:46.947root 11241100x8000000000000000408812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.617b15a3b8c4d5992021-12-21 10:41:46.947root 11241100x8000000000000000408813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7755c8d941a98c692021-12-21 10:41:46.947root 11241100x8000000000000000408814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72756fc37a4c24fb2021-12-21 10:41:46.948root 11241100x8000000000000000408815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d68c3c60f6a7a52021-12-21 10:41:46.948root 11241100x8000000000000000408816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b91c142e540f912021-12-21 10:41:46.948root 11241100x8000000000000000408817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e8aae7ffd4505302021-12-21 10:41:46.948root 11241100x8000000000000000408818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4eaf7dd7d3bbfe82021-12-21 10:41:46.948root 11241100x8000000000000000408819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b516fa6eed55e8262021-12-21 10:41:46.948root 11241100x8000000000000000408820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efbb10a9e92149012021-12-21 10:41:46.948root 11241100x8000000000000000408821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d3d04934f19dd772021-12-21 10:41:46.948root 11241100x8000000000000000408822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:46.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46c8c6a32e48d29f2021-12-21 10:41:46.949root 11241100x8000000000000000408823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.188272e30d453c042021-12-21 10:41:47.443root 11241100x8000000000000000408824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea01afbd38216e592021-12-21 10:41:47.443root 11241100x8000000000000000408825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa585a7010e944892021-12-21 10:41:47.443root 11241100x8000000000000000408826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f5ef704676614272021-12-21 10:41:47.443root 11241100x8000000000000000408827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.133a455df57cd7522021-12-21 10:41:47.444root 11241100x8000000000000000408828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e6092a4cb750632021-12-21 10:41:47.444root 11241100x8000000000000000408829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f657f37b2864e31e2021-12-21 10:41:47.444root 11241100x8000000000000000408830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d922a496cf8c840f2021-12-21 10:41:47.444root 11241100x8000000000000000408831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dbf85452ac1dc382021-12-21 10:41:47.444root 11241100x8000000000000000408832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6694bd18dbe9a5352021-12-21 10:41:47.444root 11241100x8000000000000000408833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f06beca5f1a864332021-12-21 10:41:47.444root 11241100x8000000000000000408834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d46f7a24d5975d2021-12-21 10:41:47.445root 11241100x8000000000000000408835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb219146f89bbb62021-12-21 10:41:47.445root 11241100x8000000000000000408836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2661bb7dc8665bc02021-12-21 10:41:47.445root 11241100x8000000000000000408837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c57b5dc96ff1370e2021-12-21 10:41:47.445root 11241100x8000000000000000408838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b089ddfb0b51e12021-12-21 10:41:47.445root 11241100x8000000000000000408839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.168533c75d578f412021-12-21 10:41:47.445root 11241100x8000000000000000408840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef5c14b909cac672021-12-21 10:41:47.446root 11241100x8000000000000000408841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fccf24e2f836ad72021-12-21 10:41:47.446root 11241100x8000000000000000408842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11016b7dd249bf5b2021-12-21 10:41:47.446root 11241100x8000000000000000408843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bd21d3936c6a9a62021-12-21 10:41:47.446root 11241100x8000000000000000408844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d40df7571a2d0c742021-12-21 10:41:47.446root 11241100x8000000000000000408845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50af7a496a1c5cf12021-12-21 10:41:47.446root 11241100x8000000000000000408846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79fad4b81e4ee4382021-12-21 10:41:47.446root 11241100x8000000000000000408847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a25a8b9bc65aea722021-12-21 10:41:47.447root 11241100x8000000000000000408848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e6bbe61e4b972de2021-12-21 10:41:47.447root 11241100x8000000000000000408849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7c642464d51eab2021-12-21 10:41:47.447root 11241100x8000000000000000408850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ed27d2de290dc1f2021-12-21 10:41:47.448root 11241100x8000000000000000408851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b82f4f9fa7405df2021-12-21 10:41:47.448root 11241100x8000000000000000408852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37491c01fa8e959e2021-12-21 10:41:47.448root 11241100x8000000000000000408853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc3429d19b14ca642021-12-21 10:41:47.448root 11241100x8000000000000000408854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99abadfa4aaa94302021-12-21 10:41:47.448root 11241100x8000000000000000408855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.246dd1368e1432a82021-12-21 10:41:47.448root 11241100x8000000000000000408856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5829c8df7479b012021-12-21 10:41:47.448root 11241100x8000000000000000408857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f7d6ec3bd3058cd2021-12-21 10:41:47.449root 11241100x8000000000000000408858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5283fc96d07b36f2021-12-21 10:41:47.449root 11241100x8000000000000000408859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd1a30316f38b4f2021-12-21 10:41:47.449root 11241100x8000000000000000408860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5935d5fa5b65d6bc2021-12-21 10:41:47.449root 11241100x8000000000000000408861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66b15298faff1e872021-12-21 10:41:47.449root 11241100x8000000000000000408862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.326fe9cb1f5d4f862021-12-21 10:41:47.449root 11241100x8000000000000000408863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1990a570a8889e462021-12-21 10:41:47.449root 11241100x8000000000000000408864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0a4099eecfdbe9a2021-12-21 10:41:47.449root 11241100x8000000000000000408865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900210cc0d77c9af2021-12-21 10:41:47.449root 11241100x8000000000000000408866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b945f705d14c1bfe2021-12-21 10:41:47.449root 11241100x8000000000000000408867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653eff583512cf5e2021-12-21 10:41:47.449root 11241100x8000000000000000408868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bbd9286b868913f2021-12-21 10:41:47.943root 11241100x8000000000000000408869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9fac571b04dc0082021-12-21 10:41:47.943root 11241100x8000000000000000408870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51985dc87416a0bb2021-12-21 10:41:47.943root 11241100x8000000000000000408871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c684df98f665fbd42021-12-21 10:41:47.943root 11241100x8000000000000000408872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f56a7306476ab82021-12-21 10:41:47.944root 11241100x8000000000000000408873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7a77cbda89e69f2021-12-21 10:41:47.944root 11241100x8000000000000000408874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c46518816abe5982021-12-21 10:41:47.944root 11241100x8000000000000000408875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40715580533c52552021-12-21 10:41:47.944root 11241100x8000000000000000408876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1e7bf0963d510c72021-12-21 10:41:47.944root 11241100x8000000000000000408877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eb8bf1a6a2346392021-12-21 10:41:47.944root 11241100x8000000000000000408878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4831c2511ca5758b2021-12-21 10:41:47.944root 11241100x8000000000000000408879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b44d7f6ab4eb6b7f2021-12-21 10:41:47.944root 11241100x8000000000000000408880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c640a3acdda9ec1e2021-12-21 10:41:47.944root 11241100x8000000000000000408881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ba46a23edc9cdd32021-12-21 10:41:47.944root 11241100x8000000000000000408882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b85d8d364ead2a212021-12-21 10:41:47.944root 11241100x8000000000000000408883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a1cf58ef1affc782021-12-21 10:41:47.944root 11241100x8000000000000000408884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4e137c6901eb9d2021-12-21 10:41:47.944root 11241100x8000000000000000408885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44d0e734b5df3ea02021-12-21 10:41:47.945root 11241100x8000000000000000408886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d19fe151b253dc422021-12-21 10:41:47.945root 11241100x8000000000000000408887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb9c99dcd6fa0f4c2021-12-21 10:41:47.945root 11241100x8000000000000000408888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8447c784e6c30272021-12-21 10:41:47.945root 11241100x8000000000000000408889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cefa241a51de0482021-12-21 10:41:47.945root 11241100x8000000000000000408890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02bb52ccff7f9fc32021-12-21 10:41:47.945root 11241100x8000000000000000408891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548e01ce24d2ca702021-12-21 10:41:47.945root 11241100x8000000000000000408892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac9b1eb89225f6102021-12-21 10:41:47.945root 11241100x8000000000000000408893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0a34a2e9ddd5d82021-12-21 10:41:47.946root 11241100x8000000000000000408894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f35e8b850599c082021-12-21 10:41:47.946root 11241100x8000000000000000408895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf7912b560185032021-12-21 10:41:47.946root 11241100x8000000000000000408896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c76479deb27b06f32021-12-21 10:41:47.946root 11241100x8000000000000000408897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94797420f1bfc0672021-12-21 10:41:47.946root 11241100x8000000000000000408898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af79d723303a21d52021-12-21 10:41:47.946root 11241100x8000000000000000408899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ccbdd78c3fdd0de2021-12-21 10:41:47.946root 11241100x8000000000000000408900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae365ee3cdb504c2021-12-21 10:41:47.947root 11241100x8000000000000000408901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8730b75d04841f842021-12-21 10:41:47.947root 11241100x8000000000000000408902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a4273cb7eab5db52021-12-21 10:41:47.947root 11241100x8000000000000000408903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f75ffed2c628c9b92021-12-21 10:41:47.947root 11241100x8000000000000000408904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0365ea6ef11eff592021-12-21 10:41:47.948root 11241100x8000000000000000408905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ea15015b493a002021-12-21 10:41:47.948root 11241100x8000000000000000408906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b66f05e29f93e2e22021-12-21 10:41:47.948root 11241100x8000000000000000408907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.801525923c708cf52021-12-21 10:41:47.948root 11241100x8000000000000000408908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76325f30806c821f2021-12-21 10:41:47.948root 11241100x8000000000000000408909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f621fa5f8dfc872021-12-21 10:41:47.949root 11241100x8000000000000000408910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.640e9291c02210bc2021-12-21 10:41:47.949root 11241100x8000000000000000408911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adada831d4958ca02021-12-21 10:41:47.949root 11241100x8000000000000000408912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff0884bf0ced86ce2021-12-21 10:41:47.949root 11241100x8000000000000000408913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e885aa1e58c31b862021-12-21 10:41:47.949root 11241100x8000000000000000408914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f349b699217184c82021-12-21 10:41:47.950root 11241100x8000000000000000408915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd4095e02f981e12021-12-21 10:41:47.950root 11241100x8000000000000000408916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d1bc2e2f6dfe7e12021-12-21 10:41:47.950root 11241100x8000000000000000408917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8ef82d7c10f3a5f2021-12-21 10:41:47.950root 11241100x8000000000000000408918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c670f9d71adae7e72021-12-21 10:41:47.950root 11241100x8000000000000000408919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e5555ea315d658e2021-12-21 10:41:47.950root 11241100x8000000000000000408920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3430289f6e2de9b22021-12-21 10:41:47.951root 11241100x8000000000000000408921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4508e9f5b614b9a2021-12-21 10:41:47.951root 11241100x8000000000000000408922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86db59bcec11aaea2021-12-21 10:41:47.951root 11241100x8000000000000000408923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3397fc0f1074aec2021-12-21 10:41:47.951root 11241100x8000000000000000408924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1666876fbc4eaa72021-12-21 10:41:47.951root 11241100x8000000000000000408925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6086df9e6a89ea9b2021-12-21 10:41:47.951root 11241100x8000000000000000408926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1025b477414d54212021-12-21 10:41:47.952root 11241100x8000000000000000408927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e34b36fef11861862021-12-21 10:41:47.952root 11241100x8000000000000000408928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e9c22a1331520d2021-12-21 10:41:47.952root 11241100x8000000000000000408929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04bdf17714ee74ea2021-12-21 10:41:47.953root 11241100x8000000000000000408930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a57a62c77bed5cf2021-12-21 10:41:47.953root 11241100x8000000000000000408931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e6507964bee29e02021-12-21 10:41:47.954root 11241100x8000000000000000408932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96fed3c5740f100f2021-12-21 10:41:47.954root 11241100x8000000000000000408933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c901febdc96cff8a2021-12-21 10:41:47.954root 11241100x8000000000000000408934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fee7926cdf30f862021-12-21 10:41:47.954root 11241100x8000000000000000408935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60da3ace7b314e452021-12-21 10:41:47.954root 11241100x8000000000000000408936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5528f0254e8fbc7b2021-12-21 10:41:47.954root 11241100x8000000000000000408937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b257e22a0329e4f42021-12-21 10:41:47.954root 11241100x8000000000000000408938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b1ff7f39e8d9da2021-12-21 10:41:47.954root 11241100x8000000000000000408939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee813d9accda6992021-12-21 10:41:47.954root 11241100x8000000000000000408940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8587fb8f4170fe12021-12-21 10:41:47.954root 11241100x8000000000000000408941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.366bb1344bfb411a2021-12-21 10:41:47.955root 11241100x8000000000000000408942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9312af146f4604992021-12-21 10:41:47.955root 11241100x8000000000000000408943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e5f815f82632c4c2021-12-21 10:41:47.955root 11241100x8000000000000000408944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77209a14517aa4aa2021-12-21 10:41:47.955root 11241100x8000000000000000408945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5723e7c3290a5de62021-12-21 10:41:47.955root 11241100x8000000000000000408946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d782edef6b1021b12021-12-21 10:41:47.955root 11241100x8000000000000000408947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031077ca8607572e2021-12-21 10:41:47.955root 11241100x8000000000000000408948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.226994e6af3e1d9c2021-12-21 10:41:47.955root 11241100x8000000000000000408949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140f5efc724e4d9b2021-12-21 10:41:47.955root 11241100x8000000000000000408950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cabc9586268721be2021-12-21 10:41:47.956root 11241100x8000000000000000408951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e79ff734a84d633e2021-12-21 10:41:47.956root 11241100x8000000000000000408952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a54aec2a42c92c2021-12-21 10:41:47.956root 11241100x8000000000000000408953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.421cc7504aa62ae22021-12-21 10:41:47.956root 11241100x8000000000000000408954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de5d01988c505bb52021-12-21 10:41:47.956root 11241100x8000000000000000408955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7046d4841a48cf32021-12-21 10:41:47.956root 11241100x8000000000000000408956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf915c07ea9a34c2021-12-21 10:41:47.956root 11241100x8000000000000000408957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd44338dd59e3a72021-12-21 10:41:47.956root 11241100x8000000000000000408958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faefe7ee21e7a7fd2021-12-21 10:41:47.956root 11241100x8000000000000000408959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae056fc65044e7b22021-12-21 10:41:47.956root 11241100x8000000000000000408960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e12a75c96ca4a2c2021-12-21 10:41:47.957root 11241100x8000000000000000408961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ccf2654041549f2021-12-21 10:41:47.957root 11241100x8000000000000000408962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93fda30ee76721892021-12-21 10:41:47.957root 11241100x8000000000000000408963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59644833de4cced92021-12-21 10:41:47.957root 11241100x8000000000000000408964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c166d03973d3c04b2021-12-21 10:41:47.957root 11241100x8000000000000000408965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748064a32093911d2021-12-21 10:41:47.957root 11241100x8000000000000000408966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fe66c007771828b2021-12-21 10:41:47.957root 11241100x8000000000000000408967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8f50fd67edd8ef2021-12-21 10:41:47.957root 11241100x8000000000000000408968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a98535815612c06a2021-12-21 10:41:47.957root 11241100x8000000000000000408969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7535171c3a53f492021-12-21 10:41:47.958root 11241100x8000000000000000408970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44e5226c0db34e1c2021-12-21 10:41:47.958root 11241100x8000000000000000408971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc1971f32984bbf2021-12-21 10:41:47.958root 11241100x8000000000000000408972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cc3cd0f44b5a5812021-12-21 10:41:47.958root 11241100x8000000000000000408973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a5e125de3feb8572021-12-21 10:41:47.958root 11241100x8000000000000000408974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:47.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a7c6925fed2c112021-12-21 10:41:47.958root 11241100x8000000000000000408975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6a5329cdc3e0ec82021-12-21 10:41:48.443root 11241100x8000000000000000408976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.004441c3face918c2021-12-21 10:41:48.443root 11241100x8000000000000000408977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79f8814d9f839e362021-12-21 10:41:48.443root 11241100x8000000000000000408978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df9e6f1524c7cb032021-12-21 10:41:48.443root 11241100x8000000000000000408979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65215c36cf953f8f2021-12-21 10:41:48.443root 11241100x8000000000000000408980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db2a2f71adace4882021-12-21 10:41:48.443root 11241100x8000000000000000408981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ba56377a84f87752021-12-21 10:41:48.444root 11241100x8000000000000000408982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f3b34f0f13993d2021-12-21 10:41:48.444root 11241100x8000000000000000408983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2276eca6994c91202021-12-21 10:41:48.444root 11241100x8000000000000000408984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09c4a0bc1b47ac42021-12-21 10:41:48.444root 11241100x8000000000000000408985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fc8e3003ec759e72021-12-21 10:41:48.444root 11241100x8000000000000000408986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cde92e660112bb22021-12-21 10:41:48.444root 11241100x8000000000000000408987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9499d284d5d578c62021-12-21 10:41:48.444root 11241100x8000000000000000408988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5797f41ccf57991e2021-12-21 10:41:48.444root 11241100x8000000000000000408989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5feb5d67c02229f42021-12-21 10:41:48.444root 11241100x8000000000000000408990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.610979020bb97a702021-12-21 10:41:48.444root 11241100x8000000000000000408991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d6fb86720e6010e2021-12-21 10:41:48.445root 11241100x8000000000000000408992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fab49c5d343dabff2021-12-21 10:41:48.445root 11241100x8000000000000000408993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a59d18823b8b13b82021-12-21 10:41:48.445root 11241100x8000000000000000408994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.480371c421ffc49f2021-12-21 10:41:48.445root 11241100x8000000000000000408995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.913982c84063c1d42021-12-21 10:41:48.445root 11241100x8000000000000000408996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44e734235c2a9a772021-12-21 10:41:48.445root 11241100x8000000000000000408997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ad13d99ebbd4c912021-12-21 10:41:48.445root 11241100x8000000000000000408998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ddad67520e149be2021-12-21 10:41:48.445root 11241100x8000000000000000408999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b5b310e20a88c012021-12-21 10:41:48.445root 11241100x8000000000000000409000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c95833983cc0f952021-12-21 10:41:48.445root 11241100x8000000000000000409001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.701066f1fc22ac452021-12-21 10:41:48.446root 11241100x8000000000000000409002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.346f2ca1674097562021-12-21 10:41:48.446root 11241100x8000000000000000409003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6616cff844d933182021-12-21 10:41:48.446root 11241100x8000000000000000409004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.341c4b6359cc7f882021-12-21 10:41:48.446root 11241100x8000000000000000409005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df29b80e71bb77982021-12-21 10:41:48.446root 11241100x8000000000000000409006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a76f37c8751f2402021-12-21 10:41:48.446root 11241100x8000000000000000409007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7c7d7fb7f75ff22021-12-21 10:41:48.446root 11241100x8000000000000000409008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb305054891dc7ab2021-12-21 10:41:48.447root 11241100x8000000000000000409009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e8e0f2a7aa6f2402021-12-21 10:41:48.447root 11241100x8000000000000000409010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c5ca15ad272f9972021-12-21 10:41:48.447root 11241100x8000000000000000409011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.788bd74178a60ab92021-12-21 10:41:48.447root 11241100x8000000000000000409012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca0872ce8cdfe532021-12-21 10:41:48.447root 11241100x8000000000000000409013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.494582fa935a457d2021-12-21 10:41:48.447root 11241100x8000000000000000409014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fccc48852d08edfb2021-12-21 10:41:48.447root 11241100x8000000000000000409015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9983513e127a535d2021-12-21 10:41:48.447root 11241100x8000000000000000409016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e42b27a7165d1642021-12-21 10:41:48.447root 11241100x8000000000000000409017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac99d07183e36e1b2021-12-21 10:41:48.447root 11241100x8000000000000000409018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce5f1322de04f6cd2021-12-21 10:41:48.942root 11241100x8000000000000000409019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.919871ef941284582021-12-21 10:41:48.943root 11241100x8000000000000000409020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dca2a0427ca0b9912021-12-21 10:41:48.943root 11241100x8000000000000000409021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19c269cb0de9ecc42021-12-21 10:41:48.943root 11241100x8000000000000000409022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0fe8676596deb52021-12-21 10:41:48.943root 11241100x8000000000000000409023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e104b41803451d2021-12-21 10:41:48.943root 11241100x8000000000000000409024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a96f1f4f5e204b2021-12-21 10:41:48.943root 11241100x8000000000000000409025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e82372664c43392021-12-21 10:41:48.944root 11241100x8000000000000000409026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c49d90e4b71e7a7e2021-12-21 10:41:48.944root 11241100x8000000000000000409027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.567dabb03913b3022021-12-21 10:41:48.944root 11241100x8000000000000000409028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc92fd428654ac1a2021-12-21 10:41:48.944root 11241100x8000000000000000409029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3463aaa1074821542021-12-21 10:41:48.944root 11241100x8000000000000000409030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58bb99df79635aad2021-12-21 10:41:48.944root 11241100x8000000000000000409031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c00e60cef84a14c82021-12-21 10:41:48.945root 11241100x8000000000000000409032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a36d9732abfebcf22021-12-21 10:41:48.945root 11241100x8000000000000000409033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c504d52ad161d1062021-12-21 10:41:48.945root 11241100x8000000000000000409034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d92ede995f3a472021-12-21 10:41:48.945root 11241100x8000000000000000409035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f138cfb51ddd8662021-12-21 10:41:48.945root 11241100x8000000000000000409036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7cda8456ccc23c52021-12-21 10:41:48.946root 11241100x8000000000000000409037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e789643cbbe499b2021-12-21 10:41:48.946root 11241100x8000000000000000409038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f7d217734a17a462021-12-21 10:41:48.946root 11241100x8000000000000000409039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47117f011a3309ea2021-12-21 10:41:48.946root 11241100x8000000000000000409040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e173e4fd8aa7092021-12-21 10:41:48.946root 11241100x8000000000000000409041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76abebfd55dcc6372021-12-21 10:41:48.947root 11241100x8000000000000000409042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd2098e21c839972021-12-21 10:41:48.947root 11241100x8000000000000000409043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb017286437227892021-12-21 10:41:48.947root 11241100x8000000000000000409044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.077aa9b7e584d5612021-12-21 10:41:48.947root 11241100x8000000000000000409045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff48a1f02a1d9502021-12-21 10:41:48.947root 11241100x8000000000000000409046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db22a566fc4f7962021-12-21 10:41:48.947root 11241100x8000000000000000409047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d4a2e057a6242b2021-12-21 10:41:48.947root 11241100x8000000000000000409048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab5cbd386afae47a2021-12-21 10:41:48.947root 11241100x8000000000000000409049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d944023c046695912021-12-21 10:41:48.947root 11241100x8000000000000000409050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b565b70646aa19e2021-12-21 10:41:48.947root 11241100x8000000000000000409051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34457b1389487e6b2021-12-21 10:41:48.947root 11241100x8000000000000000409052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225f3282a1d4801f2021-12-21 10:41:48.948root 11241100x8000000000000000409053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074f3439cabc82212021-12-21 10:41:48.948root 11241100x8000000000000000409054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1514352d90442042021-12-21 10:41:48.948root 11241100x8000000000000000409055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7afce5b86f4590922021-12-21 10:41:48.948root 11241100x8000000000000000409056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25788bf32a67ba02021-12-21 10:41:48.948root 11241100x8000000000000000409057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c85d9d4c01a42f32021-12-21 10:41:48.948root 11241100x8000000000000000409058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d5ca60098e7dbc2021-12-21 10:41:48.948root 11241100x8000000000000000409059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108ceaa8a7c27d9e2021-12-21 10:41:48.948root 11241100x8000000000000000409060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d42fc5218bc2607f2021-12-21 10:41:48.949root 11241100x8000000000000000409061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c994ee45db86632021-12-21 10:41:48.949root 11241100x8000000000000000409062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a4e9c3af4be20862021-12-21 10:41:48.949root 11241100x8000000000000000409063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb7205ad436e979b2021-12-21 10:41:48.949root 11241100x8000000000000000409064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8395dac1ee79444a2021-12-21 10:41:48.949root 11241100x8000000000000000409065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bef13bb7eba92caa2021-12-21 10:41:48.949root 11241100x8000000000000000409066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d43d6a3aa50ea1262021-12-21 10:41:48.949root 11241100x8000000000000000409067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24115a66c3e07662021-12-21 10:41:48.949root 11241100x8000000000000000409068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e702c779a69147412021-12-21 10:41:48.950root 11241100x8000000000000000409069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:48.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f721ad5e1ff5a6c2021-12-21 10:41:48.950root 354300x8000000000000000409070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.063{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47470-false10.0.1.12-8000- 11241100x8000000000000000409071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62a0226b92350b882021-12-21 10:41:49.443root 11241100x8000000000000000409072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b8874fb0c47c86e2021-12-21 10:41:49.443root 11241100x8000000000000000409073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.907f94ebf782cb5a2021-12-21 10:41:49.444root 11241100x8000000000000000409074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06ba771549b641a42021-12-21 10:41:49.444root 11241100x8000000000000000409075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aac82fdb8e3b0112021-12-21 10:41:49.444root 11241100x8000000000000000409076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f531d83722396452021-12-21 10:41:49.444root 11241100x8000000000000000409077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189c0bccdbb996ff2021-12-21 10:41:49.444root 11241100x8000000000000000409078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.954d61ef147acc872021-12-21 10:41:49.444root 11241100x8000000000000000409079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f3372799db0ad032021-12-21 10:41:49.445root 11241100x8000000000000000409080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d65411771dde2c2021-12-21 10:41:49.445root 11241100x8000000000000000409081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95231f355eb08eee2021-12-21 10:41:49.445root 11241100x8000000000000000409082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b4686bddbdb5d052021-12-21 10:41:49.445root 11241100x8000000000000000409083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ab381961dbca3b2021-12-21 10:41:49.445root 11241100x8000000000000000409084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ac5700507878a982021-12-21 10:41:49.445root 11241100x8000000000000000409085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbf0ba0479ecc5492021-12-21 10:41:49.446root 11241100x8000000000000000409086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdcd2aa6ee796c0e2021-12-21 10:41:49.446root 11241100x8000000000000000409087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4373640cf5c243a2021-12-21 10:41:49.446root 11241100x8000000000000000409088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d67d2ae02800f5b32021-12-21 10:41:49.446root 11241100x8000000000000000409089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b78f709b394ea782021-12-21 10:41:49.446root 11241100x8000000000000000409090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c6a69110aabe8052021-12-21 10:41:49.446root 11241100x8000000000000000409091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b86fdc304cbbb9a2021-12-21 10:41:49.447root 11241100x8000000000000000409092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.240e7ae5b295a71f2021-12-21 10:41:49.447root 11241100x8000000000000000409093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43aa22d11a6394972021-12-21 10:41:49.447root 11241100x8000000000000000409094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.276fb1800e296d2e2021-12-21 10:41:49.447root 11241100x8000000000000000409095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d68e08dd36ceeb182021-12-21 10:41:49.447root 11241100x8000000000000000409096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6b9168ebc1201732021-12-21 10:41:49.447root 11241100x8000000000000000409097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e8e55ae1fa00ace2021-12-21 10:41:49.447root 11241100x8000000000000000409098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be79a1b51a14fa512021-12-21 10:41:49.447root 11241100x8000000000000000409099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe8a314f64e00a652021-12-21 10:41:49.447root 11241100x8000000000000000409100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c02efabb93b2292021-12-21 10:41:49.448root 11241100x8000000000000000409101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0480e1b5be626b6d2021-12-21 10:41:49.448root 11241100x8000000000000000409102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e1f76fcbf071d6b2021-12-21 10:41:49.448root 11241100x8000000000000000409103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5249b9d38f1fa86d2021-12-21 10:41:49.448root 11241100x8000000000000000409104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aaf4de84b1fef922021-12-21 10:41:49.448root 11241100x8000000000000000409105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a0ee501b79aac6b2021-12-21 10:41:49.449root 11241100x8000000000000000409106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.126efe1e6accc25d2021-12-21 10:41:49.449root 11241100x8000000000000000409107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7859ab09db37f4192021-12-21 10:41:49.449root 11241100x8000000000000000409108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dc5d51e90351f8a2021-12-21 10:41:49.943root 11241100x8000000000000000409109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a5f9c6fa25c61b2021-12-21 10:41:49.943root 11241100x8000000000000000409110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05df3b63fdd0c0ff2021-12-21 10:41:49.943root 11241100x8000000000000000409111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f075807820dc567e2021-12-21 10:41:49.943root 11241100x8000000000000000409112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d3e2143f373e172021-12-21 10:41:49.943root 11241100x8000000000000000409113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de738f2d983212af2021-12-21 10:41:49.943root 11241100x8000000000000000409114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61d9923daf6ad04e2021-12-21 10:41:49.943root 11241100x8000000000000000409115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b06448cd3715552021-12-21 10:41:49.943root 11241100x8000000000000000409116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a63e9c84401f6722021-12-21 10:41:49.944root 11241100x8000000000000000409117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c1d7840d2f3b68c2021-12-21 10:41:49.944root 11241100x8000000000000000409118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c32b47793c8013fd2021-12-21 10:41:49.944root 11241100x8000000000000000409119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a87ef5695aeb35d2021-12-21 10:41:49.944root 11241100x8000000000000000409120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7caac7e2a4324b262021-12-21 10:41:49.944root 11241100x8000000000000000409121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cbfc2566ae3f0792021-12-21 10:41:49.944root 11241100x8000000000000000409122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d0563fec4913a252021-12-21 10:41:49.944root 11241100x8000000000000000409123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a17102f436e9a92021-12-21 10:41:49.944root 11241100x8000000000000000409124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.026e72e70aa92b782021-12-21 10:41:49.944root 11241100x8000000000000000409125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcd7620aa9fd09362021-12-21 10:41:49.944root 11241100x8000000000000000409126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1a4d193bf537a822021-12-21 10:41:49.944root 11241100x8000000000000000409127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd25a7f859432a462021-12-21 10:41:49.944root 11241100x8000000000000000409128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9375ca8346871ac02021-12-21 10:41:49.944root 11241100x8000000000000000409129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871de6f7628531f32021-12-21 10:41:49.945root 11241100x8000000000000000409130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce71ee7ce302efa2021-12-21 10:41:49.945root 11241100x8000000000000000409131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e230bdb59ad7a11f2021-12-21 10:41:49.945root 11241100x8000000000000000409132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a40e0a953aba75e2021-12-21 10:41:49.945root 11241100x8000000000000000409133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d1d17af0a7b9f92021-12-21 10:41:49.945root 11241100x8000000000000000409134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca174823e2b23d32021-12-21 10:41:49.945root 11241100x8000000000000000409135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a60d3d2064c9bd3f2021-12-21 10:41:49.945root 11241100x8000000000000000409136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6ad447db19d291e2021-12-21 10:41:49.946root 11241100x8000000000000000409137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b87dcf051b2f5af32021-12-21 10:41:49.946root 11241100x8000000000000000409138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.092a7ea199ee61452021-12-21 10:41:49.946root 11241100x8000000000000000409139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59dffeca52381ff42021-12-21 10:41:49.946root 11241100x8000000000000000409140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19572ae7791f715a2021-12-21 10:41:49.946root 11241100x8000000000000000409141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c8e2205dd8cd2b02021-12-21 10:41:49.947root 11241100x8000000000000000409142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44c2f6039f83c5872021-12-21 10:41:49.947root 11241100x8000000000000000409143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c01159dc304db62021-12-21 10:41:49.947root 11241100x8000000000000000409144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1b016cdd4fb945d2021-12-21 10:41:49.947root 11241100x8000000000000000409145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac808b651ba10fb2021-12-21 10:41:49.947root 11241100x8000000000000000409146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd9cea021a4e5572021-12-21 10:41:49.947root 11241100x8000000000000000409147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72cb29aad3d7446e2021-12-21 10:41:49.948root 11241100x8000000000000000409148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f5f5b8a4075ef652021-12-21 10:41:49.948root 11241100x8000000000000000409149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5748f2942ad145dc2021-12-21 10:41:49.948root 11241100x8000000000000000409150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.402870215efb506d2021-12-21 10:41:49.948root 11241100x8000000000000000409151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.219f1a0b2edcf5c02021-12-21 10:41:49.948root 11241100x8000000000000000409152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b7af6c20c7dfa542021-12-21 10:41:49.948root 11241100x8000000000000000409153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.452a58aff0cfb1012021-12-21 10:41:49.948root 11241100x8000000000000000409154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a943b1a2e3de47d2021-12-21 10:41:49.949root 11241100x8000000000000000409155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24de2c7e3b6e8cb02021-12-21 10:41:49.949root 11241100x8000000000000000409156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80ba27416755db682021-12-21 10:41:49.949root 11241100x8000000000000000409157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5b0a5e6518790d32021-12-21 10:41:49.949root 11241100x8000000000000000409158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f36f4dc6c1068b82021-12-21 10:41:49.949root 11241100x8000000000000000409159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac2868ad6d8d31a2021-12-21 10:41:49.949root 11241100x8000000000000000409160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1739d13aebeb7f2021-12-21 10:41:49.949root 11241100x8000000000000000409161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5662a6b173106f172021-12-21 10:41:49.949root 11241100x8000000000000000409162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f51d33bfee1930bd2021-12-21 10:41:49.949root 11241100x8000000000000000409163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e8daffdc622c6732021-12-21 10:41:49.949root 11241100x8000000000000000409164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e42a5d26304b8cd2021-12-21 10:41:49.949root 11241100x8000000000000000409165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.020f7cec4c8baa5d2021-12-21 10:41:49.949root 11241100x8000000000000000409166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.658def28492a49452021-12-21 10:41:49.949root 11241100x8000000000000000409167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1aff0f54d70dbdc2021-12-21 10:41:49.949root 11241100x8000000000000000409168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.144e164a819bae022021-12-21 10:41:49.950root 11241100x8000000000000000409169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.590efc87eeab310e2021-12-21 10:41:49.950root 11241100x8000000000000000409170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.452ff9d632d972182021-12-21 10:41:49.950root 11241100x8000000000000000409171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:49.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3abe2a15de0598332021-12-21 10:41:49.950root 11241100x8000000000000000409172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335ad2a826fcd7262021-12-21 10:41:50.443root 11241100x8000000000000000409173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a0b34da2b3e1012021-12-21 10:41:50.443root 11241100x8000000000000000409174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.130807af63074c6e2021-12-21 10:41:50.443root 11241100x8000000000000000409175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b7df23ca01a38a2021-12-21 10:41:50.444root 11241100x8000000000000000409176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea31945cadc587df2021-12-21 10:41:50.444root 11241100x8000000000000000409177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f573bfb1f839de2021-12-21 10:41:50.444root 11241100x8000000000000000409178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0531415dcb931412021-12-21 10:41:50.444root 11241100x8000000000000000409179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9edf23b2c84697dc2021-12-21 10:41:50.444root 11241100x8000000000000000409180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad61eead5e177c9d2021-12-21 10:41:50.444root 11241100x8000000000000000409181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3472481eab1d4872021-12-21 10:41:50.444root 11241100x8000000000000000409182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aaf71c59cea82472021-12-21 10:41:50.444root 11241100x8000000000000000409183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a12829974160a27c2021-12-21 10:41:50.444root 11241100x8000000000000000409184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d77363bc521f1c0d2021-12-21 10:41:50.444root 11241100x8000000000000000409185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8998d95378c4d532021-12-21 10:41:50.444root 11241100x8000000000000000409186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e34a540ae27b1f2021-12-21 10:41:50.445root 11241100x8000000000000000409187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0970b057457c4552021-12-21 10:41:50.445root 11241100x8000000000000000409188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cbf823eda8ad80d2021-12-21 10:41:50.445root 11241100x8000000000000000409189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f95c655bf7078c292021-12-21 10:41:50.445root 11241100x8000000000000000409190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f949f7089137922021-12-21 10:41:50.445root 11241100x8000000000000000409191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db2e3e99ce3b2b9c2021-12-21 10:41:50.445root 11241100x8000000000000000409192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d31f90c2cdabbf8e2021-12-21 10:41:50.445root 11241100x8000000000000000409193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0e75b1a456bb6b2021-12-21 10:41:50.445root 11241100x8000000000000000409194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ded535015889c4d72021-12-21 10:41:50.445root 11241100x8000000000000000409195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f863c568633498d72021-12-21 10:41:50.445root 11241100x8000000000000000409196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ffd17f1894c4af2021-12-21 10:41:50.445root 11241100x8000000000000000409197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83fcad4b9f2688742021-12-21 10:41:50.446root 11241100x8000000000000000409198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2968ecd7816364c22021-12-21 10:41:50.446root 11241100x8000000000000000409199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.197bb13031f6ef092021-12-21 10:41:50.446root 11241100x8000000000000000409200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3cd50978cc6f6122021-12-21 10:41:50.446root 11241100x8000000000000000409201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8cce65367c40c9a2021-12-21 10:41:50.446root 11241100x8000000000000000409202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d73df77430a42a92021-12-21 10:41:50.446root 11241100x8000000000000000409203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0090182d9540613b2021-12-21 10:41:50.446root 11241100x8000000000000000409204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f65013b1856998d2021-12-21 10:41:50.446root 11241100x8000000000000000409205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62019f8db415ef472021-12-21 10:41:50.446root 11241100x8000000000000000409206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09db8607936b90132021-12-21 10:41:50.446root 11241100x8000000000000000409207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae3b1124fd6bd4882021-12-21 10:41:50.446root 11241100x8000000000000000409208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.652c36cb23cb9ef32021-12-21 10:41:50.446root 11241100x8000000000000000409209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ffff929632bb2b22021-12-21 10:41:50.446root 11241100x8000000000000000409210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc34a0b8775e3f2e2021-12-21 10:41:50.447root 11241100x8000000000000000409211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f8cf666eef406832021-12-21 10:41:50.447root 11241100x8000000000000000409212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9734e475a79f382021-12-21 10:41:50.447root 11241100x8000000000000000409213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e22ebebc1ca92192021-12-21 10:41:50.447root 11241100x8000000000000000409214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e554b4a155da0f522021-12-21 10:41:50.447root 11241100x8000000000000000409215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b57d202b2da683b72021-12-21 10:41:50.447root 11241100x8000000000000000409216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409f79146eedcc5e2021-12-21 10:41:50.447root 11241100x8000000000000000409217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab66e123c837a73f2021-12-21 10:41:50.447root 11241100x8000000000000000409218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b25ede39ff6db5c02021-12-21 10:41:50.447root 11241100x8000000000000000409219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd185220eba0934f2021-12-21 10:41:50.447root 11241100x8000000000000000409220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d883d0e67c3d072021-12-21 10:41:50.448root 11241100x8000000000000000409221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad77a6661aabb1152021-12-21 10:41:50.448root 11241100x8000000000000000409222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d134dba4dd34702021-12-21 10:41:50.448root 11241100x8000000000000000409223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb5caa03f4e5d7f2021-12-21 10:41:50.448root 11241100x8000000000000000409224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e88a55b8fec6d92021-12-21 10:41:50.448root 11241100x8000000000000000409225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f76db6f3461120102021-12-21 10:41:50.448root 11241100x8000000000000000409226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb6a376ca2fdbdda2021-12-21 10:41:50.448root 11241100x8000000000000000409227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.946b9ccf0a1aeca92021-12-21 10:41:50.448root 11241100x8000000000000000409228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f334aa96849041592021-12-21 10:41:50.448root 11241100x8000000000000000409229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75dfe206d4f71d7e2021-12-21 10:41:50.448root 11241100x8000000000000000409230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8cec6377cedb1a72021-12-21 10:41:50.448root 11241100x8000000000000000409231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caf93e90ff209a872021-12-21 10:41:50.448root 11241100x8000000000000000409232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9289dfc17a3a12182021-12-21 10:41:50.448root 11241100x8000000000000000409233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903bb5e1a639bcd42021-12-21 10:41:50.448root 11241100x8000000000000000409234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd8e21db8c6deb72021-12-21 10:41:50.449root 11241100x8000000000000000409235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce43bb4c8b34c0952021-12-21 10:41:50.449root 11241100x8000000000000000409236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d62cdf8ead1ecf2021-12-21 10:41:50.449root 11241100x8000000000000000409237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ca4500c79c91412021-12-21 10:41:50.449root 11241100x8000000000000000409238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bde1a1c0c23b5f32021-12-21 10:41:50.450root 11241100x8000000000000000409239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d04bb138d5ba7672021-12-21 10:41:50.450root 11241100x8000000000000000409240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ea93c1455885d682021-12-21 10:41:50.450root 11241100x8000000000000000409241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd3b46c6b4bf9e62021-12-21 10:41:50.450root 11241100x8000000000000000409242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a582365db60f4442021-12-21 10:41:50.450root 11241100x8000000000000000409243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a022ff5d1c23d0a52021-12-21 10:41:50.450root 11241100x8000000000000000409244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.304c41f21fd756dc2021-12-21 10:41:50.450root 11241100x8000000000000000409245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaea268b8268b4fb2021-12-21 10:41:50.450root 11241100x8000000000000000409246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b4716e8c4200a72021-12-21 10:41:50.451root 11241100x8000000000000000409247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc8b8cd710248fb52021-12-21 10:41:50.451root 11241100x8000000000000000409248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68d644ba23567cf82021-12-21 10:41:50.451root 11241100x8000000000000000409249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d265fbee29be6e452021-12-21 10:41:50.451root 11241100x8000000000000000409250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d57fd3c8d9bc200b2021-12-21 10:41:50.451root 11241100x8000000000000000409251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bae33c2fb5970a52021-12-21 10:41:50.452root 11241100x8000000000000000409252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1312e811aa94b72d2021-12-21 10:41:50.452root 11241100x8000000000000000409253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1ac7a6e222810002021-12-21 10:41:50.452root 11241100x8000000000000000409254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea4d30798a2823b2021-12-21 10:41:50.452root 11241100x8000000000000000409255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ba020bfb48f15a2021-12-21 10:41:50.452root 11241100x8000000000000000409256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10e7113c0e7346e32021-12-21 10:41:50.452root 11241100x8000000000000000409257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e54ead8a11fac4462021-12-21 10:41:50.452root 11241100x8000000000000000409258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d2b01a64672958c2021-12-21 10:41:50.452root 11241100x8000000000000000409259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aac4a59143503a72021-12-21 10:41:50.452root 11241100x8000000000000000409260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc99d6b9591093b02021-12-21 10:41:50.453root 11241100x8000000000000000409261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c91f4c26244312252021-12-21 10:41:50.453root 11241100x8000000000000000409262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.803638195497815e2021-12-21 10:41:50.453root 11241100x8000000000000000409263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fadbaa2e15e237d2021-12-21 10:41:50.453root 11241100x8000000000000000409264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.716117c8cbdd34002021-12-21 10:41:50.453root 11241100x8000000000000000409265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccba63b54c48f1b72021-12-21 10:41:50.453root 11241100x8000000000000000409266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d35093aa31779932021-12-21 10:41:50.453root 11241100x8000000000000000409267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc7867001eac0ea2021-12-21 10:41:50.453root 11241100x8000000000000000409268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b56a0a82150b19682021-12-21 10:41:50.454root 11241100x8000000000000000409269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9acebca601d09e32021-12-21 10:41:50.454root 11241100x8000000000000000409270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c04b7786192eb092021-12-21 10:41:50.454root 11241100x8000000000000000409271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28813555a535c922021-12-21 10:41:50.454root 11241100x8000000000000000409272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3be948e963c878ca2021-12-21 10:41:50.943root 11241100x8000000000000000409273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f90d481d56a4f6a2021-12-21 10:41:50.943root 11241100x8000000000000000409274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ffecca1f1a485b92021-12-21 10:41:50.943root 11241100x8000000000000000409275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cbe8f3af23be3fc2021-12-21 10:41:50.943root 11241100x8000000000000000409276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c702a30ed3969492021-12-21 10:41:50.943root 11241100x8000000000000000409277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bdfde9221dfb4762021-12-21 10:41:50.944root 11241100x8000000000000000409278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a35ed0ca3566f432021-12-21 10:41:50.944root 11241100x8000000000000000409279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e5d8e07b46d5ceb2021-12-21 10:41:50.944root 11241100x8000000000000000409280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07ec7c62fc3e032a2021-12-21 10:41:50.944root 11241100x8000000000000000409281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd947ffa8799a8a12021-12-21 10:41:50.944root 11241100x8000000000000000409282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.610ab24109316b612021-12-21 10:41:50.944root 11241100x8000000000000000409283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a1e064a3c8c2b92021-12-21 10:41:50.945root 11241100x8000000000000000409284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d61b678f3eda91a2021-12-21 10:41:50.945root 11241100x8000000000000000409285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a919153ff86da152021-12-21 10:41:50.945root 11241100x8000000000000000409286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8dbb30548c2af4d2021-12-21 10:41:50.945root 11241100x8000000000000000409287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d832bcfbf2178e442021-12-21 10:41:50.945root 11241100x8000000000000000409288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f93f719c6c187962021-12-21 10:41:50.945root 11241100x8000000000000000409289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de84050ce9873b5b2021-12-21 10:41:50.945root 11241100x8000000000000000409290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f548260b6c008a2021-12-21 10:41:50.945root 11241100x8000000000000000409291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd05f7b75a98b7e2021-12-21 10:41:50.945root 11241100x8000000000000000409292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ec32c813066e172021-12-21 10:41:50.945root 11241100x8000000000000000409293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f3b8c0d31eb5342021-12-21 10:41:50.945root 11241100x8000000000000000409294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a97b1f4f371962042021-12-21 10:41:50.945root 11241100x8000000000000000409295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bad257e3a5b08152021-12-21 10:41:50.945root 11241100x8000000000000000409296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a232df94e667452021-12-21 10:41:50.945root 11241100x8000000000000000409297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dcfe060622ca4972021-12-21 10:41:50.946root 11241100x8000000000000000409298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a89e3ae1491671a62021-12-21 10:41:50.946root 11241100x8000000000000000409299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.085639691ed1f6bd2021-12-21 10:41:50.946root 11241100x8000000000000000409300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c6cddbc5e4adc3f2021-12-21 10:41:50.946root 11241100x8000000000000000409301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e748159b6921d4c2021-12-21 10:41:50.946root 11241100x8000000000000000409302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c342e7fd3379a49d2021-12-21 10:41:50.946root 11241100x8000000000000000409303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af3179a8a015edc22021-12-21 10:41:50.946root 11241100x8000000000000000409304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6561eec37b01092021-12-21 10:41:50.946root 11241100x8000000000000000409305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb3b938fd4c21812021-12-21 10:41:50.946root 11241100x8000000000000000409306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4183191a5084e82021-12-21 10:41:50.946root 11241100x8000000000000000409307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001f568e4b57c4902021-12-21 10:41:50.946root 11241100x8000000000000000409308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be7eb167b9d3f512021-12-21 10:41:50.946root 11241100x8000000000000000409309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e8e114c1536adc62021-12-21 10:41:51.443root 11241100x8000000000000000409310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a516d3c6aa0b512021-12-21 10:41:51.443root 11241100x8000000000000000409311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d9362bedb0c7fc2021-12-21 10:41:51.443root 11241100x8000000000000000409312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f676e2a467ce6a2021-12-21 10:41:51.443root 11241100x8000000000000000409313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abccbbe4c44c6c9c2021-12-21 10:41:51.444root 11241100x8000000000000000409314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b164e83cc2306b42021-12-21 10:41:51.444root 11241100x8000000000000000409315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c214a6776837ef232021-12-21 10:41:51.444root 11241100x8000000000000000409316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64db32120f9a2a002021-12-21 10:41:51.444root 11241100x8000000000000000409317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c6d087daf0f5c082021-12-21 10:41:51.444root 11241100x8000000000000000409318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66a1347352906c5d2021-12-21 10:41:51.444root 11241100x8000000000000000409319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6e3784781392a342021-12-21 10:41:51.444root 11241100x8000000000000000409320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f04e94b7e7986f0a2021-12-21 10:41:51.444root 11241100x8000000000000000409321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.803b6a3a908e50ec2021-12-21 10:41:51.444root 11241100x8000000000000000409322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9de6a05a51b5e3d2021-12-21 10:41:51.444root 11241100x8000000000000000409323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.356fbdef88d104a32021-12-21 10:41:51.445root 11241100x8000000000000000409324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.522675e759cb73b52021-12-21 10:41:51.445root 11241100x8000000000000000409325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0045b5c468464e6e2021-12-21 10:41:51.445root 11241100x8000000000000000409326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b960998abb51542021-12-21 10:41:51.445root 11241100x8000000000000000409327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953abd14437761942021-12-21 10:41:51.445root 11241100x8000000000000000409328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2338b5dbc8cada32021-12-21 10:41:51.445root 11241100x8000000000000000409329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adb6ffa4bc1c2a9e2021-12-21 10:41:51.445root 11241100x8000000000000000409330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0764f1b868a523d32021-12-21 10:41:51.445root 11241100x8000000000000000409331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b8b0c67da099c62021-12-21 10:41:51.445root 11241100x8000000000000000409332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3732326f30d45de42021-12-21 10:41:51.445root 11241100x8000000000000000409333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe9f28f0306acbf2021-12-21 10:41:51.445root 11241100x8000000000000000409334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e4f565e3830fdd2021-12-21 10:41:51.445root 11241100x8000000000000000409335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3068d5055b5832d02021-12-21 10:41:51.445root 11241100x8000000000000000409336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57dd33da7edfb2052021-12-21 10:41:51.445root 11241100x8000000000000000409337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12708f592528692d2021-12-21 10:41:51.445root 11241100x8000000000000000409338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4be36378459261c2021-12-21 10:41:51.446root 11241100x8000000000000000409339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a796af7e3e5da07c2021-12-21 10:41:51.446root 11241100x8000000000000000409340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.967770e8a75af6a12021-12-21 10:41:51.446root 11241100x8000000000000000409341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ebe2276c4ee224c2021-12-21 10:41:51.446root 11241100x8000000000000000409342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc66402655fd06652021-12-21 10:41:51.446root 11241100x8000000000000000409343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1dfa125d3f8db42021-12-21 10:41:51.446root 11241100x8000000000000000409344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f03832436d13f82021-12-21 10:41:51.446root 11241100x8000000000000000409345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a82f9ea040e9337c2021-12-21 10:41:51.943root 11241100x8000000000000000409346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b11d273d4c45c172021-12-21 10:41:51.943root 11241100x8000000000000000409347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72fc918f369c238d2021-12-21 10:41:51.943root 11241100x8000000000000000409348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8baac865703ecb2021-12-21 10:41:51.944root 11241100x8000000000000000409349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d171e39510b9204f2021-12-21 10:41:51.944root 11241100x8000000000000000409350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a1ce7c58530b6cc2021-12-21 10:41:51.944root 11241100x8000000000000000409351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a13f18b45a14222021-12-21 10:41:51.944root 11241100x8000000000000000409352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbe14959d939fb1e2021-12-21 10:41:51.944root 11241100x8000000000000000409353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79aa701f111d264f2021-12-21 10:41:51.944root 11241100x8000000000000000409354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d371c37d3eb70a2021-12-21 10:41:51.944root 11241100x8000000000000000409355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fa497f0f6a935592021-12-21 10:41:51.944root 11241100x8000000000000000409356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c5df78de5d86552021-12-21 10:41:51.944root 11241100x8000000000000000409357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ee4b0e2d0d32b22021-12-21 10:41:51.944root 11241100x8000000000000000409358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39c4a4b1a16de7e12021-12-21 10:41:51.944root 11241100x8000000000000000409359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d41b696c4a49ac2021-12-21 10:41:51.945root 11241100x8000000000000000409360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a827f7f5a0b8142021-12-21 10:41:51.945root 11241100x8000000000000000409361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad683f7d2159ea72021-12-21 10:41:51.945root 11241100x8000000000000000409362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc382a954de7b36b2021-12-21 10:41:51.945root 11241100x8000000000000000409363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35bbc721bfa4e0492021-12-21 10:41:51.945root 11241100x8000000000000000409364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d2d422a0899b25c2021-12-21 10:41:51.945root 11241100x8000000000000000409365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bd96312115b15662021-12-21 10:41:51.946root 11241100x8000000000000000409366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d93188ea744ca42021-12-21 10:41:51.946root 11241100x8000000000000000409367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e894df8a7141e8b2021-12-21 10:41:51.946root 11241100x8000000000000000409368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.101679477f62e0982021-12-21 10:41:51.946root 11241100x8000000000000000409369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c8dd116c8baf262021-12-21 10:41:51.946root 11241100x8000000000000000409370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cacdca7e0234671e2021-12-21 10:41:51.946root 11241100x8000000000000000409371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09bb81ace9cdede52021-12-21 10:41:51.946root 11241100x8000000000000000409372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d5d162b50ad9972021-12-21 10:41:51.946root 11241100x8000000000000000409373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3e6950ae82622c2021-12-21 10:41:51.946root 11241100x8000000000000000409374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a86f293618c415f2021-12-21 10:41:51.946root 11241100x8000000000000000409375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a8710068c6fcfc2021-12-21 10:41:51.946root 11241100x8000000000000000409376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b5e652766810b62021-12-21 10:41:51.947root 11241100x8000000000000000409377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.597181eb935bdf9a2021-12-21 10:41:51.947root 11241100x8000000000000000409378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c7ff4a0454511e2021-12-21 10:41:51.947root 11241100x8000000000000000409379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16750a4e0c63b61d2021-12-21 10:41:51.948root 11241100x8000000000000000409380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9623fd33f81a6af2021-12-21 10:41:51.948root 11241100x8000000000000000409381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:51.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b607a01b8cfc35d2021-12-21 10:41:51.948root 11241100x8000000000000000409382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5384164753a7e0402021-12-21 10:41:52.443root 11241100x8000000000000000409383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b51f25fcca038c0f2021-12-21 10:41:52.443root 11241100x8000000000000000409384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b46a5da758f72df2021-12-21 10:41:52.443root 11241100x8000000000000000409385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1d707a638407e0b2021-12-21 10:41:52.443root 11241100x8000000000000000409386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8342e8a1195aa3e42021-12-21 10:41:52.443root 11241100x8000000000000000409387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5cf20c31ed101b92021-12-21 10:41:52.443root 11241100x8000000000000000409388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.265f9e0244df44482021-12-21 10:41:52.443root 11241100x8000000000000000409389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be95db4449142b882021-12-21 10:41:52.443root 11241100x8000000000000000409390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.641d7089c8a7da332021-12-21 10:41:52.443root 11241100x8000000000000000409391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbe56bf31ac134532021-12-21 10:41:52.443root 11241100x8000000000000000409392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78eeca2716c9a3d82021-12-21 10:41:52.444root 11241100x8000000000000000409393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec10187a7c094482021-12-21 10:41:52.444root 11241100x8000000000000000409394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13bdc91453197da2021-12-21 10:41:52.444root 11241100x8000000000000000409395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e54baceda15fa52021-12-21 10:41:52.444root 11241100x8000000000000000409396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0eb5a77fb2090ee2021-12-21 10:41:52.444root 11241100x8000000000000000409397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.030019e0c67dca192021-12-21 10:41:52.444root 11241100x8000000000000000409398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c5b0d3c05361932021-12-21 10:41:52.444root 11241100x8000000000000000409399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eef09dad8d832fa2021-12-21 10:41:52.444root 11241100x8000000000000000409400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed46262d7c5633b2021-12-21 10:41:52.444root 11241100x8000000000000000409401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf5f454761182c3b2021-12-21 10:41:52.445root 11241100x8000000000000000409402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e3fb432748f05502021-12-21 10:41:52.445root 11241100x8000000000000000409403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b303feb2ad8e1c72021-12-21 10:41:52.445root 11241100x8000000000000000409404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3125426aaa6fd45b2021-12-21 10:41:52.445root 11241100x8000000000000000409405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f59c3c2cb81ce122021-12-21 10:41:52.445root 11241100x8000000000000000409406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7338713de59757c2021-12-21 10:41:52.445root 11241100x8000000000000000409407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f39b465560f2132021-12-21 10:41:52.445root 11241100x8000000000000000409408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a65c96dc8bb1bf12021-12-21 10:41:52.445root 11241100x8000000000000000409409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b617d11b72359fbb2021-12-21 10:41:52.446root 11241100x8000000000000000409410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c589a6cabd4d9e22021-12-21 10:41:52.446root 11241100x8000000000000000409411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd8fbdb8d47de5a2021-12-21 10:41:52.446root 11241100x8000000000000000409412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a1a794245fd3ad52021-12-21 10:41:52.446root 11241100x8000000000000000409413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c2421fe56657f502021-12-21 10:41:52.446root 11241100x8000000000000000409414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e64eb2d586a786e2021-12-21 10:41:52.446root 11241100x8000000000000000409415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7787069e69f456762021-12-21 10:41:52.446root 11241100x8000000000000000409416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e6b5e1b796e5be52021-12-21 10:41:52.446root 11241100x8000000000000000409417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd53defec3d38a2b2021-12-21 10:41:52.446root 11241100x8000000000000000409418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a0b20a9c689199d2021-12-21 10:41:52.446root 11241100x8000000000000000409419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1964ddb59b0283372021-12-21 10:41:52.446root 11241100x8000000000000000409420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5854296c8b1ac722021-12-21 10:41:52.447root 11241100x8000000000000000409421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a0bffd74d3bb1032021-12-21 10:41:52.447root 11241100x8000000000000000409422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.580bc04766d563142021-12-21 10:41:52.447root 11241100x8000000000000000409423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e86fef49adf553722021-12-21 10:41:52.447root 11241100x8000000000000000409424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25cebe85e0eccb8c2021-12-21 10:41:52.447root 11241100x8000000000000000409425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfe6d425ef3bc4d62021-12-21 10:41:52.447root 11241100x8000000000000000409426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeb1d78f4119561a2021-12-21 10:41:52.447root 11241100x8000000000000000409427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e725bc0f096c0f592021-12-21 10:41:52.447root 11241100x8000000000000000409428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28cfd0ae3e1f77562021-12-21 10:41:52.447root 11241100x8000000000000000409429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad05e4009e9a3492021-12-21 10:41:52.448root 11241100x8000000000000000409430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.862e0f1de81b62732021-12-21 10:41:52.448root 11241100x8000000000000000409431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d4a1c06b8cfd142021-12-21 10:41:52.448root 11241100x8000000000000000409432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.075a010450781f652021-12-21 10:41:52.448root 11241100x8000000000000000409433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80a1efcfce886f4a2021-12-21 10:41:52.448root 11241100x8000000000000000409434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a65047e731e9b0582021-12-21 10:41:52.448root 11241100x8000000000000000409435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09a56398bb1e7b12021-12-21 10:41:52.448root 11241100x8000000000000000409436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.006aafc9186dd1f52021-12-21 10:41:52.448root 11241100x8000000000000000409437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45447c43276fcd162021-12-21 10:41:52.448root 11241100x8000000000000000409438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c27077d49ba4e9962021-12-21 10:41:52.448root 11241100x8000000000000000409439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54ce5e4f27bab7922021-12-21 10:41:52.448root 11241100x8000000000000000409440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c17ef93d0021bd292021-12-21 10:41:52.449root 11241100x8000000000000000409441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.418ce0066c89239e2021-12-21 10:41:52.449root 11241100x8000000000000000409442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6882b14f9c8efc442021-12-21 10:41:52.449root 11241100x8000000000000000409443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e76ba7ecce5f8372021-12-21 10:41:52.449root 11241100x8000000000000000409444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6adce3ea7da449442021-12-21 10:41:52.449root 11241100x8000000000000000409445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed75ea6d9393ff7b2021-12-21 10:41:52.449root 11241100x8000000000000000409446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.263bc41aedb3c9da2021-12-21 10:41:52.449root 11241100x8000000000000000409447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba81f889a37df742021-12-21 10:41:52.449root 11241100x8000000000000000409448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25dca72e619a36212021-12-21 10:41:52.449root 11241100x8000000000000000409449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.909b72e6f5d2deb22021-12-21 10:41:52.449root 11241100x8000000000000000409450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412dd550e7c30a532021-12-21 10:41:52.449root 11241100x8000000000000000409451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18d963ce61ce8c32021-12-21 10:41:52.450root 11241100x8000000000000000409452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f884b249436ad6732021-12-21 10:41:52.450root 11241100x8000000000000000409453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f796dac0b05859022021-12-21 10:41:52.450root 11241100x8000000000000000409454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e8b344f893426c2021-12-21 10:41:52.450root 11241100x8000000000000000409455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7f6b4853d9a9a962021-12-21 10:41:52.450root 11241100x8000000000000000409456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7948972ed2f80312021-12-21 10:41:52.450root 11241100x8000000000000000409457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ee0596c34fd8742021-12-21 10:41:52.450root 11241100x8000000000000000409458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dafbd6b2b78a52462021-12-21 10:41:52.450root 11241100x8000000000000000409459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c80e0bca9ebfa8c72021-12-21 10:41:52.450root 11241100x8000000000000000409460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc3451eac1b8122e2021-12-21 10:41:52.450root 11241100x8000000000000000409461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07884d8babe5bb52021-12-21 10:41:52.450root 11241100x8000000000000000409462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ff6b74a0649b3d42021-12-21 10:41:52.450root 11241100x8000000000000000409463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4320961ac1e53ff2021-12-21 10:41:52.450root 11241100x8000000000000000409464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3649e3153cbe42c2021-12-21 10:41:52.451root 11241100x8000000000000000409465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15dc4605519db63e2021-12-21 10:41:52.451root 11241100x8000000000000000409466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed5ff4247052aecf2021-12-21 10:41:52.451root 11241100x8000000000000000409467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d1f4be1b733fb32021-12-21 10:41:52.451root 11241100x8000000000000000409468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a9c0fdf7947b012021-12-21 10:41:52.451root 11241100x8000000000000000409469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e026a7613ffa03982021-12-21 10:41:52.451root 11241100x8000000000000000409470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.662ce656697946a02021-12-21 10:41:52.451root 11241100x8000000000000000409471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a8314eb94ca13772021-12-21 10:41:52.451root 11241100x8000000000000000409472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.363d91bd444242b62021-12-21 10:41:52.451root 11241100x8000000000000000409473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c86c71519e9d36cb2021-12-21 10:41:52.451root 11241100x8000000000000000409474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc60aeb3608ef69a2021-12-21 10:41:52.451root 11241100x8000000000000000409475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96104529123cdfd22021-12-21 10:41:52.451root 11241100x8000000000000000409476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19097a8db5e5d1082021-12-21 10:41:52.451root 11241100x8000000000000000409477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b78e05907769ab52021-12-21 10:41:52.452root 11241100x8000000000000000409478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d65b90d3f870cde42021-12-21 10:41:52.452root 11241100x8000000000000000409479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9665ac43e2e7eed2021-12-21 10:41:52.943root 11241100x8000000000000000409480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c766c7183f76c22021-12-21 10:41:52.943root 11241100x8000000000000000409481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1d085659d3b5b7d2021-12-21 10:41:52.943root 11241100x8000000000000000409482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67185231a47ea07e2021-12-21 10:41:52.943root 11241100x8000000000000000409483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.587bd632099533152021-12-21 10:41:52.943root 11241100x8000000000000000409484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b4cccb370261c4f2021-12-21 10:41:52.943root 11241100x8000000000000000409485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13a5e15a7f762fed2021-12-21 10:41:52.943root 11241100x8000000000000000409486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e6fd6695a90dbc02021-12-21 10:41:52.943root 11241100x8000000000000000409487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e503ade677fdf262021-12-21 10:41:52.943root 11241100x8000000000000000409488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d4624a5e5ef9e12021-12-21 10:41:52.943root 11241100x8000000000000000409489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115dabe27ee5dc9a2021-12-21 10:41:52.943root 11241100x8000000000000000409490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e25d777d34a179972021-12-21 10:41:52.943root 11241100x8000000000000000409491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbf479449c093aa22021-12-21 10:41:52.944root 11241100x8000000000000000409492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff439195b56c844a2021-12-21 10:41:52.944root 11241100x8000000000000000409493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0133cc23030fdb82021-12-21 10:41:52.944root 11241100x8000000000000000409494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a6c5f66bc209b282021-12-21 10:41:52.944root 11241100x8000000000000000409495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3267b9e328a5f59b2021-12-21 10:41:52.944root 11241100x8000000000000000409496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71200db3790baeaa2021-12-21 10:41:52.944root 11241100x8000000000000000409497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb1c3d40b76493d2021-12-21 10:41:52.944root 11241100x8000000000000000409498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.464dd3d87620754c2021-12-21 10:41:52.944root 11241100x8000000000000000409499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c26475126d815aa02021-12-21 10:41:52.944root 11241100x8000000000000000409500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5aca51ee05cd1942021-12-21 10:41:52.944root 11241100x8000000000000000409501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f486a1e1bfa75f2021-12-21 10:41:52.945root 11241100x8000000000000000409502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64471351d74140f22021-12-21 10:41:52.945root 11241100x8000000000000000409503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d54c6dd7e99d90532021-12-21 10:41:52.945root 11241100x8000000000000000409504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd5402aef2e878a2021-12-21 10:41:52.945root 11241100x8000000000000000409505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07fc340337bf1afe2021-12-21 10:41:52.945root 11241100x8000000000000000409506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fab8b4b4ec1bf79a2021-12-21 10:41:52.945root 11241100x8000000000000000409507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7740b568dfb3dee2021-12-21 10:41:52.945root 11241100x8000000000000000409508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31b444e946fc141e2021-12-21 10:41:52.945root 11241100x8000000000000000409509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b8625d8224aa842021-12-21 10:41:52.946root 11241100x8000000000000000409510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6190bb3030dacae62021-12-21 10:41:52.946root 11241100x8000000000000000409511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0113eea332176d02021-12-21 10:41:52.946root 11241100x8000000000000000409512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a29d115d311ae2ac2021-12-21 10:41:52.946root 11241100x8000000000000000409513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12f50266c5df6982021-12-21 10:41:52.946root 11241100x8000000000000000409514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea2301a649248872021-12-21 10:41:52.946root 11241100x8000000000000000409515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d49b6503f2eb8d2021-12-21 10:41:52.946root 11241100x8000000000000000409516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ccef23618c31a802021-12-21 10:41:52.946root 11241100x8000000000000000409517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8649725dd035ed202021-12-21 10:41:52.946root 11241100x8000000000000000409518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aeba6b6abd1e0622021-12-21 10:41:52.946root 11241100x8000000000000000409519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2e8dbd666c75d652021-12-21 10:41:52.946root 11241100x8000000000000000409520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.112074a5d1cbba6a2021-12-21 10:41:52.947root 11241100x8000000000000000409521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68741f271ff8d4d02021-12-21 10:41:52.947root 11241100x8000000000000000409522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.734f01d73bbf61b72021-12-21 10:41:52.947root 11241100x8000000000000000409523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaae413942afc3682021-12-21 10:41:52.947root 11241100x8000000000000000409524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e8a41a501d9a712021-12-21 10:41:52.947root 11241100x8000000000000000409525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.932f6abe144334402021-12-21 10:41:52.947root 11241100x8000000000000000409526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9019e70e0c58657e2021-12-21 10:41:53.442root 11241100x8000000000000000409527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.070bf7f76473a18a2021-12-21 10:41:53.443root 11241100x8000000000000000409528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd69e2e5bddcdf222021-12-21 10:41:53.443root 11241100x8000000000000000409529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.254c4ebaaabb24df2021-12-21 10:41:53.443root 11241100x8000000000000000409530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6803768962e804c2021-12-21 10:41:53.443root 11241100x8000000000000000409531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e85b03167d7a9a42021-12-21 10:41:53.443root 11241100x8000000000000000409532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54eb3e6cf3ed0b992021-12-21 10:41:53.443root 11241100x8000000000000000409533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e72c4f3523e7a62021-12-21 10:41:53.443root 11241100x8000000000000000409534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.553964c44788dce12021-12-21 10:41:53.444root 11241100x8000000000000000409535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e1cb399458bca522021-12-21 10:41:53.444root 11241100x8000000000000000409536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6072c5e40e6d1f962021-12-21 10:41:53.444root 11241100x8000000000000000409537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8462680658d3fe9e2021-12-21 10:41:53.444root 11241100x8000000000000000409538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.928f5bf5d6e52b9b2021-12-21 10:41:53.444root 11241100x8000000000000000409539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b2f9b0769270f92021-12-21 10:41:53.445root 11241100x8000000000000000409540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38b44bcb543503342021-12-21 10:41:53.445root 11241100x8000000000000000409541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c73771c16acd09f2021-12-21 10:41:53.445root 11241100x8000000000000000409542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbafb8e2427ad8fd2021-12-21 10:41:53.445root 11241100x8000000000000000409543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e7a9108594e4d62021-12-21 10:41:53.445root 11241100x8000000000000000409544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f1bf8c78b269cb92021-12-21 10:41:53.445root 11241100x8000000000000000409545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79605f4a7fdb86a22021-12-21 10:41:53.445root 11241100x8000000000000000409546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374735d394e7ac462021-12-21 10:41:53.445root 11241100x8000000000000000409547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba45d46a498202052021-12-21 10:41:53.445root 11241100x8000000000000000409548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bc6f4298d02bab12021-12-21 10:41:53.446root 11241100x8000000000000000409549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a693d426eaf8062f2021-12-21 10:41:53.446root 11241100x8000000000000000409550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee5935636757bb0a2021-12-21 10:41:53.446root 11241100x8000000000000000409551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69b4e8c8893ba8b2021-12-21 10:41:53.446root 11241100x8000000000000000409552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dcfb3db63aeddb32021-12-21 10:41:53.446root 11241100x8000000000000000409553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e05772f534ebe92021-12-21 10:41:53.446root 11241100x8000000000000000409554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56120c85d38a03e2021-12-21 10:41:53.446root 11241100x8000000000000000409555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f56174449a43ab2021-12-21 10:41:53.446root 11241100x8000000000000000409556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26eca33435eab15b2021-12-21 10:41:53.446root 11241100x8000000000000000409557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65cbc7e2be4850082021-12-21 10:41:53.446root 11241100x8000000000000000409558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3a100622a0292e2021-12-21 10:41:53.447root 11241100x8000000000000000409559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5107bbf9f9df83a82021-12-21 10:41:53.447root 11241100x8000000000000000409560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b92535d6029ac12021-12-21 10:41:53.447root 11241100x8000000000000000409561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37d480db4ffc3d502021-12-21 10:41:53.447root 11241100x8000000000000000409562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc9358e6d9b2f5f42021-12-21 10:41:53.448root 11241100x8000000000000000409563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f22f1f4c8f5bb12021-12-21 10:41:53.448root 11241100x8000000000000000409564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.723163fd2e59c6932021-12-21 10:41:53.448root 11241100x8000000000000000409565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b1c2748a42fc8852021-12-21 10:41:53.448root 11241100x8000000000000000409566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.972b5377b254ffc42021-12-21 10:41:53.448root 11241100x8000000000000000409567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebcfd726f84a9a092021-12-21 10:41:53.448root 11241100x8000000000000000409568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb4cd1cbd514e4ca2021-12-21 10:41:53.448root 11241100x8000000000000000409569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33dd65b2a1f0da5b2021-12-21 10:41:53.448root 11241100x8000000000000000409570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81699ee063a854d02021-12-21 10:41:53.449root 11241100x8000000000000000409571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.934194d77d3c0ced2021-12-21 10:41:53.449root 11241100x8000000000000000409572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccce9d694baed62e2021-12-21 10:41:53.449root 11241100x8000000000000000409573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921935fd72c889c52021-12-21 10:41:53.943root 11241100x8000000000000000409574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b0e67e9aba73672021-12-21 10:41:53.943root 11241100x8000000000000000409575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce90b537634a5fa92021-12-21 10:41:53.943root 11241100x8000000000000000409576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ad0fb184651b902021-12-21 10:41:53.943root 11241100x8000000000000000409577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15f2695da5eb38ec2021-12-21 10:41:53.943root 11241100x8000000000000000409578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69a4df9650bd999e2021-12-21 10:41:53.943root 11241100x8000000000000000409579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a398d8aa7d2229c2021-12-21 10:41:53.944root 11241100x8000000000000000409580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ce45463533392c2021-12-21 10:41:53.944root 11241100x8000000000000000409581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db4c4081e4886f32021-12-21 10:41:53.944root 11241100x8000000000000000409582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b031dc0e9f18ef962021-12-21 10:41:53.944root 11241100x8000000000000000409583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b6929c1c731add2021-12-21 10:41:53.944root 11241100x8000000000000000409584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62533b72d3e6ae382021-12-21 10:41:53.944root 11241100x8000000000000000409585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931152259737a37a2021-12-21 10:41:53.944root 11241100x8000000000000000409586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8673ca670b4eee52021-12-21 10:41:53.944root 11241100x8000000000000000409587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.983c7a4b97aae61b2021-12-21 10:41:53.945root 11241100x8000000000000000409588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c57a13e161fb7db02021-12-21 10:41:53.945root 11241100x8000000000000000409589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e29f38d424269e2021-12-21 10:41:53.945root 11241100x8000000000000000409590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.473c09c0b33410e22021-12-21 10:41:53.945root 11241100x8000000000000000409591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e267a061c703b62021-12-21 10:41:53.945root 11241100x8000000000000000409592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b599bb68f4b4e37f2021-12-21 10:41:53.945root 11241100x8000000000000000409593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9735409243d5635d2021-12-21 10:41:53.945root 11241100x8000000000000000409594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec473cc2e393fbd02021-12-21 10:41:53.946root 11241100x8000000000000000409595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fa9c22b1023942f2021-12-21 10:41:53.946root 11241100x8000000000000000409596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.607eb8812caa0ff32021-12-21 10:41:53.946root 11241100x8000000000000000409597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf0acac12b3943082021-12-21 10:41:53.946root 11241100x8000000000000000409598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dfeeb594852497e2021-12-21 10:41:53.946root 11241100x8000000000000000409599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30fe95926017fe1a2021-12-21 10:41:53.946root 11241100x8000000000000000409600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6eb3460818bbb522021-12-21 10:41:53.946root 11241100x8000000000000000409601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c763ef44dc6dd362021-12-21 10:41:53.947root 11241100x8000000000000000409602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be24792c4fc70b992021-12-21 10:41:53.947root 11241100x8000000000000000409603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a327734aa631e22a2021-12-21 10:41:53.947root 11241100x8000000000000000409604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b80ce5111e2de3ae2021-12-21 10:41:53.947root 11241100x8000000000000000409605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1d891da88af5cd82021-12-21 10:41:53.947root 11241100x8000000000000000409606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6090e1a985da07c22021-12-21 10:41:53.947root 11241100x8000000000000000409607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:53.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42666a94fa6feae82021-12-21 10:41:53.948root 354300x8000000000000000409608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.213{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47472-false10.0.1.12-8000- 11241100x8000000000000000409609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb97e04ce4793062021-12-21 10:41:54.215root 11241100x8000000000000000409610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.427c73c49dde4aa12021-12-21 10:41:54.215root 11241100x8000000000000000409611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f6a9c259fb59e732021-12-21 10:41:54.215root 11241100x8000000000000000409612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.672450dfd4a810e22021-12-21 10:41:54.215root 11241100x8000000000000000409613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.419454684b83c7872021-12-21 10:41:54.215root 11241100x8000000000000000409614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.288c4c3399dbaf832021-12-21 10:41:54.216root 11241100x8000000000000000409615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e0565f88caf8682021-12-21 10:41:54.216root 11241100x8000000000000000409616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e7d169568e5add2021-12-21 10:41:54.216root 11241100x8000000000000000409617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463fc0521b10fdc02021-12-21 10:41:54.216root 11241100x8000000000000000409618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c649b11168a7652021-12-21 10:41:54.216root 11241100x8000000000000000409619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e12f49e862cc7a2021-12-21 10:41:54.216root 11241100x8000000000000000409620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed759bf88a426532021-12-21 10:41:54.216root 11241100x8000000000000000409621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b542de5f53c0c312021-12-21 10:41:54.216root 11241100x8000000000000000409622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bb9b8bc971cdf3f2021-12-21 10:41:54.216root 11241100x8000000000000000409623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52264bd15aa9d0fe2021-12-21 10:41:54.217root 11241100x8000000000000000409624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.988dfdf3f99350d42021-12-21 10:41:54.217root 11241100x8000000000000000409625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52e77282c38d3ad02021-12-21 10:41:54.217root 11241100x8000000000000000409626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93556e482f32a2bb2021-12-21 10:41:54.217root 11241100x8000000000000000409627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca7010affdafeca2021-12-21 10:41:54.217root 11241100x8000000000000000409628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45012288c7d5eb682021-12-21 10:41:54.217root 11241100x8000000000000000409629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fea34a29e21ffe52021-12-21 10:41:54.217root 11241100x8000000000000000409630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c62c0e79a1f78f1d2021-12-21 10:41:54.217root 11241100x8000000000000000409631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f99ba88529e3e1eb2021-12-21 10:41:54.217root 11241100x8000000000000000409632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38fe7f6faaa55cda2021-12-21 10:41:54.217root 11241100x8000000000000000409633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e69f755243ac222021-12-21 10:41:54.217root 11241100x8000000000000000409634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fbacb93ee80fe3d2021-12-21 10:41:54.217root 11241100x8000000000000000409635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60419f6b73ef2e802021-12-21 10:41:54.217root 11241100x8000000000000000409636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.688b440ebdd92bd12021-12-21 10:41:54.217root 11241100x8000000000000000409637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b1740306c8701aa2021-12-21 10:41:54.217root 11241100x8000000000000000409638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bdf66c49b2d01632021-12-21 10:41:54.218root 11241100x8000000000000000409639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7a8e2178f04ef692021-12-21 10:41:54.218root 11241100x8000000000000000409640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d11088d34503231f2021-12-21 10:41:54.218root 11241100x8000000000000000409641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7372ff023c69bfd2021-12-21 10:41:54.218root 11241100x8000000000000000409642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a1835152c2b26cf2021-12-21 10:41:54.218root 11241100x8000000000000000409643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15271ffd510ad5112021-12-21 10:41:54.218root 11241100x8000000000000000409644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edef2b85fe3b48cf2021-12-21 10:41:54.218root 11241100x8000000000000000409645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c32b4fb4f85fdb2021-12-21 10:41:54.693root 11241100x8000000000000000409646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53a979fa8f99b852021-12-21 10:41:54.693root 11241100x8000000000000000409647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d113ef4e4fe8c5522021-12-21 10:41:54.693root 11241100x8000000000000000409648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7622c2d447473322021-12-21 10:41:54.693root 11241100x8000000000000000409649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c9bd1cc7841af32021-12-21 10:41:54.694root 11241100x8000000000000000409650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc6c3982123998462021-12-21 10:41:54.694root 11241100x8000000000000000409651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38afa3cbb9afd6322021-12-21 10:41:54.694root 11241100x8000000000000000409652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1675623e800603e2021-12-21 10:41:54.694root 11241100x8000000000000000409653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3fa7de9d7b194e82021-12-21 10:41:54.694root 11241100x8000000000000000409654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3353c882bfc8e22021-12-21 10:41:54.694root 11241100x8000000000000000409655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee343f119e9bad62021-12-21 10:41:54.694root 11241100x8000000000000000409656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00048bdf6ac216062021-12-21 10:41:54.694root 11241100x8000000000000000409657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d24bcb05ae02be72021-12-21 10:41:54.694root 11241100x8000000000000000409658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8755c85d44514dfd2021-12-21 10:41:54.694root 11241100x8000000000000000409659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8a1e888cb445fe12021-12-21 10:41:54.694root 11241100x8000000000000000409660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c931c64b86b24892021-12-21 10:41:54.694root 11241100x8000000000000000409661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab6f6bb4c1e8f8b2021-12-21 10:41:54.694root 11241100x8000000000000000409662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3977710702795532021-12-21 10:41:54.694root 11241100x8000000000000000409663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de89f0596792b6132021-12-21 10:41:54.694root 11241100x8000000000000000409664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.235a67502a6438062021-12-21 10:41:54.695root 11241100x8000000000000000409665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7b6508e544809ce2021-12-21 10:41:54.695root 11241100x8000000000000000409666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e079679567ca2bad2021-12-21 10:41:54.695root 11241100x8000000000000000409667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a2d15c6d7c321e02021-12-21 10:41:54.695root 11241100x8000000000000000409668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b6d475ea537fcd2021-12-21 10:41:54.695root 11241100x8000000000000000409669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b1227c4f6f31bbb2021-12-21 10:41:54.695root 11241100x8000000000000000409670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6889655a9cdd6f32021-12-21 10:41:54.695root 11241100x8000000000000000409671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeda6035d68b081f2021-12-21 10:41:54.695root 11241100x8000000000000000409672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff9e3ad6865e44d72021-12-21 10:41:54.695root 11241100x8000000000000000409673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc9c33fd1cbcd0f2021-12-21 10:41:54.695root 11241100x8000000000000000409674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be80701018cb7ff82021-12-21 10:41:54.695root 11241100x8000000000000000409675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.577608ee39b847512021-12-21 10:41:54.695root 11241100x8000000000000000409676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c5144bd02f0e112021-12-21 10:41:54.695root 11241100x8000000000000000409677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ec17fcf3df65bf12021-12-21 10:41:54.695root 11241100x8000000000000000409678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.806a7df6d67932212021-12-21 10:41:54.695root 11241100x8000000000000000409679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c592e889cd978c02021-12-21 10:41:54.696root 11241100x8000000000000000409680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.712b786bc1f394192021-12-21 10:41:54.696root 11241100x8000000000000000409681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a443795f494939312021-12-21 10:41:54.696root 11241100x8000000000000000409682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c2b6ffa5c5ea9f2021-12-21 10:41:54.696root 11241100x8000000000000000409683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc7c0e5238bf2552021-12-21 10:41:54.696root 11241100x8000000000000000409684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f202a478b0627ae2021-12-21 10:41:54.696root 11241100x8000000000000000409685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c389202cf824232021-12-21 10:41:54.696root 11241100x8000000000000000409686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36b6d1ddae0fbc202021-12-21 10:41:55.193root 11241100x8000000000000000409687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b994d92995c63a52021-12-21 10:41:55.193root 11241100x8000000000000000409688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf11bd822b6f6752021-12-21 10:41:55.194root 11241100x8000000000000000409689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a5b58f22423e3e72021-12-21 10:41:55.194root 11241100x8000000000000000409690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8f62988bd836b572021-12-21 10:41:55.194root 11241100x8000000000000000409691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed4723eb417fd912021-12-21 10:41:55.194root 11241100x8000000000000000409692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.986b593c2b7a64282021-12-21 10:41:55.194root 11241100x8000000000000000409693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aeac1985411a52b2021-12-21 10:41:55.194root 11241100x8000000000000000409694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c2ca4620a38c2ea2021-12-21 10:41:55.194root 11241100x8000000000000000409695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a052271c3c59a502021-12-21 10:41:55.194root 11241100x8000000000000000409696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed050464e3dc14ec2021-12-21 10:41:55.194root 11241100x8000000000000000409697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e009260f962b79772021-12-21 10:41:55.194root 11241100x8000000000000000409698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7549444e66eb14852021-12-21 10:41:55.194root 11241100x8000000000000000409699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb16a93d1e2383732021-12-21 10:41:55.194root 11241100x8000000000000000409700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f479451c6ada38f02021-12-21 10:41:55.195root 11241100x8000000000000000409701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de442931c8fa1e942021-12-21 10:41:55.195root 11241100x8000000000000000409702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a194b975ec7b28652021-12-21 10:41:55.195root 11241100x8000000000000000409703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10b316a814ac03c2021-12-21 10:41:55.195root 11241100x8000000000000000409704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f2d3fff92fd3162021-12-21 10:41:55.195root 11241100x8000000000000000409705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37fe9dc452007472021-12-21 10:41:55.195root 11241100x8000000000000000409706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.150df862f3b57a582021-12-21 10:41:55.195root 11241100x8000000000000000409707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f31a223be2ef4cb2021-12-21 10:41:55.195root 11241100x8000000000000000409708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5553d4ef44e6177f2021-12-21 10:41:55.195root 11241100x8000000000000000409709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cb26723f9f94fd02021-12-21 10:41:55.195root 11241100x8000000000000000409710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f17ac87f6252d42021-12-21 10:41:55.196root 11241100x8000000000000000409711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2532df3b4fb80c152021-12-21 10:41:55.196root 11241100x8000000000000000409712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a9eb8ed2e6612d2021-12-21 10:41:55.196root 11241100x8000000000000000409713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fab90c1c834fede52021-12-21 10:41:55.196root 11241100x8000000000000000409714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d47d31233491a5d2021-12-21 10:41:55.196root 11241100x8000000000000000409715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ed2ef970418c0b2021-12-21 10:41:55.196root 11241100x8000000000000000409716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e829afeb0fb7057e2021-12-21 10:41:55.196root 11241100x8000000000000000409717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c15a838f74ede6682021-12-21 10:41:55.196root 11241100x8000000000000000409718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85756dcbd9e93d4a2021-12-21 10:41:55.197root 11241100x8000000000000000409719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6baea2fdd7b4c7402021-12-21 10:41:55.197root 11241100x8000000000000000409720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32bb2339ca10fa5c2021-12-21 10:41:55.197root 11241100x8000000000000000409721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f8c8b93a67121b02021-12-21 10:41:55.197root 11241100x8000000000000000409722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f046f0c5081659a42021-12-21 10:41:55.693root 11241100x8000000000000000409723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2255c64bba931a7b2021-12-21 10:41:55.694root 11241100x8000000000000000409724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb74082dac5c5cd2021-12-21 10:41:55.694root 11241100x8000000000000000409725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5dafcd0ce80f622021-12-21 10:41:55.694root 11241100x8000000000000000409726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba9afaa045ebf6592021-12-21 10:41:55.694root 11241100x8000000000000000409727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53969b6681fc74762021-12-21 10:41:55.694root 11241100x8000000000000000409728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd72d44c2c3883592021-12-21 10:41:55.694root 11241100x8000000000000000409729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf0fba6458b3314b2021-12-21 10:41:55.694root 11241100x8000000000000000409730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f23a0fff6051712021-12-21 10:41:55.695root 11241100x8000000000000000409731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cf46ae0f76326ff2021-12-21 10:41:55.695root 11241100x8000000000000000409732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7a1d4ae1b792f3f2021-12-21 10:41:55.695root 11241100x8000000000000000409733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a82312491dcac0ae2021-12-21 10:41:55.695root 11241100x8000000000000000409734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dc230f4897bee552021-12-21 10:41:55.695root 11241100x8000000000000000409735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.441b5ce4d8ed8d2c2021-12-21 10:41:55.695root 11241100x8000000000000000409736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eefcb2250e3243a52021-12-21 10:41:55.695root 11241100x8000000000000000409737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41dca346a8f9cb8c2021-12-21 10:41:55.695root 11241100x8000000000000000409738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbbb673aa82953e62021-12-21 10:41:55.695root 11241100x8000000000000000409739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dee1b7d2cba5eb582021-12-21 10:41:55.696root 11241100x8000000000000000409740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d43e33ddffa8742021-12-21 10:41:55.696root 11241100x8000000000000000409741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3947c1fd196cbc42021-12-21 10:41:55.696root 11241100x8000000000000000409742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f3a66d7baffd9302021-12-21 10:41:55.696root 11241100x8000000000000000409743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ef14d984ec06822021-12-21 10:41:55.696root 11241100x8000000000000000409744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e712a9825c9e93152021-12-21 10:41:55.696root 11241100x8000000000000000409745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62a25747fb2d2e92021-12-21 10:41:55.696root 11241100x8000000000000000409746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81cb95ba58c84e7f2021-12-21 10:41:55.696root 11241100x8000000000000000409747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c312381f454cf2302021-12-21 10:41:55.697root 11241100x8000000000000000409748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a1d1fd9853c627b2021-12-21 10:41:55.697root 11241100x8000000000000000409749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cea1ec6164a41732021-12-21 10:41:55.697root 11241100x8000000000000000409750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.208dcbb195d8889c2021-12-21 10:41:55.697root 11241100x8000000000000000409751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cef9826779649652021-12-21 10:41:55.697root 11241100x8000000000000000409752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a285348d8f8a1a2021-12-21 10:41:55.698root 11241100x8000000000000000409753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a501746b152130fb2021-12-21 10:41:55.698root 11241100x8000000000000000409754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e09497bc23c6132021-12-21 10:41:55.698root 11241100x8000000000000000409755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f117ab9f9665aaf2021-12-21 10:41:55.698root 11241100x8000000000000000409756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3bcc76ea1b31d262021-12-21 10:41:55.699root 11241100x8000000000000000409757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a26d1c90e5d0942021-12-21 10:41:55.699root 11241100x8000000000000000409758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:55.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39dca8ba70f944742021-12-21 10:41:55.699root 11241100x8000000000000000409759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a1877edaf0c0c62021-12-21 10:41:56.193root 11241100x8000000000000000409760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3cfd4712c2b2a0b2021-12-21 10:41:56.193root 11241100x8000000000000000409761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f9bf46e7884add2021-12-21 10:41:56.193root 11241100x8000000000000000409762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f286d33ded480b352021-12-21 10:41:56.193root 11241100x8000000000000000409763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3567fdbae62ce7392021-12-21 10:41:56.194root 11241100x8000000000000000409764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.211c53e80e3351172021-12-21 10:41:56.194root 11241100x8000000000000000409765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.303b7e5c653aab002021-12-21 10:41:56.194root 11241100x8000000000000000409766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.381f678a6eca224d2021-12-21 10:41:56.194root 11241100x8000000000000000409767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2640d50e25a9bfd2021-12-21 10:41:56.194root 11241100x8000000000000000409768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eedb5aef832e7bdc2021-12-21 10:41:56.194root 11241100x8000000000000000409769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b73b3cbb852327882021-12-21 10:41:56.194root 11241100x8000000000000000409770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.819ffb37a8fcafb82021-12-21 10:41:56.194root 11241100x8000000000000000409771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbc3fb94310c27492021-12-21 10:41:56.194root 11241100x8000000000000000409772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a75e11fa94ee0e2021-12-21 10:41:56.194root 11241100x8000000000000000409773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21fe4b8acc78cb682021-12-21 10:41:56.194root 11241100x8000000000000000409774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28913b3ba4afcf082021-12-21 10:41:56.194root 11241100x8000000000000000409775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.311722b77cda0ab92021-12-21 10:41:56.194root 11241100x8000000000000000409776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff8a7864aa8e22f2021-12-21 10:41:56.195root 11241100x8000000000000000409777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.054ec6ffa3892c152021-12-21 10:41:56.195root 11241100x8000000000000000409778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8c43318960b28342021-12-21 10:41:56.195root 11241100x8000000000000000409779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10aa49db2a10b0032021-12-21 10:41:56.195root 11241100x8000000000000000409780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dbf65d9086c05c82021-12-21 10:41:56.195root 11241100x8000000000000000409781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.606565932c266cf22021-12-21 10:41:56.195root 11241100x8000000000000000409782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f1954498e48cba2021-12-21 10:41:56.195root 11241100x8000000000000000409783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f8807b6a06ef7c42021-12-21 10:41:56.195root 11241100x8000000000000000409784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b10ed5e987741502021-12-21 10:41:56.195root 11241100x8000000000000000409785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e946df34624f7dc22021-12-21 10:41:56.195root 11241100x8000000000000000409786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb365cba8b8db7ce2021-12-21 10:41:56.195root 11241100x8000000000000000409787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a63d4005ba1fe472021-12-21 10:41:56.195root 11241100x8000000000000000409788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74fb7f9f1dff7be02021-12-21 10:41:56.196root 11241100x8000000000000000409789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5099ce65cc463f2021-12-21 10:41:56.196root 11241100x8000000000000000409790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb3e472484a3b9df2021-12-21 10:41:56.196root 11241100x8000000000000000409791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea80ea84f7ae2622021-12-21 10:41:56.196root 11241100x8000000000000000409792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115547232b7992fc2021-12-21 10:41:56.196root 11241100x8000000000000000409793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e78760f3ffa5da02021-12-21 10:41:56.196root 11241100x8000000000000000409794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1bd852b2fa3cede2021-12-21 10:41:56.196root 11241100x8000000000000000409795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31bc79bd6b78f36c2021-12-21 10:41:56.196root 11241100x8000000000000000409796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b24d7344972349162021-12-21 10:41:56.693root 11241100x8000000000000000409797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa8a45ed959cbd532021-12-21 10:41:56.693root 11241100x8000000000000000409798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aceaa1526505b0272021-12-21 10:41:56.693root 11241100x8000000000000000409799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c560285db3300ad12021-12-21 10:41:56.693root 11241100x8000000000000000409800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15efa95a9f3658062021-12-21 10:41:56.694root 11241100x8000000000000000409801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ca252cdc6b6c392021-12-21 10:41:56.694root 11241100x8000000000000000409802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e2bde44ec5ea512021-12-21 10:41:56.694root 11241100x8000000000000000409803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14359b1213dedef82021-12-21 10:41:56.694root 11241100x8000000000000000409804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9c73779d636dc62021-12-21 10:41:56.694root 11241100x8000000000000000409805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc92b36ee29530a42021-12-21 10:41:56.694root 11241100x8000000000000000409806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.570ac8f55dbe6d792021-12-21 10:41:56.694root 11241100x8000000000000000409807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.273018471639ea4f2021-12-21 10:41:56.694root 11241100x8000000000000000409808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e04211e7c91342b12021-12-21 10:41:56.694root 11241100x8000000000000000409809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6712bb9206f6e7902021-12-21 10:41:56.695root 11241100x8000000000000000409810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1836f2eef7855b72021-12-21 10:41:56.695root 11241100x8000000000000000409811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a643b1f2936f087d2021-12-21 10:41:56.695root 11241100x8000000000000000409812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95e9c2e44abed8552021-12-21 10:41:56.695root 11241100x8000000000000000409813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef133ffbafa404e2021-12-21 10:41:56.695root 11241100x8000000000000000409814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e62986dc86fdd22021-12-21 10:41:56.695root 11241100x8000000000000000409815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a667a3a37915c02021-12-21 10:41:56.695root 11241100x8000000000000000409816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa51b56462d06d92021-12-21 10:41:56.695root 11241100x8000000000000000409817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.831801e654a231af2021-12-21 10:41:56.695root 11241100x8000000000000000409818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c27bf07c575c059f2021-12-21 10:41:56.695root 11241100x8000000000000000409819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed6e60c0fe5e31e82021-12-21 10:41:56.696root 11241100x8000000000000000409820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c21d4994959a072021-12-21 10:41:56.696root 11241100x8000000000000000409821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afacc02567bba4552021-12-21 10:41:56.696root 11241100x8000000000000000409822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fffdd1cd366ae5d82021-12-21 10:41:56.696root 11241100x8000000000000000409823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3095bc8680479a2021-12-21 10:41:56.696root 11241100x8000000000000000409824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b4a727b4c5d6de2021-12-21 10:41:56.696root 11241100x8000000000000000409825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8e3c0ad7a0494bf2021-12-21 10:41:56.696root 11241100x8000000000000000409826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.308158da5c8aac462021-12-21 10:41:56.696root 11241100x8000000000000000409827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed523ed259259faf2021-12-21 10:41:56.696root 11241100x8000000000000000409828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c802d63e52819152021-12-21 10:41:56.696root 11241100x8000000000000000409829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d8f66b3d27d5d042021-12-21 10:41:56.696root 11241100x8000000000000000409830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37be5fd7751f58ce2021-12-21 10:41:56.697root 11241100x8000000000000000409831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adc0f35a459f696f2021-12-21 10:41:56.697root 11241100x8000000000000000409832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:56.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8cd37de08627aa92021-12-21 10:41:56.697root 11241100x8000000000000000409833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c0c523f9f712002021-12-21 10:41:57.193root 11241100x8000000000000000409834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c67ddd09a3edf52021-12-21 10:41:57.194root 11241100x8000000000000000409835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be7320fa74bdba402021-12-21 10:41:57.194root 11241100x8000000000000000409836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee4abceafc4eb852021-12-21 10:41:57.194root 11241100x8000000000000000409837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da1b5a8bcc6537052021-12-21 10:41:57.194root 11241100x8000000000000000409838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1eab9bf76fcc4ea2021-12-21 10:41:57.194root 11241100x8000000000000000409839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db717171f4df7942021-12-21 10:41:57.194root 11241100x8000000000000000409840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfaccd9078e0ed272021-12-21 10:41:57.195root 11241100x8000000000000000409841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d03af3bc6b6030f02021-12-21 10:41:57.195root 11241100x8000000000000000409842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db04afa223667c22021-12-21 10:41:57.195root 11241100x8000000000000000409843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3cbe89391e5dc192021-12-21 10:41:57.195root 11241100x8000000000000000409844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b70f077b7c56d5d22021-12-21 10:41:57.195root 11241100x8000000000000000409845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a3c260227a4ce212021-12-21 10:41:57.195root 11241100x8000000000000000409846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c175b132e2a6ae12021-12-21 10:41:57.195root 11241100x8000000000000000409847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d7bdeda5a1c86e2021-12-21 10:41:57.196root 11241100x8000000000000000409848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f20f30fbccb67cb2021-12-21 10:41:57.196root 11241100x8000000000000000409849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ed8562dd764790e2021-12-21 10:41:57.196root 11241100x8000000000000000409850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00498b8aa5427e142021-12-21 10:41:57.196root 11241100x8000000000000000409851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a51029059a3c23a92021-12-21 10:41:57.196root 11241100x8000000000000000409852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be605f9cd0e157d72021-12-21 10:41:57.197root 11241100x8000000000000000409853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.039d826c6c9079b02021-12-21 10:41:57.197root 11241100x8000000000000000409854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76bb4ecfe4e9f80d2021-12-21 10:41:57.197root 11241100x8000000000000000409855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.742434a5d98adc832021-12-21 10:41:57.197root 11241100x8000000000000000409856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8800fd5fde0e61612021-12-21 10:41:57.197root 11241100x8000000000000000409857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa4720577cd9826e2021-12-21 10:41:57.198root 11241100x8000000000000000409858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3bcef0c41e451812021-12-21 10:41:57.198root 11241100x8000000000000000409859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb788730e18899492021-12-21 10:41:57.199root 11241100x8000000000000000409860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95de4d5b3c8fb1a82021-12-21 10:41:57.199root 11241100x8000000000000000409861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d6c241bf732c11c2021-12-21 10:41:57.199root 11241100x8000000000000000409862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a4fa8702fdd9072021-12-21 10:41:57.200root 11241100x8000000000000000409863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ba1a0db6b592c42021-12-21 10:41:57.200root 11241100x8000000000000000409864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb46f6c366839622021-12-21 10:41:57.200root 11241100x8000000000000000409865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953a5d523b77327d2021-12-21 10:41:57.201root 11241100x8000000000000000409866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.147654f2b5347d0e2021-12-21 10:41:57.201root 11241100x8000000000000000409867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f2e45144df110a62021-12-21 10:41:57.201root 11241100x8000000000000000409868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.021bff6ac9464d812021-12-21 10:41:57.201root 11241100x8000000000000000409869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b32ac318811caf2021-12-21 10:41:57.693root 11241100x8000000000000000409870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.985888756a0df1972021-12-21 10:41:57.693root 11241100x8000000000000000409871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209bfeda3736cc632021-12-21 10:41:57.693root 11241100x8000000000000000409872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba121367dc29dbcc2021-12-21 10:41:57.693root 11241100x8000000000000000409873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7acb2846804e68bc2021-12-21 10:41:57.693root 11241100x8000000000000000409874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a02d30927b19dd712021-12-21 10:41:57.693root 11241100x8000000000000000409875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82714e5d6e44ba602021-12-21 10:41:57.693root 11241100x8000000000000000409876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea455e1fa708be222021-12-21 10:41:57.693root 11241100x8000000000000000409877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a14b297398d108b2021-12-21 10:41:57.693root 11241100x8000000000000000409878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.310f1dbce1c0f3162021-12-21 10:41:57.693root 11241100x8000000000000000409879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c02784af4669c422021-12-21 10:41:57.694root 11241100x8000000000000000409880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ece9a8c048ff6eca2021-12-21 10:41:57.694root 11241100x8000000000000000409881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0414f4a9898a48e12021-12-21 10:41:57.694root 11241100x8000000000000000409882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd23470a1502fa22021-12-21 10:41:57.694root 11241100x8000000000000000409883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b48bc672e5334a242021-12-21 10:41:57.694root 11241100x8000000000000000409884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3a8107ea7c274a92021-12-21 10:41:57.694root 11241100x8000000000000000409885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d6ef7509cd405d2021-12-21 10:41:57.694root 11241100x8000000000000000409886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e31302eca0c1052021-12-21 10:41:57.694root 11241100x8000000000000000409887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b196918d4adcf84d2021-12-21 10:41:57.694root 11241100x8000000000000000409888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f26785d90503b4062021-12-21 10:41:57.694root 11241100x8000000000000000409889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3bea53447f15da72021-12-21 10:41:57.694root 11241100x8000000000000000409890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a74a4e364862d35b2021-12-21 10:41:57.694root 11241100x8000000000000000409891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4f4141f3530f78f2021-12-21 10:41:57.695root 11241100x8000000000000000409892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7139b375ee99cc872021-12-21 10:41:57.695root 11241100x8000000000000000409893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e452d4aab9763f222021-12-21 10:41:57.695root 11241100x8000000000000000409894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a62a2a76c750ad82021-12-21 10:41:57.695root 11241100x8000000000000000409895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8230d65c31ef8852021-12-21 10:41:57.695root 11241100x8000000000000000409896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4de5117727f84d732021-12-21 10:41:57.695root 11241100x8000000000000000409897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.996ce34d4c5075192021-12-21 10:41:57.695root 11241100x8000000000000000409898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc7d21c8782f36222021-12-21 10:41:57.695root 11241100x8000000000000000409899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5125cb5c6b7ef00e2021-12-21 10:41:57.695root 11241100x8000000000000000409900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.985a231dd9f120c62021-12-21 10:41:57.695root 11241100x8000000000000000409901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.263aba66b97a2d1c2021-12-21 10:41:57.696root 11241100x8000000000000000409902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709ae6df73b2d49f2021-12-21 10:41:57.696root 11241100x8000000000000000409903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1075c3d05f2615312021-12-21 10:41:57.696root 11241100x8000000000000000409904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4e3b0228872a1e2021-12-21 10:41:57.696root 11241100x8000000000000000409905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b570b09a9f1bc62021-12-21 10:41:57.696root 11241100x8000000000000000409906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2376e14238cf59432021-12-21 10:41:57.696root 11241100x8000000000000000409907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d17857f3f6e52e2021-12-21 10:41:57.696root 11241100x8000000000000000409908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f7f71189fb6cbe2021-12-21 10:41:57.696root 11241100x8000000000000000409909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7afd4f88e3918c2d2021-12-21 10:41:57.696root 11241100x8000000000000000409910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f046b37e02d518582021-12-21 10:41:57.697root 11241100x8000000000000000409911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e56baf5572032802021-12-21 10:41:57.697root 11241100x8000000000000000409912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1ce9ffcd1296b92021-12-21 10:41:57.697root 11241100x8000000000000000409913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693351ae0d40f5c02021-12-21 10:41:57.697root 11241100x8000000000000000409914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.660c6321738fe6582021-12-21 10:41:57.697root 11241100x8000000000000000409915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca89c82dc9daf7d2021-12-21 10:41:57.698root 11241100x8000000000000000409916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:57.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7699405b861868f2021-12-21 10:41:57.698root 11241100x8000000000000000409917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a949d7a6a5b30fdf2021-12-21 10:41:58.193root 11241100x8000000000000000409918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87053b1f080d66972021-12-21 10:41:58.193root 11241100x8000000000000000409919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45972a9ed6d7a4252021-12-21 10:41:58.193root 11241100x8000000000000000409920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37aee10990b696c22021-12-21 10:41:58.193root 11241100x8000000000000000409921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c4a735bbb156f7b2021-12-21 10:41:58.193root 11241100x8000000000000000409922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38c940ff70aa6c162021-12-21 10:41:58.193root 11241100x8000000000000000409923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.772c82fe90d4c8232021-12-21 10:41:58.193root 11241100x8000000000000000409924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dab9439f857aa1d2021-12-21 10:41:58.193root 11241100x8000000000000000409925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e049ea69bd35f4122021-12-21 10:41:58.194root 11241100x8000000000000000409926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3a7d27dfeab82092021-12-21 10:41:58.194root 11241100x8000000000000000409927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e60e055313ffb212021-12-21 10:41:58.194root 11241100x8000000000000000409928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0cd340becc5b712021-12-21 10:41:58.194root 11241100x8000000000000000409929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bf2a6d8eef3f2002021-12-21 10:41:58.194root 11241100x8000000000000000409930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d52c2f0b9d07df5b2021-12-21 10:41:58.194root 11241100x8000000000000000409931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b450eef91a4d902021-12-21 10:41:58.194root 11241100x8000000000000000409932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.898b43db0edcda902021-12-21 10:41:58.194root 11241100x8000000000000000409933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a30941abe0c57042021-12-21 10:41:58.194root 11241100x8000000000000000409934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242e7497ae41d8872021-12-21 10:41:58.194root 11241100x8000000000000000409935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.562eeabf7869cc8d2021-12-21 10:41:58.194root 11241100x8000000000000000409936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce8a4d112858c1a2021-12-21 10:41:58.194root 11241100x8000000000000000409937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3010a2a31d8b21802021-12-21 10:41:58.195root 11241100x8000000000000000409938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b12a07d0a7546f42021-12-21 10:41:58.195root 11241100x8000000000000000409939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47af5574373e0d8e2021-12-21 10:41:58.195root 11241100x8000000000000000409940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f962c7ece5c3d43d2021-12-21 10:41:58.195root 11241100x8000000000000000409941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07a214b6bd98df92021-12-21 10:41:58.195root 11241100x8000000000000000409942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d360fea4f72e97a2021-12-21 10:41:58.195root 11241100x8000000000000000409943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718cda8299c5fcae2021-12-21 10:41:58.195root 11241100x8000000000000000409944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e0080487220bcb02021-12-21 10:41:58.195root 11241100x8000000000000000409945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a5388af272dca682021-12-21 10:41:58.195root 11241100x8000000000000000409946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c243f397c45b6e102021-12-21 10:41:58.195root 11241100x8000000000000000409947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce5e5a28d5ff19ba2021-12-21 10:41:58.195root 11241100x8000000000000000409948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe0b23ec2a1679752021-12-21 10:41:58.195root 11241100x8000000000000000409949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d3062f353b27d542021-12-21 10:41:58.196root 11241100x8000000000000000409950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c59fa9cf263cfb2021-12-21 10:41:58.196root 11241100x8000000000000000409951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83025c64807d939b2021-12-21 10:41:58.196root 11241100x8000000000000000409952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3687595895b1b90e2021-12-21 10:41:58.196root 11241100x8000000000000000409953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd3b8da7041f0c32021-12-21 10:41:58.196root 11241100x8000000000000000409954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c5349fa37cdb1b22021-12-21 10:41:58.196root 11241100x8000000000000000409955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d55f44c14bc73202021-12-21 10:41:58.196root 11241100x8000000000000000409956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9948b17e91a88c552021-12-21 10:41:58.196root 11241100x8000000000000000409957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf2cbff39e0fbbe2021-12-21 10:41:58.196root 11241100x8000000000000000409958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.199{ec2b6afe-9233-61c1-c81a-006eee550000}454/lib/systemd/systemd-journald/var/log/journal/ec2b6afe52f9882cff7bf7f0661ea563/system.journal2021-12-21 10:41:58.199root 11241100x8000000000000000409959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1917e5dc87a8097c2021-12-21 10:41:58.201root 11241100x8000000000000000409960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c6b418d78d2c362021-12-21 10:41:58.201root 11241100x8000000000000000409961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1ca970d9bde1b8a2021-12-21 10:41:58.201root 11241100x8000000000000000409962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb64c0380e36e0f2021-12-21 10:41:58.201root 11241100x8000000000000000409963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd3b4868ce3c96c22021-12-21 10:41:58.202root 11241100x8000000000000000409964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d609ecbca998022021-12-21 10:41:58.203root 11241100x8000000000000000409965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5dc6e20b81ebec2021-12-21 10:41:58.203root 11241100x8000000000000000409966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.465d39cf48ae161b2021-12-21 10:41:58.203root 11241100x8000000000000000409967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.228b7f8a6e21aaf42021-12-21 10:41:58.203root 11241100x8000000000000000409968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acdb759f89b818df2021-12-21 10:41:58.203root 11241100x8000000000000000409969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7260f6633b9a06312021-12-21 10:41:58.203root 11241100x8000000000000000409970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c7abd6cf546adc2021-12-21 10:41:58.203root 11241100x8000000000000000409971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.092bfe21e38051c42021-12-21 10:41:58.203root 11241100x8000000000000000409972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af13401c4d80dbd32021-12-21 10:41:58.203root 11241100x8000000000000000409973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.863691e78ec184fd2021-12-21 10:41:58.203root 11241100x8000000000000000409974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ae7ad32929346362021-12-21 10:41:58.203root 11241100x8000000000000000409975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5745782564a15a32021-12-21 10:41:58.203root 11241100x8000000000000000409976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.855d3c378cbb7a082021-12-21 10:41:58.203root 11241100x8000000000000000409977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36aaffb347567d902021-12-21 10:41:58.203root 11241100x8000000000000000409978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c511a9dee4e2e3542021-12-21 10:41:58.204root 23542300x8000000000000000409979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.221{ec2b6afe-9233-61c1-c81a-006eee550000}454root/lib/systemd/systemd-journald/var/log/journal/ec2b6afe52f9882cff7bf7f0661ea563/user-1000@23a4030a05c14f4487fe6448e1318b5d-0000000000000000-0000000000000000.journal--- 11241100x8000000000000000409980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4744b5b1932fdfe2021-12-21 10:41:58.222root 11241100x8000000000000000409981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4377374fd6b1b8c2021-12-21 10:41:58.222root 534500x8000000000000000409982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.434{ec2b6afe-9233-61c1-c81a-006eee550000}454/lib/systemd/systemd-journaldroot 11241100x8000000000000000409983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9909922d3f3069ba2021-12-21 10:41:58.693root 11241100x8000000000000000409984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f9176f4094936892021-12-21 10:41:58.694root 11241100x8000000000000000409985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7a5f35e4bb7641d2021-12-21 10:41:58.694root 11241100x8000000000000000409986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc43050053e28562021-12-21 10:41:58.694root 11241100x8000000000000000409987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c0eaa204e47d9d52021-12-21 10:41:58.694root 11241100x8000000000000000409988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3873918b48f682ea2021-12-21 10:41:58.694root 11241100x8000000000000000409989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7eaeabce344697c2021-12-21 10:41:58.694root 11241100x8000000000000000409990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ce2829eef272412021-12-21 10:41:58.694root 11241100x8000000000000000409991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.350b96b2e32454d82021-12-21 10:41:58.694root 11241100x8000000000000000409992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b857d24641ea8332021-12-21 10:41:58.694root 11241100x8000000000000000409993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.681e65289926d1df2021-12-21 10:41:58.694root 11241100x8000000000000000409994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f066423e474d96b2021-12-21 10:41:58.694root 11241100x8000000000000000409995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8fef0dc75e526052021-12-21 10:41:58.695root 11241100x8000000000000000409996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a881ebd22ab7ee2021-12-21 10:41:58.695root 11241100x8000000000000000409997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8b759e2732bf7502021-12-21 10:41:58.695root 11241100x8000000000000000409998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.784b136fa19e76442021-12-21 10:41:58.695root 11241100x8000000000000000409999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c05471a7e7088062021-12-21 10:41:58.695root 11241100x8000000000000000410000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:41:58.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac60407214c23142021-12-21 10:41:58.695root 354300x8000000000000000410040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:00.078{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47474-false10.0.1.12-8000- 11241100x8000000000000000410041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:00.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb7a1374006fdf362021-12-21 10:42:00.442root 11241100x8000000000000000410042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:00.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.040e6f2edc3330032021-12-21 10:42:00.942root 11241100x8000000000000000410043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:01.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.060550adcaab1ddc2021-12-21 10:42:01.442root 11241100x8000000000000000410044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:01.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755663e27a1e9d012021-12-21 10:42:01.942root 11241100x8000000000000000410045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:02.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14df13ed9463f10b2021-12-21 10:42:02.442root 11241100x8000000000000000410046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:02.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.441d92a57a61fea62021-12-21 10:42:02.942root 11241100x8000000000000000410047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:03.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6decb91d2aa6c3f02021-12-21 10:42:03.442root 11241100x8000000000000000410048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:03.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1a85f50b4f7c772021-12-21 10:42:03.942root 11241100x8000000000000000410049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:04.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f194f79e4a91fae72021-12-21 10:42:04.442root 11241100x8000000000000000410050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:04.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ddf27da7b55ebf2021-12-21 10:42:04.942root 354300x8000000000000000410051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:05.245{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47476-false10.0.1.12-8000- 11241100x8000000000000000410052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:05.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e34f5aea88ffb42021-12-21 10:42:05.245root 11241100x8000000000000000410053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:05.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ae47b703d0866a2021-12-21 10:42:05.692root 11241100x8000000000000000410054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:05.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d121e8013c9acf5d2021-12-21 10:42:05.693root 11241100x8000000000000000410055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:06.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62eea1aa22e4cecc2021-12-21 10:42:06.192root 11241100x8000000000000000410056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:06.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bfcbf386c4e4bb42021-12-21 10:42:06.193root 11241100x8000000000000000410057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:06.344{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 10:42:06.344root 11241100x8000000000000000410058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d23e5f335b8da20d2021-12-21 10:42:06.693root 11241100x8000000000000000410059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaeb5462fc101af52021-12-21 10:42:06.693root 11241100x8000000000000000410060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2618a3ec637f10d12021-12-21 10:42:06.693root 11241100x8000000000000000410061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:07.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f544413b8768cb2021-12-21 10:42:07.192root 11241100x8000000000000000410062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6695ea0642ac7dd82021-12-21 10:42:07.193root 11241100x8000000000000000410063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7250a9c78c4f009b2021-12-21 10:42:07.193root 11241100x8000000000000000410064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:07.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a37ef491b406eb2021-12-21 10:42:07.692root 11241100x8000000000000000410065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f048d3cbf6e7392021-12-21 10:42:07.693root 11241100x8000000000000000410066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e519ae63ad0afc2021-12-21 10:42:07.693root 11241100x8000000000000000410067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72edc773d76c4c9b2021-12-21 10:42:08.193root 11241100x8000000000000000410068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08fa130be57457892021-12-21 10:42:08.193root 11241100x8000000000000000410069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26cbfd29816266982021-12-21 10:42:08.193root 11241100x8000000000000000410070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4e937c8f36fcc42021-12-21 10:42:08.693root 11241100x8000000000000000410071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b827a61239bcb22021-12-21 10:42:08.693root 11241100x8000000000000000410072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.844104c86569d32a2021-12-21 10:42:08.693root 11241100x8000000000000000410073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:09.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27cd085cb64f20402021-12-21 10:42:09.192root 11241100x8000000000000000410074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.107f4ecf1d7af48f2021-12-21 10:42:09.193root 11241100x8000000000000000410075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c095137dd695fe922021-12-21 10:42:09.193root 23542300x8000000000000000410076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:09.345{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 534500x8000000000000000410077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:09.524{ec2b6afe-9233-61c1-c81a-006eee550000}454/lib/systemd/systemd-journaldroot 534500x8000000000000000410078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:09.524{ec2b6afe-9233-61c1-c81a-006eee550000}454/lib/systemd/systemd-journaldroot 11241100x8000000000000000410079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:09.525{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.364063ac639a7d252021-12-21 10:42:09.525root 11241100x8000000000000000410080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:09.525{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e99be85cb6613f2021-12-21 10:42:09.525root 11241100x8000000000000000410081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:09.526{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d29f4bda057019492021-12-21 10:42:09.526root 11241100x8000000000000000410082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:09.526{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dda71ec7b15761332021-12-21 10:42:09.526root 11241100x8000000000000000410083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b230a1b8f1bafe2021-12-21 10:42:09.943root 11241100x8000000000000000410084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbfe46a33d2542bb2021-12-21 10:42:09.943root 11241100x8000000000000000410085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2349a22533c92622021-12-21 10:42:09.943root 11241100x8000000000000000410086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40381d3252639df42021-12-21 10:42:09.943root 11241100x8000000000000000410087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e1c0e1f8487edd2021-12-21 10:42:09.943root 11241100x8000000000000000410088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4455da67c3e463f2021-12-21 10:42:09.943root 11241100x8000000000000000410089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf55d140afe5c9c32021-12-21 10:42:10.443root 11241100x8000000000000000410090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9171d55c89c41a22021-12-21 10:42:10.443root 11241100x8000000000000000410091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7bb46fec331a8172021-12-21 10:42:10.443root 11241100x8000000000000000410092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ecf63211190176c2021-12-21 10:42:10.443root 11241100x8000000000000000410093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b2ed62198e765eb2021-12-21 10:42:10.443root 11241100x8000000000000000410094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f6bef0e80be5022021-12-21 10:42:10.443root 11241100x8000000000000000410095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a16bd919f2e1c3772021-12-21 10:42:10.943root 11241100x8000000000000000410096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1205aec466531b32021-12-21 10:42:10.943root 11241100x8000000000000000410097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b2a33f7334f88b2021-12-21 10:42:10.943root 11241100x8000000000000000410098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.243934a73b58d9182021-12-21 10:42:10.943root 11241100x8000000000000000410099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.485d366fe3904a072021-12-21 10:42:10.943root 11241100x8000000000000000410100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b4892da17458d4a2021-12-21 10:42:10.943root 354300x8000000000000000410101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:11.126{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47478-false10.0.1.12-8000- 11241100x8000000000000000410102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e77bf3a0e78fcfc62021-12-21 10:42:11.443root 11241100x8000000000000000410103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.464e340d215ce4842021-12-21 10:42:11.443root 11241100x8000000000000000410104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a56d4286248c6952021-12-21 10:42:11.443root 11241100x8000000000000000410105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4007ef36db1c3d92021-12-21 10:42:11.443root 11241100x8000000000000000410106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.451c3c0ff0cf4f492021-12-21 10:42:11.443root 11241100x8000000000000000410107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.505b09dfd383bcdb2021-12-21 10:42:11.443root 11241100x8000000000000000410108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b60b4adaa99a5d2021-12-21 10:42:11.444root 11241100x8000000000000000410109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe37aa0916dc17422021-12-21 10:42:11.943root 11241100x8000000000000000410110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a77cefd4f638c5f2021-12-21 10:42:11.943root 11241100x8000000000000000410111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df37e68556562632021-12-21 10:42:11.943root 11241100x8000000000000000410112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.875a9e16c5e58b4c2021-12-21 10:42:11.943root 11241100x8000000000000000410113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04d5ec684ba2cb962021-12-21 10:42:11.943root 11241100x8000000000000000410114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07048cfe685dd51b2021-12-21 10:42:11.943root 11241100x8000000000000000410115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d6aef0abf5a24ec2021-12-21 10:42:11.943root 11241100x8000000000000000410116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97dd3012075c6b362021-12-21 10:42:12.443root 11241100x8000000000000000410117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e54aa73b7d380442021-12-21 10:42:12.443root 11241100x8000000000000000410118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d33be24ab4b940a2021-12-21 10:42:12.443root 11241100x8000000000000000410119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faaf5cb5cb1266212021-12-21 10:42:12.443root 11241100x8000000000000000410120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43923c9c308ccb612021-12-21 10:42:12.443root 11241100x8000000000000000410121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee2ae9506026b6f2021-12-21 10:42:12.443root 11241100x8000000000000000410122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.594c915e8bf471f92021-12-21 10:42:12.443root 11241100x8000000000000000410123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b71f1a4718a957e72021-12-21 10:42:12.943root 11241100x8000000000000000410124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96bee1308f53dad72021-12-21 10:42:12.943root 11241100x8000000000000000410125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d77e9f7cd77008e2021-12-21 10:42:12.943root 11241100x8000000000000000410126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da2bb4fc420404e2021-12-21 10:42:12.943root 11241100x8000000000000000410127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1bb2c1f364730f12021-12-21 10:42:12.943root 11241100x8000000000000000410128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18ae45eb44f337e82021-12-21 10:42:12.943root 11241100x8000000000000000410129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd801707dda360492021-12-21 10:42:12.943root 11241100x8000000000000000410130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc8effd50f8fb5f2021-12-21 10:42:13.443root 11241100x8000000000000000410131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f480e9e9c4658a902021-12-21 10:42:13.443root 11241100x8000000000000000410132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ff255f3f813b602021-12-21 10:42:13.443root 11241100x8000000000000000410133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e1095a6093feaa2021-12-21 10:42:13.443root 11241100x8000000000000000410134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a7cec7b5b5cb2f2021-12-21 10:42:13.443root 11241100x8000000000000000410135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da8140a68ce2944b2021-12-21 10:42:13.443root 11241100x8000000000000000410136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f7b6b78bdd554272021-12-21 10:42:13.443root 11241100x8000000000000000410137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f07c5ee78879c2fa2021-12-21 10:42:13.943root 11241100x8000000000000000410138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29787ef5bcd573b72021-12-21 10:42:13.943root 11241100x8000000000000000410139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.719b7f9ed34002482021-12-21 10:42:13.943root 11241100x8000000000000000410140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63845d7e9fd324912021-12-21 10:42:13.943root 11241100x8000000000000000410141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e414b041ee8416742021-12-21 10:42:13.943root 11241100x8000000000000000410142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7e5ebd8c3c95a1a2021-12-21 10:42:13.943root 11241100x8000000000000000410143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181412b82ca423ef2021-12-21 10:42:13.943root 11241100x8000000000000000410144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6d4da30198066132021-12-21 10:42:14.443root 11241100x8000000000000000410145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd9f117cb2168b32021-12-21 10:42:14.443root 11241100x8000000000000000410146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b529970ffd44562021-12-21 10:42:14.443root 11241100x8000000000000000410147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf372c8fe7e7a3322021-12-21 10:42:14.443root 11241100x8000000000000000410148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01cdfaf0f65b55312021-12-21 10:42:14.443root 11241100x8000000000000000410149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00ffbff9a987a02d2021-12-21 10:42:14.443root 11241100x8000000000000000410150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d568bfe4389c847f2021-12-21 10:42:14.444root 11241100x8000000000000000410151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2ce4693537e4372021-12-21 10:42:14.943root 11241100x8000000000000000410152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.032b8a83f47dbb862021-12-21 10:42:14.943root 11241100x8000000000000000410153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0caba9501ff7efa82021-12-21 10:42:14.943root 11241100x8000000000000000410154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e66d3e8cc28b04612021-12-21 10:42:14.943root 11241100x8000000000000000410155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04eb764249c250d42021-12-21 10:42:14.943root 11241100x8000000000000000410156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.141519d1c97b1ef62021-12-21 10:42:14.943root 11241100x8000000000000000410157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12cd5d15f73ce072021-12-21 10:42:14.944root 11241100x8000000000000000410158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e8070263d222e2e2021-12-21 10:42:15.443root 11241100x8000000000000000410159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e90cce1ee0c1302021-12-21 10:42:15.443root 11241100x8000000000000000410160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e36cca813fe0272d2021-12-21 10:42:15.443root 11241100x8000000000000000410161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77cd3cd7c5ffaeb72021-12-21 10:42:15.443root 11241100x8000000000000000410162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.421bb359512a27262021-12-21 10:42:15.443root 11241100x8000000000000000410163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98081680567c75922021-12-21 10:42:15.443root 11241100x8000000000000000410164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07fd6f44be044662021-12-21 10:42:15.444root 11241100x8000000000000000410165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddb64d2ce987b8c32021-12-21 10:42:15.943root 11241100x8000000000000000410166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b6e3f1a3da8e0f2021-12-21 10:42:15.943root 11241100x8000000000000000410167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a02b0a47e9e65602021-12-21 10:42:15.943root 11241100x8000000000000000410168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d688ae8d0e302c2021-12-21 10:42:15.943root 11241100x8000000000000000410169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d606bb82303381b2021-12-21 10:42:15.943root 11241100x8000000000000000410170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7138489b95a82f42021-12-21 10:42:15.944root 11241100x8000000000000000410171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190c209842d6c7072021-12-21 10:42:15.944root 11241100x8000000000000000410172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.147edd1f49afe4a52021-12-21 10:42:16.443root 11241100x8000000000000000410173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9acc105c86a4ae202021-12-21 10:42:16.443root 11241100x8000000000000000410174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c8f65f27f204cef2021-12-21 10:42:16.444root 11241100x8000000000000000410175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccedf23e99e6bb2d2021-12-21 10:42:16.444root 11241100x8000000000000000410176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d6e3a568964732f2021-12-21 10:42:16.444root 11241100x8000000000000000410177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd00426ccba84432021-12-21 10:42:16.444root 11241100x8000000000000000410178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d736a0d5ce4d980e2021-12-21 10:42:16.445root 11241100x8000000000000000410179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92881f8493deb4462021-12-21 10:42:16.943root 11241100x8000000000000000410180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ba6c4a36fd79442021-12-21 10:42:16.943root 11241100x8000000000000000410181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da3f254e8c1452a72021-12-21 10:42:16.943root 11241100x8000000000000000410182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc975f67502f3bb82021-12-21 10:42:16.943root 11241100x8000000000000000410183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7ac2031ff0210732021-12-21 10:42:16.943root 11241100x8000000000000000410184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0885d909fb8104d2021-12-21 10:42:16.943root 11241100x8000000000000000410185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a9406ff553368732021-12-21 10:42:16.943root 354300x8000000000000000410186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:17.101{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47480-false10.0.1.12-8000- 11241100x8000000000000000410187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15cb95d9314086d32021-12-21 10:42:17.443root 11241100x8000000000000000410188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5e5621e29a4183a2021-12-21 10:42:17.443root 11241100x8000000000000000410189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a6a6dfb353c4e952021-12-21 10:42:17.443root 11241100x8000000000000000410190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a9c7e198f062522021-12-21 10:42:17.443root 11241100x8000000000000000410191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a31ceb09625efc92021-12-21 10:42:17.444root 11241100x8000000000000000410192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8916feffd20852222021-12-21 10:42:17.444root 11241100x8000000000000000410193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dafbf3654839d8422021-12-21 10:42:17.444root 11241100x8000000000000000410194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f217996a2ca883f2021-12-21 10:42:17.444root 11241100x8000000000000000410195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dca210dc0b0264db2021-12-21 10:42:17.943root 11241100x8000000000000000410196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a27a70fec4255952021-12-21 10:42:17.943root 11241100x8000000000000000410197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61f67dfe4831408a2021-12-21 10:42:17.943root 11241100x8000000000000000410198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc570283789a44c82021-12-21 10:42:17.943root 11241100x8000000000000000410199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96fb1b85a2b6bb7a2021-12-21 10:42:17.943root 11241100x8000000000000000410200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30da05562c5244502021-12-21 10:42:17.943root 11241100x8000000000000000410201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c4a2fc93e06cda2021-12-21 10:42:17.943root 11241100x8000000000000000410202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5497584f43d1e02021-12-21 10:42:17.943root 11241100x8000000000000000410203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef4cd23b3edfa7f2021-12-21 10:42:18.443root 11241100x8000000000000000410204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.592ecf72da0aa25e2021-12-21 10:42:18.443root 11241100x8000000000000000410205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc085c65d9ff99ac2021-12-21 10:42:18.443root 11241100x8000000000000000410206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f778027a63e9658b2021-12-21 10:42:18.443root 11241100x8000000000000000410207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf1f0abbdaa7f5bc2021-12-21 10:42:18.443root 11241100x8000000000000000410208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b849d1536436c6a32021-12-21 10:42:18.443root 11241100x8000000000000000410209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6422bb4149b34bea2021-12-21 10:42:18.443root 11241100x8000000000000000410210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1147ee264d89eb322021-12-21 10:42:18.443root 11241100x8000000000000000410211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115640b61f5b58dd2021-12-21 10:42:18.943root 11241100x8000000000000000410212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d370ab315770c01b2021-12-21 10:42:18.943root 11241100x8000000000000000410213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9127239e52786902021-12-21 10:42:18.943root 11241100x8000000000000000410214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e44a48322b1d7402021-12-21 10:42:18.943root 11241100x8000000000000000410215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf02c3580aecb822021-12-21 10:42:18.943root 11241100x8000000000000000410216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.348aba0d8803ae1c2021-12-21 10:42:18.943root 11241100x8000000000000000410217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628a756022b4fdb42021-12-21 10:42:18.943root 11241100x8000000000000000410218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d71b069c65f4abf02021-12-21 10:42:18.943root 11241100x8000000000000000410219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0150818f560e2cc62021-12-21 10:42:19.443root 11241100x8000000000000000410220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18528e173bebb5262021-12-21 10:42:19.443root 11241100x8000000000000000410221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66451637f9bcf6af2021-12-21 10:42:19.443root 11241100x8000000000000000410222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f7ffd35a3d229092021-12-21 10:42:19.443root 11241100x8000000000000000410223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea1d0ffff7ce50e2021-12-21 10:42:19.443root 11241100x8000000000000000410224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da8d6d2495774c562021-12-21 10:42:19.443root 11241100x8000000000000000410225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a11cae3294f33d2021-12-21 10:42:19.443root 11241100x8000000000000000410226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18b2028696d85b12021-12-21 10:42:19.444root 11241100x8000000000000000410227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c26aa5e63592eda32021-12-21 10:42:19.943root 11241100x8000000000000000410228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95c89846c03f46d72021-12-21 10:42:19.943root 11241100x8000000000000000410229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd74ad0ee58cad62021-12-21 10:42:19.943root 11241100x8000000000000000410230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccb46fd189cd97c62021-12-21 10:42:19.943root 11241100x8000000000000000410231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e957cc73d697862021-12-21 10:42:19.943root 11241100x8000000000000000410232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47c4f0aeadbd9ce62021-12-21 10:42:19.943root 11241100x8000000000000000410233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e88a34efeaa7ad42021-12-21 10:42:19.943root 11241100x8000000000000000410234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10defa9b416c49d42021-12-21 10:42:19.943root 11241100x8000000000000000410235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f75690f628e29b6f2021-12-21 10:42:20.443root 11241100x8000000000000000410236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5144c848fb3a88d42021-12-21 10:42:20.443root 11241100x8000000000000000410237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c36c60c2b547f7892021-12-21 10:42:20.443root 11241100x8000000000000000410238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce7cc04a92fbd3c2021-12-21 10:42:20.443root 11241100x8000000000000000410239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89fe1bf8db461a9d2021-12-21 10:42:20.443root 11241100x8000000000000000410240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f370186e662e4b622021-12-21 10:42:20.443root 11241100x8000000000000000410241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0709ccc55f338f872021-12-21 10:42:20.443root 11241100x8000000000000000410242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ab4fcd9a249e7a2021-12-21 10:42:20.443root 11241100x8000000000000000410243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70bec67d1ee9bbee2021-12-21 10:42:20.943root 11241100x8000000000000000410244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab3bad326673b632021-12-21 10:42:20.943root 11241100x8000000000000000410245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a784f28a1342532021-12-21 10:42:20.943root 11241100x8000000000000000410246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a2940b5c09739b2021-12-21 10:42:20.943root 11241100x8000000000000000410247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.debc4dc1623b5e752021-12-21 10:42:20.943root 11241100x8000000000000000410248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e2e51c8c511d4952021-12-21 10:42:20.943root 11241100x8000000000000000410249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.971448916ead53f62021-12-21 10:42:20.943root 11241100x8000000000000000410250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bae8b25cb2174c02021-12-21 10:42:20.943root 11241100x8000000000000000410251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2355b90d6fcb9e9d2021-12-21 10:42:21.443root 11241100x8000000000000000410252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c0ece912eef31eb2021-12-21 10:42:21.443root 11241100x8000000000000000410253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d11b5988d0e0b6f32021-12-21 10:42:21.443root 11241100x8000000000000000410254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d1328eb4add9fa62021-12-21 10:42:21.443root 11241100x8000000000000000410255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad50ff0f810351ff2021-12-21 10:42:21.443root 11241100x8000000000000000410256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.893089df1139c46e2021-12-21 10:42:21.443root 11241100x8000000000000000410257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3262d20368ee2c6a2021-12-21 10:42:21.443root 11241100x8000000000000000410258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98140d357d614ad42021-12-21 10:42:21.443root 11241100x8000000000000000410259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa7f32860c18e442021-12-21 10:42:21.943root 11241100x8000000000000000410260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3739fb4c972ae5f32021-12-21 10:42:21.943root 11241100x8000000000000000410261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec833d6316f83982021-12-21 10:42:21.943root 11241100x8000000000000000410262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d673525f886bc34c2021-12-21 10:42:21.943root 11241100x8000000000000000410263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecbb2196d88e0feb2021-12-21 10:42:21.943root 11241100x8000000000000000410264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.166033c166e9e85e2021-12-21 10:42:21.943root 11241100x8000000000000000410265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9398d7f7cfb122b22021-12-21 10:42:21.943root 11241100x8000000000000000410266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c2934d27c1007992021-12-21 10:42:21.943root 354300x8000000000000000410267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:22.185{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47482-false10.0.1.12-8000- 11241100x8000000000000000410268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e207a8ae97a30a7f2021-12-21 10:42:22.443root 11241100x8000000000000000410269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953d738e463bb0642021-12-21 10:42:22.443root 11241100x8000000000000000410270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752aa2139bb396c22021-12-21 10:42:22.443root 11241100x8000000000000000410271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b7a75fd212ace32021-12-21 10:42:22.443root 11241100x8000000000000000410272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f72762b07b234d2021-12-21 10:42:22.444root 11241100x8000000000000000410273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35aa5326489561a92021-12-21 10:42:22.444root 11241100x8000000000000000410274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e86d87ac11320672021-12-21 10:42:22.444root 11241100x8000000000000000410275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a891a6eb7b95185f2021-12-21 10:42:22.444root 11241100x8000000000000000410276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd7321c2422cd7772021-12-21 10:42:22.445root 11241100x8000000000000000410277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa49c1e0365d361f2021-12-21 10:42:22.943root 11241100x8000000000000000410278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d98519005723cfe62021-12-21 10:42:22.943root 11241100x8000000000000000410279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93da84f9ed9464fb2021-12-21 10:42:22.943root 11241100x8000000000000000410280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46178b50b62a18a22021-12-21 10:42:22.943root 11241100x8000000000000000410281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed226aa5946e45f2021-12-21 10:42:22.944root 11241100x8000000000000000410282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef5041907ae3db0c2021-12-21 10:42:22.944root 11241100x8000000000000000410283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c33b087cab429b932021-12-21 10:42:22.944root 11241100x8000000000000000410284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ccd007355d753942021-12-21 10:42:22.944root 11241100x8000000000000000410285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2adf9ef67e0b0002021-12-21 10:42:22.944root 11241100x8000000000000000410286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d99b6332463fe62021-12-21 10:42:23.443root 11241100x8000000000000000410287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b0fe834e1bec0282021-12-21 10:42:23.443root 11241100x8000000000000000410288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef4ae2b6f91178222021-12-21 10:42:23.443root 11241100x8000000000000000410289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be4965f9851d6d3c2021-12-21 10:42:23.443root 11241100x8000000000000000410290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec8e0a64cff5a2332021-12-21 10:42:23.443root 11241100x8000000000000000410291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e62db6918782dbd2021-12-21 10:42:23.443root 11241100x8000000000000000410292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21d4749d8a14bc1b2021-12-21 10:42:23.443root 11241100x8000000000000000410293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53256ccb6a6eeaa52021-12-21 10:42:23.443root 11241100x8000000000000000410294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c431244eace603d92021-12-21 10:42:23.443root 11241100x8000000000000000410295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07ce4f17991721382021-12-21 10:42:23.943root 11241100x8000000000000000410296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ed5d57c7aa959b62021-12-21 10:42:23.943root 11241100x8000000000000000410297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.661981193457dd752021-12-21 10:42:23.943root 11241100x8000000000000000410298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3608aa4a7c72b74a2021-12-21 10:42:23.943root 11241100x8000000000000000410299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e63ffe28940122e2021-12-21 10:42:23.943root 11241100x8000000000000000410300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fad8d87ec69517b2021-12-21 10:42:23.943root 11241100x8000000000000000410301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abeeaa79581d5a412021-12-21 10:42:23.943root 11241100x8000000000000000410302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0542ea1b8493e6e2021-12-21 10:42:23.944root 11241100x8000000000000000410303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcdfb713adf64a012021-12-21 10:42:23.944root 11241100x8000000000000000410304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b147e4bf206c35b2021-12-21 10:42:24.443root 11241100x8000000000000000410305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e2270642ddb7de22021-12-21 10:42:24.444root 11241100x8000000000000000410306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab315176f580aa822021-12-21 10:42:24.444root 11241100x8000000000000000410307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b5666433cb924b52021-12-21 10:42:24.444root 11241100x8000000000000000410308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b1396f6443f7152021-12-21 10:42:24.444root 11241100x8000000000000000410309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15fb8207715e53462021-12-21 10:42:24.445root 11241100x8000000000000000410310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77559ec109565b5a2021-12-21 10:42:24.445root 11241100x8000000000000000410311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a378c575f007f0c2021-12-21 10:42:24.445root 11241100x8000000000000000410312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01ebb199706f0042021-12-21 10:42:24.445root 11241100x8000000000000000410313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dc2136f664e932d2021-12-21 10:42:24.943root 11241100x8000000000000000410314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca59a7d253578e52021-12-21 10:42:24.943root 11241100x8000000000000000410315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5575fbd077192a7e2021-12-21 10:42:24.943root 11241100x8000000000000000410316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5696577ee278fb082021-12-21 10:42:24.943root 11241100x8000000000000000410317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8129e45edac0685d2021-12-21 10:42:24.943root 11241100x8000000000000000410318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d5664378bf6f2852021-12-21 10:42:24.943root 11241100x8000000000000000410319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e958fdf2688632e92021-12-21 10:42:24.943root 11241100x8000000000000000410320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.222638a42fca6c252021-12-21 10:42:24.943root 11241100x8000000000000000410321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e57e3c031754e1a72021-12-21 10:42:24.943root 354300x8000000000000000410322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:25.198{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-34548-false10.0.1.12-8089- 11241100x8000000000000000410323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:25.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e6fc69b857caaaa2021-12-21 10:42:25.199root 11241100x8000000000000000410324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:25.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aebf19658c9d1832021-12-21 10:42:25.199root 11241100x8000000000000000410325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:25.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eca07f5cdbcad342021-12-21 10:42:25.199root 11241100x8000000000000000410326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:25.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2479784b266b76a2021-12-21 10:42:25.199root 11241100x8000000000000000410327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:25.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d986651cd41bb1f82021-12-21 10:42:25.199root 11241100x8000000000000000410328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:25.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3f20c77aa4891342021-12-21 10:42:25.199root 11241100x8000000000000000410329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:25.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb89226f30a62122021-12-21 10:42:25.199root 11241100x8000000000000000410330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:25.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c85ca41c882ff2c2021-12-21 10:42:25.200root 11241100x8000000000000000410331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:25.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c6bf58fd8e7aba62021-12-21 10:42:25.200root 11241100x8000000000000000410332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:25.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58bcaae5cc683d102021-12-21 10:42:25.200root 11241100x8000000000000000410333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13241a41320a066f2021-12-21 10:42:25.693root 11241100x8000000000000000410334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b95e0ac6c02d092021-12-21 10:42:25.693root 11241100x8000000000000000410335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0376ba1b0a1447ac2021-12-21 10:42:25.693root 11241100x8000000000000000410336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331e807662e85b1c2021-12-21 10:42:25.693root 11241100x8000000000000000410337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fad179a24a6b95662021-12-21 10:42:25.693root 11241100x8000000000000000410338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf2702a0221fb91a2021-12-21 10:42:25.694root 11241100x8000000000000000410339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdee24707a9aac742021-12-21 10:42:25.694root 11241100x8000000000000000410340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c71cdf63ed13e7b2021-12-21 10:42:25.694root 11241100x8000000000000000410341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e34ad4ec1b2d5f9c2021-12-21 10:42:25.694root 11241100x8000000000000000410342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86401365dc192c272021-12-21 10:42:25.694root 11241100x8000000000000000410343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:26.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02ddfda00b4fdaf62021-12-21 10:42:26.193root 11241100x8000000000000000410344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:26.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12659dc62c16e7d2021-12-21 10:42:26.193root 11241100x8000000000000000410345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:26.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd4c07738c7c007c2021-12-21 10:42:26.193root 11241100x8000000000000000410346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.870e4d4e22b691cf2021-12-21 10:42:26.194root 11241100x8000000000000000410347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e497c984471ff062021-12-21 10:42:26.194root 11241100x8000000000000000410348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a20cd40c2631082a2021-12-21 10:42:26.194root 11241100x8000000000000000410349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f4aa65ac31a3c82021-12-21 10:42:26.194root 11241100x8000000000000000410350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb790cfaf9d770132021-12-21 10:42:26.194root 11241100x8000000000000000410351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ba54ea931e0c6522021-12-21 10:42:26.194root 11241100x8000000000000000410352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ae8d63f00b26bc2021-12-21 10:42:26.194root 11241100x8000000000000000410353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ac23b68c30f71ea2021-12-21 10:42:26.693root 11241100x8000000000000000410354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.353b8ed77c7b7d912021-12-21 10:42:26.693root 11241100x8000000000000000410355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7dbda00488fcdcd2021-12-21 10:42:26.693root 11241100x8000000000000000410356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b213b3de6faa0dd2021-12-21 10:42:26.693root 11241100x8000000000000000410357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be5f470f44c0d5452021-12-21 10:42:26.693root 11241100x8000000000000000410358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f63d95346530c572021-12-21 10:42:26.693root 11241100x8000000000000000410359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab0d9fb44e89b802021-12-21 10:42:26.694root 11241100x8000000000000000410360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5137aecf0889e6392021-12-21 10:42:26.694root 11241100x8000000000000000410361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c4456f763e405d2021-12-21 10:42:26.694root 11241100x8000000000000000410362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b4e4efe4b1b3742021-12-21 10:42:26.694root 11241100x8000000000000000410363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b415fa91dee71f082021-12-21 10:42:27.193root 11241100x8000000000000000410364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df0b91df1d240372021-12-21 10:42:27.193root 11241100x8000000000000000410365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81400fedc676b6962021-12-21 10:42:27.193root 11241100x8000000000000000410366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.391432fc25a7522c2021-12-21 10:42:27.193root 11241100x8000000000000000410367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce56c83bea2d82112021-12-21 10:42:27.194root 11241100x8000000000000000410368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd74e365c6c62392021-12-21 10:42:27.194root 11241100x8000000000000000410369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.865bb2459d70b40d2021-12-21 10:42:27.194root 11241100x8000000000000000410370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33b6d395e6a67fdc2021-12-21 10:42:27.194root 11241100x8000000000000000410371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98506a419e23b8342021-12-21 10:42:27.195root 11241100x8000000000000000410372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03d335d9c5172632021-12-21 10:42:27.195root 11241100x8000000000000000410373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cd4acd783207eab2021-12-21 10:42:27.693root 11241100x8000000000000000410374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.846af183ec06ca0f2021-12-21 10:42:27.693root 11241100x8000000000000000410375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a38656526b8546162021-12-21 10:42:27.693root 11241100x8000000000000000410376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c87848aabf72029d2021-12-21 10:42:27.694root 11241100x8000000000000000410377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d813a2b484ed6c5a2021-12-21 10:42:27.694root 11241100x8000000000000000410378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12bac4452adc99be2021-12-21 10:42:27.694root 11241100x8000000000000000410379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.043cea80d70d905c2021-12-21 10:42:27.694root 11241100x8000000000000000410380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb933ee5342ff0c2021-12-21 10:42:27.695root 11241100x8000000000000000410381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b57baef7890b8f82021-12-21 10:42:27.695root 11241100x8000000000000000410382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51bfa02c3c2a79042021-12-21 10:42:27.695root 354300x8000000000000000410383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:28.093{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47486-false10.0.1.12-8000- 11241100x8000000000000000410384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:28.093{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff277669a46e4ac2021-12-21 10:42:28.093root 11241100x8000000000000000410385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:28.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48676139c11747e32021-12-21 10:42:28.094root 11241100x8000000000000000410386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:28.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cdec9c9a072fa562021-12-21 10:42:28.094root 11241100x8000000000000000410387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:28.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54ba0cdb4b75c7032021-12-21 10:42:28.094root 11241100x8000000000000000410388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:28.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.003de4dfc34271972021-12-21 10:42:28.094root 11241100x8000000000000000410389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:28.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fbe6f225bcfb7332021-12-21 10:42:28.094root 11241100x8000000000000000410390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:28.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec2a64097a3936112021-12-21 10:42:28.094root 11241100x8000000000000000410391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:28.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adc21319c7f140652021-12-21 10:42:28.094root 11241100x8000000000000000410392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:28.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68855f5bee70b1332021-12-21 10:42:28.094root 11241100x8000000000000000410393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:28.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bfc9805eb40c4a02021-12-21 10:42:28.094root 11241100x8000000000000000410394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:28.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.044b522a0c223d4a2021-12-21 10:42:28.094root 11241100x8000000000000000410395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4468fddf9c95b642021-12-21 10:42:28.443root 11241100x8000000000000000410396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1595b9d76c68dd52021-12-21 10:42:28.443root 11241100x8000000000000000410397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a430a15007d6d02021-12-21 10:42:28.443root 11241100x8000000000000000410398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa850177f26718be2021-12-21 10:42:28.443root 11241100x8000000000000000410399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.decfe461dd0b15262021-12-21 10:42:28.443root 11241100x8000000000000000410400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dd9aa7fbc4a8d642021-12-21 10:42:28.443root 11241100x8000000000000000410401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d6cd17e08d59572021-12-21 10:42:28.443root 11241100x8000000000000000410402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86465bb57f29c1082021-12-21 10:42:28.443root 11241100x8000000000000000410403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1401cfe11e5b052f2021-12-21 10:42:28.443root 11241100x8000000000000000410404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db466c23f92133362021-12-21 10:42:28.444root 11241100x8000000000000000410405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb97ab437a05c35e2021-12-21 10:42:28.444root 11241100x8000000000000000410406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58287c660c8094a52021-12-21 10:42:28.943root 11241100x8000000000000000410407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.852ba1f6ffe33c662021-12-21 10:42:28.943root 11241100x8000000000000000410408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.870edec8b6899c212021-12-21 10:42:28.943root 11241100x8000000000000000410409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11113257f007fad22021-12-21 10:42:28.943root 11241100x8000000000000000410410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2eb68b1452ff4a32021-12-21 10:42:28.943root 11241100x8000000000000000410411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.035577c7d0b529242021-12-21 10:42:28.943root 11241100x8000000000000000410412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b5449f5fa1192af2021-12-21 10:42:28.943root 11241100x8000000000000000410413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed02e6e1760836362021-12-21 10:42:28.944root 11241100x8000000000000000410414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d97fea6d6aff9bc22021-12-21 10:42:28.944root 11241100x8000000000000000410415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c42ddb3b15490e2021-12-21 10:42:28.944root 11241100x8000000000000000410416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5346a4fe1b34cfeb2021-12-21 10:42:28.944root 11241100x8000000000000000410417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c1f805abb3f48862021-12-21 10:42:29.443root 11241100x8000000000000000410418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.806e146b5d329ec02021-12-21 10:42:29.443root 11241100x8000000000000000410419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c7f4e3d03b96372021-12-21 10:42:29.443root 11241100x8000000000000000410420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24417844492e7ad62021-12-21 10:42:29.443root 11241100x8000000000000000410421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.005acd0b827d3ee02021-12-21 10:42:29.444root 11241100x8000000000000000410422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be071292800e9b782021-12-21 10:42:29.444root 11241100x8000000000000000410423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c4415e4907643ab2021-12-21 10:42:29.444root 11241100x8000000000000000410424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f70e6e704154c5302021-12-21 10:42:29.444root 11241100x8000000000000000410425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de337d766340371f2021-12-21 10:42:29.444root 11241100x8000000000000000410426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80979a250186cc462021-12-21 10:42:29.444root 11241100x8000000000000000410427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.153d0d4b143106062021-12-21 10:42:29.444root 11241100x8000000000000000410428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14eaef18f023ec782021-12-21 10:42:29.943root 11241100x8000000000000000410429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d04fe6bef79a77c2021-12-21 10:42:29.943root 11241100x8000000000000000410430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63902ff7c77c22062021-12-21 10:42:29.943root 11241100x8000000000000000410431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.715382d5d3a0852c2021-12-21 10:42:29.943root 11241100x8000000000000000410432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e93eb2c95f07ce42021-12-21 10:42:29.943root 11241100x8000000000000000410433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbe7d5bc88dc6afc2021-12-21 10:42:29.943root 11241100x8000000000000000410434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e095dd295c303a2021-12-21 10:42:29.943root 11241100x8000000000000000410435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9fb92c674b3f51e2021-12-21 10:42:29.944root 11241100x8000000000000000410436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b32cffab78f584702021-12-21 10:42:29.944root 11241100x8000000000000000410437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3878e6c2119e7302021-12-21 10:42:29.944root 11241100x8000000000000000410438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d241ac5673469e22021-12-21 10:42:29.944root 11241100x8000000000000000410439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ceddec46e3cbe022021-12-21 10:42:30.443root 11241100x8000000000000000410440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3470b5f88a2c35db2021-12-21 10:42:30.443root 11241100x8000000000000000410441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8b34d3a1fb05b782021-12-21 10:42:30.443root 11241100x8000000000000000410442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a40801cb96ddfd62021-12-21 10:42:30.443root 11241100x8000000000000000410443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e09faaa0a58e15082021-12-21 10:42:30.444root 11241100x8000000000000000410444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea13c62c7d1c51c2021-12-21 10:42:30.444root 11241100x8000000000000000410445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c8cf52e8c20847f2021-12-21 10:42:30.444root 11241100x8000000000000000410446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a998f0bde30317992021-12-21 10:42:30.444root 11241100x8000000000000000410447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b02dd9f25b2b222021-12-21 10:42:30.444root 11241100x8000000000000000410448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0633961b2024a93a2021-12-21 10:42:30.444root 11241100x8000000000000000410449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4641e9ba5f006f12021-12-21 10:42:30.444root 11241100x8000000000000000410450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1005f35e0aac6a602021-12-21 10:42:30.943root 11241100x8000000000000000410451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56d4f4fe788341222021-12-21 10:42:30.943root 11241100x8000000000000000410452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52bb0aa74d109faf2021-12-21 10:42:30.943root 11241100x8000000000000000410453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d51c402d8acae5102021-12-21 10:42:30.943root 11241100x8000000000000000410454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b83928e9ab9fd02021-12-21 10:42:30.943root 11241100x8000000000000000410455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24dc81bec4aa61122021-12-21 10:42:30.943root 11241100x8000000000000000410456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6548f6e6f63c871f2021-12-21 10:42:30.943root 11241100x8000000000000000410457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d6e069cd2a850cf2021-12-21 10:42:30.943root 11241100x8000000000000000410458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b752f024b7a32a612021-12-21 10:42:30.944root 11241100x8000000000000000410459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8017c030a8b0d392021-12-21 10:42:30.944root 11241100x8000000000000000410460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a0d287f80a43012021-12-21 10:42:30.944root 154100x8000000000000000410461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:31.282{ec2b6afe-af97-61c1-6804-90301d560000}9763/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 11241100x8000000000000000410462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:31.283{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef09665b6ee50d812021-12-21 10:42:31.283root 11241100x8000000000000000410463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:31.283{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0108108303db5e9e2021-12-21 10:42:31.283root 11241100x8000000000000000410464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:31.283{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d930da546f1a9042021-12-21 10:42:31.283root 11241100x8000000000000000410465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:31.283{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90cef3233fde08d52021-12-21 10:42:31.283root 11241100x8000000000000000410466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:31.283{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d08d474274885b22021-12-21 10:42:31.283root 11241100x8000000000000000410467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:31.284{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9961d1c61080f7102021-12-21 10:42:31.284root 11241100x8000000000000000410468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:31.284{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c95c42933175f12021-12-21 10:42:31.284root 11241100x8000000000000000410469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:31.284{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b63fc632003419162021-12-21 10:42:31.284root 11241100x8000000000000000410470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:31.284{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab733510a0986c42021-12-21 10:42:31.284root 11241100x8000000000000000410471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:31.284{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6671a7b39c99a2212021-12-21 10:42:31.284root 11241100x8000000000000000410472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:31.284{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6653f38cfe30ad72021-12-21 10:42:31.284root 11241100x8000000000000000410473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:31.284{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84dd2b17ed0d772d2021-12-21 10:42:31.284root 11241100x8000000000000000410474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:31.284{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14380e00bbac86082021-12-21 10:42:31.284root 11241100x8000000000000000410475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:31.285{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e4a4467e9daa89e2021-12-21 10:42:31.285root 534500x8000000000000000410476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:31.294{ec2b6afe-af97-61c1-6804-90301d560000}9763/bin/psroot 11241100x8000000000000000410477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa1f10a33b81a272021-12-21 10:42:31.693root 11241100x8000000000000000410478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bfbbf2f846bb95d2021-12-21 10:42:31.693root 11241100x8000000000000000410479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b49d5e379807b912021-12-21 10:42:31.693root 11241100x8000000000000000410480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a01dc6fb1af3152021-12-21 10:42:31.694root 11241100x8000000000000000410481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d7701891b50abb2021-12-21 10:42:31.694root 11241100x8000000000000000410482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ac7113843928162021-12-21 10:42:31.694root 11241100x8000000000000000410483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d135a635017ee1392021-12-21 10:42:31.694root 11241100x8000000000000000410484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feea6a945b9b71092021-12-21 10:42:31.695root 11241100x8000000000000000410485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcd8dd809af9975f2021-12-21 10:42:31.695root 11241100x8000000000000000410486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb0a48384254ad92021-12-21 10:42:31.695root 11241100x8000000000000000410487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.025205a63ac57c812021-12-21 10:42:31.695root 11241100x8000000000000000410488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3018ee378a645a1d2021-12-21 10:42:31.696root 11241100x8000000000000000410489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.972e115126c41e462021-12-21 10:42:31.696root 11241100x8000000000000000410490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e02d0eed8f767862021-12-21 10:42:32.193root 11241100x8000000000000000410491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb3912d5f0688a972021-12-21 10:42:32.193root 11241100x8000000000000000410492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d41e795153a27ff32021-12-21 10:42:32.193root 11241100x8000000000000000410493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9faf9e59433bdfb72021-12-21 10:42:32.193root 11241100x8000000000000000410494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088d9139e49edf092021-12-21 10:42:32.193root 11241100x8000000000000000410495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01fe86af488e8f6b2021-12-21 10:42:32.193root 11241100x8000000000000000410496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45bf6efc392a90ab2021-12-21 10:42:32.194root 11241100x8000000000000000410497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b90e2c2c787c8a2021-12-21 10:42:32.194root 11241100x8000000000000000410498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e765b7ada4e30642021-12-21 10:42:32.194root 11241100x8000000000000000410499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.570dea25254dcd182021-12-21 10:42:32.194root 11241100x8000000000000000410500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f18a44eb6cdf2792021-12-21 10:42:32.194root 11241100x8000000000000000410501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca545e28629ce552021-12-21 10:42:32.194root 11241100x8000000000000000410502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6e84355964f73bd2021-12-21 10:42:32.194root 11241100x8000000000000000410503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b94026b274a38ed2021-12-21 10:42:32.693root 11241100x8000000000000000410504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9001b510627e1962021-12-21 10:42:32.693root 11241100x8000000000000000410505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4addf576f584d8a2021-12-21 10:42:32.693root 11241100x8000000000000000410506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc0bd98cdea26ab72021-12-21 10:42:32.693root 11241100x8000000000000000410507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f60ee08dbb391b22021-12-21 10:42:32.693root 11241100x8000000000000000410508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f82db25a72bf2612021-12-21 10:42:32.694root 11241100x8000000000000000410509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f33192ec45c3bc72021-12-21 10:42:32.694root 11241100x8000000000000000410510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22cea6d7e89717612021-12-21 10:42:32.694root 11241100x8000000000000000410511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c941af06181f83c42021-12-21 10:42:32.694root 11241100x8000000000000000410512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aefbc64960bcba1e2021-12-21 10:42:32.694root 11241100x8000000000000000410513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a15b709fa55d91c2021-12-21 10:42:32.694root 11241100x8000000000000000410514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee469c81292207d62021-12-21 10:42:32.694root 11241100x8000000000000000410515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffdfaecf32e233622021-12-21 10:42:32.695root 11241100x8000000000000000410516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8d664522d860572021-12-21 10:42:33.193root 11241100x8000000000000000410517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.450ff7e1142bf1d92021-12-21 10:42:33.193root 11241100x8000000000000000410518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0012eadb987dbbef2021-12-21 10:42:33.193root 11241100x8000000000000000410519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.450f22531d74ff002021-12-21 10:42:33.194root 11241100x8000000000000000410520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc3ba4d0cf28ddd32021-12-21 10:42:33.194root 11241100x8000000000000000410521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec76e2da11eecb382021-12-21 10:42:33.194root 11241100x8000000000000000410522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.759373c01d43732b2021-12-21 10:42:33.194root 11241100x8000000000000000410523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff2242d71c9325e2021-12-21 10:42:33.194root 11241100x8000000000000000410524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c85727ec1d43cb9a2021-12-21 10:42:33.194root 11241100x8000000000000000410525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c21c36b4a107f2502021-12-21 10:42:33.195root 11241100x8000000000000000410526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8496b902697518582021-12-21 10:42:33.195root 11241100x8000000000000000410527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887044658e7f1b1b2021-12-21 10:42:33.195root 11241100x8000000000000000410528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95748f86c3a963d02021-12-21 10:42:33.195root 11241100x8000000000000000410529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.239997f05edf8b5f2021-12-21 10:42:33.693root 11241100x8000000000000000410530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d193b2024033382021-12-21 10:42:33.693root 11241100x8000000000000000410531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef19930522b528762021-12-21 10:42:33.693root 11241100x8000000000000000410532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb55a872e0f823122021-12-21 10:42:33.693root 11241100x8000000000000000410533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66918abe533d04922021-12-21 10:42:33.693root 11241100x8000000000000000410534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.733b0c209fc177362021-12-21 10:42:33.693root 11241100x8000000000000000410535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11379c448c1d97252021-12-21 10:42:33.693root 11241100x8000000000000000410536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86770a691fea7db12021-12-21 10:42:33.694root 11241100x8000000000000000410537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc59f0429aef7d42021-12-21 10:42:33.694root 11241100x8000000000000000410538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ea87be8009efa32021-12-21 10:42:33.694root 11241100x8000000000000000410539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52380b963b9a14972021-12-21 10:42:33.694root 11241100x8000000000000000410540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.203be03bcacea2c82021-12-21 10:42:33.694root 11241100x8000000000000000410541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b035a80a2a1f7abe2021-12-21 10:42:33.694root 354300x8000000000000000410542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:34.054{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47488-false10.0.1.12-8000- 11241100x8000000000000000410543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:34.056{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b2ea3a06799a15b2021-12-21 10:42:34.056root 11241100x8000000000000000410544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:34.056{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f3c4df6fb02f6e92021-12-21 10:42:34.056root 11241100x8000000000000000410545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:34.056{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b44699e2c926bcb2021-12-21 10:42:34.056root 11241100x8000000000000000410546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:34.056{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8538f8312362da2021-12-21 10:42:34.056root 11241100x8000000000000000410547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:34.056{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d72791873bbf9322021-12-21 10:42:34.056root 11241100x8000000000000000410548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:34.056{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f10740971c1f45e2021-12-21 10:42:34.056root 11241100x8000000000000000410549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:34.056{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a6528892eb527752021-12-21 10:42:34.056root 11241100x8000000000000000410550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:34.057{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e0b8fb4d4d61762021-12-21 10:42:34.057root 11241100x8000000000000000410551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:34.057{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.714bbfb4f47ebb5d2021-12-21 10:42:34.057root 11241100x8000000000000000410552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:34.057{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8744e3da260c5e3a2021-12-21 10:42:34.057root 11241100x8000000000000000410553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:34.057{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea7b8b56863066912021-12-21 10:42:34.057root 11241100x8000000000000000410554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:34.057{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.342ed7ea6c1b39182021-12-21 10:42:34.057root 11241100x8000000000000000410555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:34.057{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.999274b01f9dbb2f2021-12-21 10:42:34.057root 11241100x8000000000000000410556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:34.057{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f8bf64469ff2ed72021-12-21 10:42:34.057root 11241100x8000000000000000410557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa7de64f108cbcd2021-12-21 10:42:34.443root 11241100x8000000000000000410558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1770515fa13b02e62021-12-21 10:42:34.443root 11241100x8000000000000000410559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e93cf09a4e44fde2021-12-21 10:42:34.443root 11241100x8000000000000000410560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d8081b4c67becc72021-12-21 10:42:34.443root 11241100x8000000000000000410561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.255de522c81387282021-12-21 10:42:34.443root 11241100x8000000000000000410562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.318b3e986ff5d95e2021-12-21 10:42:34.443root 11241100x8000000000000000410563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177ad946596aa1942021-12-21 10:42:34.443root 11241100x8000000000000000410564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc3fabc05c170f92021-12-21 10:42:34.444root 11241100x8000000000000000410565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68d6e4a7308df69f2021-12-21 10:42:34.444root 11241100x8000000000000000410566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a460e451dd6768092021-12-21 10:42:34.444root 11241100x8000000000000000410567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6696262c4d48e5342021-12-21 10:42:34.444root 11241100x8000000000000000410568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.480f4511eeb066dd2021-12-21 10:42:34.444root 11241100x8000000000000000410569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f07992ea243d2a92021-12-21 10:42:34.444root 11241100x8000000000000000410570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90aedef1895240b42021-12-21 10:42:34.444root 11241100x8000000000000000410571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43d6c8146b2350772021-12-21 10:42:34.943root 11241100x8000000000000000410572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bfe2147bf208bbb2021-12-21 10:42:34.943root 11241100x8000000000000000410573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18169af3348324f22021-12-21 10:42:34.943root 11241100x8000000000000000410574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3442c00158d7a7c2021-12-21 10:42:34.943root 11241100x8000000000000000410575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97a52d10100ef1fc2021-12-21 10:42:34.943root 11241100x8000000000000000410576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bdf1f338a9af78e2021-12-21 10:42:34.943root 11241100x8000000000000000410577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b121645850d011df2021-12-21 10:42:34.943root 11241100x8000000000000000410578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18a4c59a4d7363a2021-12-21 10:42:34.944root 11241100x8000000000000000410579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d6e3559427fef12021-12-21 10:42:34.944root 11241100x8000000000000000410580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.373694cfc9bbe3f82021-12-21 10:42:34.944root 11241100x8000000000000000410581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93641b3ac1b2e8132021-12-21 10:42:34.944root 11241100x8000000000000000410582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88bb6ce65bf569312021-12-21 10:42:34.944root 11241100x8000000000000000410583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e8b92790e908bf2021-12-21 10:42:34.944root 11241100x8000000000000000410584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b860a6351e755eaf2021-12-21 10:42:34.944root 11241100x8000000000000000410585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2435c04e451951492021-12-21 10:42:35.443root 11241100x8000000000000000410586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b61d77756606e1542021-12-21 10:42:35.443root 11241100x8000000000000000410587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ab9a31fb59468e2021-12-21 10:42:35.443root 11241100x8000000000000000410588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d59625ec185be82021-12-21 10:42:35.443root 11241100x8000000000000000410589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82a30e58d7467de92021-12-21 10:42:35.443root 11241100x8000000000000000410590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d26668a54323e80e2021-12-21 10:42:35.443root 11241100x8000000000000000410591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5f84ffc3f42fc602021-12-21 10:42:35.443root 11241100x8000000000000000410592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da4db9b94379ccf52021-12-21 10:42:35.444root 11241100x8000000000000000410593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165eaf2383d366992021-12-21 10:42:35.444root 11241100x8000000000000000410594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03397fd18f2c7722021-12-21 10:42:35.444root 11241100x8000000000000000410595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1279f61e423d33852021-12-21 10:42:35.444root 11241100x8000000000000000410596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ccbc2a413c294662021-12-21 10:42:35.444root 11241100x8000000000000000410597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de7ad218da05bf6c2021-12-21 10:42:35.444root 11241100x8000000000000000410598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f0978de8b555a1e2021-12-21 10:42:35.444root 11241100x8000000000000000410599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18899082718493872021-12-21 10:42:35.943root 11241100x8000000000000000410600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0388ad8cc082bc572021-12-21 10:42:35.943root 11241100x8000000000000000410601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07f60dbd515fa9b2021-12-21 10:42:35.943root 11241100x8000000000000000410602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df1f660faf833d302021-12-21 10:42:35.943root 11241100x8000000000000000410603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.837c5566d92313c92021-12-21 10:42:35.944root 11241100x8000000000000000410604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7414aece94040d2021-12-21 10:42:35.944root 11241100x8000000000000000410605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b8d9057f978c162021-12-21 10:42:35.944root 11241100x8000000000000000410606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d19d03db85728212021-12-21 10:42:35.944root 11241100x8000000000000000410607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cda5864389a0d9912021-12-21 10:42:35.944root 11241100x8000000000000000410608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8609d59561a2f802021-12-21 10:42:35.944root 11241100x8000000000000000410609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b26e89abdef84b292021-12-21 10:42:35.944root 11241100x8000000000000000410610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12124a7d774934202021-12-21 10:42:35.944root 11241100x8000000000000000410611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5ce07e8586045b42021-12-21 10:42:35.944root 11241100x8000000000000000410612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e9c628a5c837e7f2021-12-21 10:42:35.944root 11241100x8000000000000000410613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:36.344{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 10:42:36.344root 11241100x8000000000000000410614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:36.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.122142034dc002bf2021-12-21 10:42:36.345root 11241100x8000000000000000410615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:36.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6907839be1c6dc402021-12-21 10:42:36.345root 11241100x8000000000000000410616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:36.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f728d1e57c35a92021-12-21 10:42:36.345root 11241100x8000000000000000410617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:36.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581bff3710d0c10a2021-12-21 10:42:36.345root 11241100x8000000000000000410618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:36.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2772ddca3104c992021-12-21 10:42:36.345root 11241100x8000000000000000410619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:36.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58189693b16537e62021-12-21 10:42:36.345root 11241100x8000000000000000410620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:36.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d94eb67f0eccbe2021-12-21 10:42:36.345root 11241100x8000000000000000410621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:36.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2c6783f50afec1c2021-12-21 10:42:36.346root 11241100x8000000000000000410622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:36.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be6272361f4b8b6e2021-12-21 10:42:36.346root 11241100x8000000000000000410623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:36.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.996470de4c3339f32021-12-21 10:42:36.346root 11241100x8000000000000000410624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:36.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8937c32d5fc143fe2021-12-21 10:42:36.346root 11241100x8000000000000000410625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:36.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267f4fd374fa87eb2021-12-21 10:42:36.346root 11241100x8000000000000000410626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:36.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02c7aae7fc773baf2021-12-21 10:42:36.346root 11241100x8000000000000000410627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:36.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1d88f3b94aa4d512021-12-21 10:42:36.346root 11241100x8000000000000000410628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:36.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e88c40ba0cc881a2021-12-21 10:42:36.346root 11241100x8000000000000000410629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37d617211a2669132021-12-21 10:42:36.693root 11241100x8000000000000000410630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f72eea835331a62021-12-21 10:42:36.693root 11241100x8000000000000000410631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ac40659a1ac33b2021-12-21 10:42:36.693root 11241100x8000000000000000410632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c7c403d80f1a6582021-12-21 10:42:36.693root 11241100x8000000000000000410633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42be62a80ff5ea582021-12-21 10:42:36.693root 11241100x8000000000000000410634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8657bc54c6669d332021-12-21 10:42:36.694root 11241100x8000000000000000410635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c498caed0f3f08f52021-12-21 10:42:36.694root 11241100x8000000000000000410636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc1cb481a0afde872021-12-21 10:42:36.694root 11241100x8000000000000000410637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c0fa415c84f66b32021-12-21 10:42:36.694root 11241100x8000000000000000410638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3211469e256e5f72021-12-21 10:42:36.694root 11241100x8000000000000000410639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a18847ed526899c2021-12-21 10:42:36.694root 11241100x8000000000000000410640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7521e673882c43b2021-12-21 10:42:36.694root 11241100x8000000000000000410641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be73a2a0115c8b9f2021-12-21 10:42:36.694root 11241100x8000000000000000410642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.822d43c5a2429ed62021-12-21 10:42:36.694root 11241100x8000000000000000410643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56852190ccf9fc032021-12-21 10:42:36.694root 11241100x8000000000000000410644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b862331920cdd2012021-12-21 10:42:37.193root 11241100x8000000000000000410645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ed591e230a2b3162021-12-21 10:42:37.193root 11241100x8000000000000000410646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.723966ea36c1c86f2021-12-21 10:42:37.193root 11241100x8000000000000000410647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b3077a883fa4402021-12-21 10:42:37.193root 11241100x8000000000000000410648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63148360474fea3a2021-12-21 10:42:37.193root 11241100x8000000000000000410649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c526c547af8f9c7c2021-12-21 10:42:37.193root 11241100x8000000000000000410650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a27172ccd9861d2021-12-21 10:42:37.193root 11241100x8000000000000000410651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a982dc097c920c2021-12-21 10:42:37.194root 11241100x8000000000000000410652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8282b4d8f9bbb2492021-12-21 10:42:37.194root 11241100x8000000000000000410653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677faed019c3a9592021-12-21 10:42:37.194root 11241100x8000000000000000410654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81bc6fde8e615bca2021-12-21 10:42:37.194root 11241100x8000000000000000410655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d72490e04d0ab5812021-12-21 10:42:37.194root 11241100x8000000000000000410656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59394d5b0f2642902021-12-21 10:42:37.194root 11241100x8000000000000000410657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f7cb3c77fd022752021-12-21 10:42:37.194root 11241100x8000000000000000410658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e179fc864af5a72021-12-21 10:42:37.194root 11241100x8000000000000000410659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec38edf1104ab992021-12-21 10:42:37.693root 11241100x8000000000000000410660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b12c9ec1aee5c5212021-12-21 10:42:37.693root 11241100x8000000000000000410661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d167e333bda5f80f2021-12-21 10:42:37.693root 11241100x8000000000000000410662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aaecd3546370fe92021-12-21 10:42:37.693root 11241100x8000000000000000410663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4072aec1306500d2021-12-21 10:42:37.693root 11241100x8000000000000000410664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d83bc45336fa305a2021-12-21 10:42:37.693root 11241100x8000000000000000410665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1109ddfd156c89982021-12-21 10:42:37.693root 11241100x8000000000000000410666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d70194023c1cdb2021-12-21 10:42:37.694root 11241100x8000000000000000410667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d17fe4e85ba3c342021-12-21 10:42:37.694root 11241100x8000000000000000410668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14b6fd98f425fd992021-12-21 10:42:37.694root 11241100x8000000000000000410669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f33ef5adcea29acf2021-12-21 10:42:37.694root 11241100x8000000000000000410670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d841bdfc900dfbd12021-12-21 10:42:37.694root 11241100x8000000000000000410671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e6ea5314d38aaa2021-12-21 10:42:37.694root 11241100x8000000000000000410672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc32d67647e90ddd2021-12-21 10:42:37.694root 11241100x8000000000000000410673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5887c55217cc5762021-12-21 10:42:37.694root 11241100x8000000000000000410674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde971f1ea6a86332021-12-21 10:42:38.193root 11241100x8000000000000000410675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b091bb6fe8d365fe2021-12-21 10:42:38.193root 11241100x8000000000000000410676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7160bf88fd726552021-12-21 10:42:38.193root 11241100x8000000000000000410677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed1cf63988e984ce2021-12-21 10:42:38.193root 11241100x8000000000000000410678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d62dd0217542911e2021-12-21 10:42:38.193root 11241100x8000000000000000410679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cacf0414554a8962021-12-21 10:42:38.193root 11241100x8000000000000000410680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3fd6994a7d6a6402021-12-21 10:42:38.194root 11241100x8000000000000000410681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a1608cf09c626c2021-12-21 10:42:38.194root 11241100x8000000000000000410682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b01df7f92b3327b2021-12-21 10:42:38.194root 11241100x8000000000000000410683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b1a316202bae672021-12-21 10:42:38.194root 11241100x8000000000000000410684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600a96d9459f23a22021-12-21 10:42:38.194root 11241100x8000000000000000410685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1876a67c27486fb2021-12-21 10:42:38.194root 11241100x8000000000000000410686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ecd39a6a28d0572021-12-21 10:42:38.194root 11241100x8000000000000000410687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f89bfed861068352021-12-21 10:42:38.194root 11241100x8000000000000000410688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebb7b8a0395763b62021-12-21 10:42:38.194root 11241100x8000000000000000410689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c3e64a5ab428e2c2021-12-21 10:42:38.693root 11241100x8000000000000000410690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5d3d3c09a62d4d2021-12-21 10:42:38.693root 11241100x8000000000000000410691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d2f2778fdee09fe2021-12-21 10:42:38.693root 11241100x8000000000000000410692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa3bdaf37d9423a42021-12-21 10:42:38.693root 11241100x8000000000000000410693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b77bb85b1c12bf5d2021-12-21 10:42:38.693root 11241100x8000000000000000410694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c280c67126ddbbc2021-12-21 10:42:38.693root 11241100x8000000000000000410695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.894e1e7bc9f498e22021-12-21 10:42:38.694root 11241100x8000000000000000410696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19efc73a8ba7ff022021-12-21 10:42:38.694root 11241100x8000000000000000410697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d2450b538f671a02021-12-21 10:42:38.694root 11241100x8000000000000000410698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6332c8280ee9cc2021-12-21 10:42:38.694root 11241100x8000000000000000410699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14301e975fe12b902021-12-21 10:42:38.694root 11241100x8000000000000000410700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.199f75dbd6861ded2021-12-21 10:42:38.694root 11241100x8000000000000000410701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01bb85e91e6cd4872021-12-21 10:42:38.694root 11241100x8000000000000000410702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f65dda4b9d796e2021-12-21 10:42:38.694root 11241100x8000000000000000410703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d85551ffdf92e6322021-12-21 10:42:38.694root 11241100x8000000000000000410704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a131784ad2e2e152021-12-21 10:42:39.193root 11241100x8000000000000000410705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa43ae75ffd5a8d2021-12-21 10:42:39.193root 11241100x8000000000000000410706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d8e624e3227b2332021-12-21 10:42:39.193root 11241100x8000000000000000410707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7554190237f7ad032021-12-21 10:42:39.193root 11241100x8000000000000000410708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe5a6798ce941ae22021-12-21 10:42:39.194root 11241100x8000000000000000410709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d10709028822be32021-12-21 10:42:39.194root 11241100x8000000000000000410710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8317779a4c004872021-12-21 10:42:39.194root 11241100x8000000000000000410711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ea2842447f33cc02021-12-21 10:42:39.194root 11241100x8000000000000000410712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e307e6419d1000b2021-12-21 10:42:39.194root 11241100x8000000000000000410713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c00b5644245a342021-12-21 10:42:39.194root 11241100x8000000000000000410714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a08e01c376b0e92021-12-21 10:42:39.194root 11241100x8000000000000000410715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed2301ab92b0b802021-12-21 10:42:39.194root 11241100x8000000000000000410716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab29f7c3ae76cb832021-12-21 10:42:39.194root 11241100x8000000000000000410717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.633f39372d69f5ea2021-12-21 10:42:39.194root 11241100x8000000000000000410718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:39.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889fc39563f1e0862021-12-21 10:42:39.195root 23542300x8000000000000000410719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:39.345{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000410720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1827e3fc2682c5d92021-12-21 10:42:39.693root 11241100x8000000000000000410721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a19b24176efb6f92021-12-21 10:42:39.693root 11241100x8000000000000000410722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ad95787f5973c52021-12-21 10:42:39.693root 11241100x8000000000000000410723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463a90f95b5dfe0e2021-12-21 10:42:39.693root 11241100x8000000000000000410724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a3f76b3d56fd122021-12-21 10:42:39.693root 11241100x8000000000000000410725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09e0b5901fc2ff2a2021-12-21 10:42:39.693root 11241100x8000000000000000410726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b37df8cc4fc89ad32021-12-21 10:42:39.694root 11241100x8000000000000000410727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f397e6b92f71335f2021-12-21 10:42:39.694root 11241100x8000000000000000410728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.734ef51524e4e5e42021-12-21 10:42:39.694root 11241100x8000000000000000410729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1be4106dbd7cbfcd2021-12-21 10:42:39.694root 11241100x8000000000000000410730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee6e1093d8db5692021-12-21 10:42:39.694root 11241100x8000000000000000410731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d14e63558ee20672021-12-21 10:42:39.694root 11241100x8000000000000000410732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2409cf0b2140692021-12-21 10:42:39.694root 11241100x8000000000000000410733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5285f17552bb75c2021-12-21 10:42:39.695root 11241100x8000000000000000410734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a8d1ba2b8cb46292021-12-21 10:42:39.695root 11241100x8000000000000000410735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2793e1a1cf412022021-12-21 10:42:39.695root 354300x8000000000000000410736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:40.029{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47490-false10.0.1.12-8000- 11241100x8000000000000000410737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:40.030{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dddb801d3633295e2021-12-21 10:42:40.030root 11241100x8000000000000000410738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:40.031{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc0f7ed20b9a395b2021-12-21 10:42:40.031root 11241100x8000000000000000410739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:40.031{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a546d422496733bf2021-12-21 10:42:40.031root 11241100x8000000000000000410740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:40.031{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.712d5894fb29e6b02021-12-21 10:42:40.031root 11241100x8000000000000000410741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:40.031{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b29a62a46c96f1e2021-12-21 10:42:40.031root 11241100x8000000000000000410742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:40.031{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f225da1c915eaa2021-12-21 10:42:40.031root 11241100x8000000000000000410743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:40.031{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d54fbe3009fa234c2021-12-21 10:42:40.031root 11241100x8000000000000000410744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:40.032{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6280496ff0866662021-12-21 10:42:40.032root 11241100x8000000000000000410745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:40.032{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a5c5f30a55d77892021-12-21 10:42:40.032root 11241100x8000000000000000410746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:40.032{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d40bdb20c2936692021-12-21 10:42:40.032root 11241100x8000000000000000410747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:40.032{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05af4b4db5da86322021-12-21 10:42:40.032root 11241100x8000000000000000410748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:40.032{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d407a035ec0b7e22021-12-21 10:42:40.032root 11241100x8000000000000000410749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:40.032{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d642f11bcfe754a2021-12-21 10:42:40.032root 11241100x8000000000000000410750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:40.032{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad26626417a0da62021-12-21 10:42:40.032root 11241100x8000000000000000410751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:40.032{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f902da08c8d5372021-12-21 10:42:40.032root 11241100x8000000000000000410752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:40.033{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c019a538a0ebb0662021-12-21 10:42:40.033root 11241100x8000000000000000410753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:40.033{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c154b7a36d9a424f2021-12-21 10:42:40.033root 11241100x8000000000000000410754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af5be4a2e83bf6b2021-12-21 10:42:40.443root 11241100x8000000000000000410755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d0beda69fdac662021-12-21 10:42:40.443root 11241100x8000000000000000410756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e2e6cd26cfcafa2021-12-21 10:42:40.443root 11241100x8000000000000000410757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.465cb2ee73c4111b2021-12-21 10:42:40.444root 11241100x8000000000000000410758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c168c572f63b62e62021-12-21 10:42:40.444root 11241100x8000000000000000410759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20594b85f0b4f8672021-12-21 10:42:40.444root 11241100x8000000000000000410760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f42a2b2bc34f0d2021-12-21 10:42:40.444root 11241100x8000000000000000410761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a43f31839ff86862021-12-21 10:42:40.444root 11241100x8000000000000000410762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42706de21fca7e4d2021-12-21 10:42:40.444root 11241100x8000000000000000410763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af8648ce63b42ad2021-12-21 10:42:40.444root 11241100x8000000000000000410764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0c4f723cc81cb062021-12-21 10:42:40.444root 11241100x8000000000000000410765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ab477b53a81a1b2021-12-21 10:42:40.444root 11241100x8000000000000000410766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2327dd78ece1f5242021-12-21 10:42:40.444root 11241100x8000000000000000410767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1459e0a915af6022021-12-21 10:42:40.444root 11241100x8000000000000000410768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be10a93866d41e92021-12-21 10:42:40.444root 11241100x8000000000000000410769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c32edc2004609f2021-12-21 10:42:40.444root 11241100x8000000000000000410770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.914c09a9219c9fd42021-12-21 10:42:40.444root 11241100x8000000000000000410771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48bc453e8a36d6952021-12-21 10:42:40.943root 11241100x8000000000000000410772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05943cd5a53846492021-12-21 10:42:40.943root 11241100x8000000000000000410773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65e2cec0b6c90f9b2021-12-21 10:42:40.943root 11241100x8000000000000000410774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e0977ed721c192b2021-12-21 10:42:40.943root 11241100x8000000000000000410775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e4f92efda10d7202021-12-21 10:42:40.944root 11241100x8000000000000000410776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27fd3211b827704e2021-12-21 10:42:40.944root 11241100x8000000000000000410777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.856473a6b50c8e6d2021-12-21 10:42:40.944root 11241100x8000000000000000410778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8f7d9b241de5ede2021-12-21 10:42:40.944root 11241100x8000000000000000410779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72555607086777872021-12-21 10:42:40.944root 11241100x8000000000000000410780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc27a35ce1c4dcb2021-12-21 10:42:40.944root 11241100x8000000000000000410781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13e1f6214d15bc002021-12-21 10:42:40.944root 11241100x8000000000000000410782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.930e11c324aad0a52021-12-21 10:42:40.944root 11241100x8000000000000000410783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.239f02feca6d69172021-12-21 10:42:40.944root 11241100x8000000000000000410784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1079999ecaba9992021-12-21 10:42:40.944root 11241100x8000000000000000410785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595868bed68fbef42021-12-21 10:42:40.944root 11241100x8000000000000000410786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e8637113771b642021-12-21 10:42:40.944root 11241100x8000000000000000410787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b4d5ffb61c09e682021-12-21 10:42:40.944root 11241100x8000000000000000410788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e186fce8a23d0bf2021-12-21 10:42:41.443root 11241100x8000000000000000410789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3be540b59b773252021-12-21 10:42:41.443root 11241100x8000000000000000410790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5c463e21b73c702021-12-21 10:42:41.443root 11241100x8000000000000000410791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bfd5e252ed0dcc52021-12-21 10:42:41.444root 11241100x8000000000000000410792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eec5931df3588392021-12-21 10:42:41.444root 11241100x8000000000000000410793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f37f589e43619e52021-12-21 10:42:41.444root 11241100x8000000000000000410794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0534c7679ba74722021-12-21 10:42:41.444root 11241100x8000000000000000410795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f8569861319360e2021-12-21 10:42:41.444root 11241100x8000000000000000410796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9300eaf955f02dba2021-12-21 10:42:41.444root 11241100x8000000000000000410797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c3fd7cdfd76dcde2021-12-21 10:42:41.444root 11241100x8000000000000000410798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b51f9ff91d574d42021-12-21 10:42:41.444root 11241100x8000000000000000410799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4de3c725e28be25c2021-12-21 10:42:41.444root 11241100x8000000000000000410800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f3a92ca2e6b4832021-12-21 10:42:41.444root 11241100x8000000000000000410801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd76bb05936bb2b2021-12-21 10:42:41.444root 11241100x8000000000000000410802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88a0efe7d86e95a2021-12-21 10:42:41.444root 11241100x8000000000000000410803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1020a60f74c650e32021-12-21 10:42:41.444root 11241100x8000000000000000410804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbbfe87d5042e7752021-12-21 10:42:41.444root 11241100x8000000000000000410805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ce62ba4549317e2021-12-21 10:42:41.943root 11241100x8000000000000000410806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c671d6f045c83dd2021-12-21 10:42:41.943root 11241100x8000000000000000410807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c085221415e74bb32021-12-21 10:42:41.943root 11241100x8000000000000000410808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eba9852bc2aea682021-12-21 10:42:41.943root 11241100x8000000000000000410809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b285ee8ef28c2432021-12-21 10:42:41.944root 11241100x8000000000000000410810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef15dbd4abf9cc2c2021-12-21 10:42:41.944root 11241100x8000000000000000410811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44d6b4984ae244022021-12-21 10:42:41.944root 11241100x8000000000000000410812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ee01a6164404db02021-12-21 10:42:41.944root 11241100x8000000000000000410813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f596fd326e09055f2021-12-21 10:42:41.944root 11241100x8000000000000000410814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b14ec39dcafa24e02021-12-21 10:42:41.944root 11241100x8000000000000000410815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0f3cd5e9bd56312021-12-21 10:42:41.944root 11241100x8000000000000000410816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.226f654cb310876a2021-12-21 10:42:41.944root 11241100x8000000000000000410817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa0d4952ae480a062021-12-21 10:42:41.944root 11241100x8000000000000000410818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713d77dc19871a782021-12-21 10:42:41.944root 11241100x8000000000000000410819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd9f8d89a2eccbbb2021-12-21 10:42:41.944root 11241100x8000000000000000410820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6912c4ca2098d6e72021-12-21 10:42:41.944root 11241100x8000000000000000410821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.086486b965f962542021-12-21 10:42:41.944root 11241100x8000000000000000410822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a22bbeca3f898f02021-12-21 10:42:42.443root 11241100x8000000000000000410823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ea92c6ef198d7bd2021-12-21 10:42:42.443root 11241100x8000000000000000410824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1ae9ab24ec3969f2021-12-21 10:42:42.443root 11241100x8000000000000000410825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceba71c1cb3437662021-12-21 10:42:42.443root 11241100x8000000000000000410826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15077ac5e2f059cc2021-12-21 10:42:42.443root 11241100x8000000000000000410827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4523cee73de57f42021-12-21 10:42:42.443root 11241100x8000000000000000410828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb08ce1a9942545b2021-12-21 10:42:42.444root 11241100x8000000000000000410829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f15235d559b065d12021-12-21 10:42:42.444root 11241100x8000000000000000410830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69a041365b5ca8232021-12-21 10:42:42.444root 11241100x8000000000000000410831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.948c8a3e846c40a32021-12-21 10:42:42.444root 11241100x8000000000000000410832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c07146d7f0e62c72021-12-21 10:42:42.444root 11241100x8000000000000000410833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f236390ce22fba612021-12-21 10:42:42.444root 11241100x8000000000000000410834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c799443f16fb862021-12-21 10:42:42.444root 11241100x8000000000000000410835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a3382c977a778e2021-12-21 10:42:42.444root 11241100x8000000000000000410836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.054e41b149f2d33b2021-12-21 10:42:42.444root 11241100x8000000000000000410837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd690caf99b1f7fd2021-12-21 10:42:42.444root 11241100x8000000000000000410838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d8ff8a0a77b5cb2021-12-21 10:42:42.444root 11241100x8000000000000000410839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb8f4f2905a1ad962021-12-21 10:42:42.943root 11241100x8000000000000000410840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83fa527677bb7dbf2021-12-21 10:42:42.943root 11241100x8000000000000000410841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e8ce00542aef1c62021-12-21 10:42:42.944root 11241100x8000000000000000410842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34798e2ca0daecdb2021-12-21 10:42:42.944root 11241100x8000000000000000410843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11eeb0cbcafe11f12021-12-21 10:42:42.944root 11241100x8000000000000000410844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c378d85a001de72021-12-21 10:42:42.944root 11241100x8000000000000000410845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87704e0a5476597a2021-12-21 10:42:42.944root 11241100x8000000000000000410846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d621e7d4f251172021-12-21 10:42:42.944root 11241100x8000000000000000410847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2295f8aab61c2a32021-12-21 10:42:42.944root 11241100x8000000000000000410848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f9d70ece29b95c42021-12-21 10:42:42.944root 11241100x8000000000000000410849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.312e58429d0b98b92021-12-21 10:42:42.944root 11241100x8000000000000000410850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.885ee4317a6b41fe2021-12-21 10:42:42.944root 11241100x8000000000000000410851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08cc5cc71e6ac9102021-12-21 10:42:42.944root 11241100x8000000000000000410852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eadf2af2f525bbd2021-12-21 10:42:42.944root 11241100x8000000000000000410853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2c9455b5307681b2021-12-21 10:42:42.945root 11241100x8000000000000000410854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6023d71633954e72021-12-21 10:42:42.945root 11241100x8000000000000000410855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d579e13c405209cf2021-12-21 10:42:42.945root 11241100x8000000000000000410856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7859a7e5f306332021-12-21 10:42:43.443root 11241100x8000000000000000410857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04a387fdfbd0ee612021-12-21 10:42:43.443root 11241100x8000000000000000410858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92297af6070b8e392021-12-21 10:42:43.443root 11241100x8000000000000000410859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d948552a58c8282021-12-21 10:42:43.443root 11241100x8000000000000000410860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3633d8b859a5d4c2021-12-21 10:42:43.443root 11241100x8000000000000000410861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae347baacef4c9812021-12-21 10:42:43.443root 11241100x8000000000000000410862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.099f97af4db121d22021-12-21 10:42:43.444root 11241100x8000000000000000410863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1abfa84d2714c262021-12-21 10:42:43.444root 11241100x8000000000000000410864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c72e21c80dcc8662021-12-21 10:42:43.444root 11241100x8000000000000000410865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aa74f9b37d5500d2021-12-21 10:42:43.444root 11241100x8000000000000000410866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31bb3e23aad86cf52021-12-21 10:42:43.444root 11241100x8000000000000000410867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1111ef53d6a925bf2021-12-21 10:42:43.444root 11241100x8000000000000000410868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ebdb24e439199882021-12-21 10:42:43.444root 11241100x8000000000000000410869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.673750ff7ba173962021-12-21 10:42:43.444root 11241100x8000000000000000410870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a2ae622f134dcf52021-12-21 10:42:43.444root 11241100x8000000000000000410871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7591e85dcb8f07552021-12-21 10:42:43.444root 11241100x8000000000000000410872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e673173e659cc4642021-12-21 10:42:43.444root 11241100x8000000000000000410873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd520e31a88780a2021-12-21 10:42:43.943root 11241100x8000000000000000410874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b3960e483d5f5912021-12-21 10:42:43.943root 11241100x8000000000000000410875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a975170274b713b2021-12-21 10:42:43.943root 11241100x8000000000000000410876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a36a1ad31c839682021-12-21 10:42:43.943root 11241100x8000000000000000410877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10fb85484ae0f142021-12-21 10:42:43.943root 11241100x8000000000000000410878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.896a87f203eb3dfa2021-12-21 10:42:43.943root 11241100x8000000000000000410879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58393c80c88354a2021-12-21 10:42:43.944root 11241100x8000000000000000410880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5c722e13fa116d72021-12-21 10:42:43.944root 11241100x8000000000000000410881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7ef08b0ab3428402021-12-21 10:42:43.944root 11241100x8000000000000000410882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f69ee133b7068f42021-12-21 10:42:43.944root 11241100x8000000000000000410883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2a4ff0549977292021-12-21 10:42:43.944root 11241100x8000000000000000410884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b62d12b68b34dee62021-12-21 10:42:43.944root 11241100x8000000000000000410885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.079e0662c6cb1a9c2021-12-21 10:42:43.944root 11241100x8000000000000000410886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57591061fa811cf12021-12-21 10:42:43.944root 11241100x8000000000000000410887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67322a01f6e0bbfc2021-12-21 10:42:43.944root 11241100x8000000000000000410888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05691a64a75740e62021-12-21 10:42:43.944root 11241100x8000000000000000410889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b643bbf2e8af15f62021-12-21 10:42:43.944root 11241100x8000000000000000410890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d964fe7e7d98be542021-12-21 10:42:44.443root 11241100x8000000000000000410891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16334bea13ad62062021-12-21 10:42:44.443root 11241100x8000000000000000410892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5afb8d9f67252c02021-12-21 10:42:44.443root 11241100x8000000000000000410893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef66f5635d12b3b82021-12-21 10:42:44.443root 11241100x8000000000000000410894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.813c6e4d85a746082021-12-21 10:42:44.443root 11241100x8000000000000000410895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f87758389f19a932021-12-21 10:42:44.443root 11241100x8000000000000000410896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b10a8ca328b024422021-12-21 10:42:44.444root 11241100x8000000000000000410897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209a12ca3d6b05f52021-12-21 10:42:44.444root 11241100x8000000000000000410898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d51921bfc34078e2021-12-21 10:42:44.444root 11241100x8000000000000000410899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d49069f1f3555a0c2021-12-21 10:42:44.444root 11241100x8000000000000000410900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c7d5d5156092022021-12-21 10:42:44.444root 11241100x8000000000000000410901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a25c3923b62ca6b2021-12-21 10:42:44.444root 11241100x8000000000000000410902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b25d96c0be8fd49a2021-12-21 10:42:44.444root 11241100x8000000000000000410903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80e9d698c67d18b22021-12-21 10:42:44.444root 11241100x8000000000000000410904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb0437539c8844ac2021-12-21 10:42:44.444root 11241100x8000000000000000410905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75849979f8c8fae92021-12-21 10:42:44.444root 11241100x8000000000000000410906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5043cff143e6bb272021-12-21 10:42:44.444root 11241100x8000000000000000410907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a16c3c4a6797512021-12-21 10:42:44.943root 11241100x8000000000000000410908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe073c7b5a7f609e2021-12-21 10:42:44.943root 11241100x8000000000000000410909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7873dd9a386a232021-12-21 10:42:44.943root 11241100x8000000000000000410910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3b01908acd8def12021-12-21 10:42:44.943root 11241100x8000000000000000410911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f967455512c82fd2021-12-21 10:42:44.943root 11241100x8000000000000000410912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17d415b298ba4822021-12-21 10:42:44.943root 11241100x8000000000000000410913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.805a69ffbc7ea2772021-12-21 10:42:44.944root 11241100x8000000000000000410914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7120eb4e02611bd2021-12-21 10:42:44.944root 11241100x8000000000000000410915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c17b75ece8125a2021-12-21 10:42:44.944root 11241100x8000000000000000410916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c8afb79e1840b7c2021-12-21 10:42:44.944root 11241100x8000000000000000410917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae5d7828e154d4aa2021-12-21 10:42:44.944root 11241100x8000000000000000410918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf785ec43d994542021-12-21 10:42:44.944root 11241100x8000000000000000410919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d68d34e27bb607dc2021-12-21 10:42:44.944root 11241100x8000000000000000410920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe2138305cb0a6032021-12-21 10:42:44.944root 11241100x8000000000000000410921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba5e0ab8c19844b02021-12-21 10:42:44.944root 11241100x8000000000000000410922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf1e8ccc39458a72021-12-21 10:42:44.944root 11241100x8000000000000000410923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ab43091f0e7e872021-12-21 10:42:44.944root 354300x8000000000000000410924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:45.161{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47492-false10.0.1.12-8000- 11241100x8000000000000000410925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ebde1edc644c41c2021-12-21 10:42:45.443root 11241100x8000000000000000410926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.145bdc6d746192d72021-12-21 10:42:45.443root 11241100x8000000000000000410927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1e79bb7d4def0e2021-12-21 10:42:45.444root 11241100x8000000000000000410928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e55087c6e72410cf2021-12-21 10:42:45.444root 11241100x8000000000000000410929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.745187f80296f3762021-12-21 10:42:45.444root 11241100x8000000000000000410930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e4b33b6b95824532021-12-21 10:42:45.444root 11241100x8000000000000000410931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e3c0e88c878ddd2021-12-21 10:42:45.444root 11241100x8000000000000000410932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0e60a95aa691892021-12-21 10:42:45.444root 11241100x8000000000000000410933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb989c5b85d017bb2021-12-21 10:42:45.444root 11241100x8000000000000000410934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf68d3850b664d032021-12-21 10:42:45.444root 11241100x8000000000000000410935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daf540b18a004be62021-12-21 10:42:45.444root 11241100x8000000000000000410936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff937e2c910249792021-12-21 10:42:45.444root 11241100x8000000000000000410937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b5b9f39550aec7d2021-12-21 10:42:45.444root 11241100x8000000000000000410938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6c0723259392db2021-12-21 10:42:45.445root 11241100x8000000000000000410939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4762d1064e17fcdf2021-12-21 10:42:45.445root 11241100x8000000000000000410940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0a3f3d7125ea0422021-12-21 10:42:45.445root 11241100x8000000000000000410941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d2c630b43855bd2021-12-21 10:42:45.445root 11241100x8000000000000000410942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80e00648174e65812021-12-21 10:42:45.445root 11241100x8000000000000000410943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77b4690995d1a35a2021-12-21 10:42:45.943root 11241100x8000000000000000410944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.038e1c4583a248fa2021-12-21 10:42:45.943root 11241100x8000000000000000410945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b30ba15144c3cdb42021-12-21 10:42:45.943root 11241100x8000000000000000410946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.142c8a27eccb491c2021-12-21 10:42:45.943root 11241100x8000000000000000410947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee0d882b0d8a6552021-12-21 10:42:45.943root 11241100x8000000000000000410948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.893e00eb2e372f412021-12-21 10:42:45.944root 11241100x8000000000000000410949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.979f11baac3f4c572021-12-21 10:42:45.944root 11241100x8000000000000000410950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ca50c3d225393a2021-12-21 10:42:45.944root 11241100x8000000000000000410951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4821ed8169b283b42021-12-21 10:42:45.944root 11241100x8000000000000000410952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d61762c82a56465f2021-12-21 10:42:45.944root 11241100x8000000000000000410953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24c8cb96db3e8d82021-12-21 10:42:45.944root 11241100x8000000000000000410954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a24792e1ca92d3b02021-12-21 10:42:45.944root 11241100x8000000000000000410955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331c4e2f0fdb371a2021-12-21 10:42:45.944root 11241100x8000000000000000410956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a912065218aaaaf32021-12-21 10:42:45.944root 11241100x8000000000000000410957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398c42cd274922a12021-12-21 10:42:45.944root 11241100x8000000000000000410958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.330267d4a07e95972021-12-21 10:42:45.944root 11241100x8000000000000000410959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b974902ab2aa65aa2021-12-21 10:42:45.944root 11241100x8000000000000000410960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7d67b6ed8a55ed2021-12-21 10:42:45.944root 11241100x8000000000000000410961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aed66870bdcb11d2021-12-21 10:42:46.443root 11241100x8000000000000000410962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfe59e23c0336f5b2021-12-21 10:42:46.443root 11241100x8000000000000000410963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a53dd5c9091484ed2021-12-21 10:42:46.443root 11241100x8000000000000000410964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d05b8104bb00d89d2021-12-21 10:42:46.444root 11241100x8000000000000000410965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1815160935d99efc2021-12-21 10:42:46.444root 11241100x8000000000000000410966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8530a6657ed1d9722021-12-21 10:42:46.444root 11241100x8000000000000000410967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f32cdba1d0132542021-12-21 10:42:46.444root 11241100x8000000000000000410968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0621525f9b47de2021-12-21 10:42:46.444root 11241100x8000000000000000410969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04bef4b6411886c42021-12-21 10:42:46.444root 11241100x8000000000000000410970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49cebd38c81010ee2021-12-21 10:42:46.444root 11241100x8000000000000000410971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f542fbd1a248d4842021-12-21 10:42:46.444root 11241100x8000000000000000410972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a9466c17e7c55182021-12-21 10:42:46.444root 11241100x8000000000000000410973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.629740c63af4d9d22021-12-21 10:42:46.444root 11241100x8000000000000000410974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7790a0378d5bffec2021-12-21 10:42:46.444root 11241100x8000000000000000410975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d72927c0e6740eb2021-12-21 10:42:46.444root 11241100x8000000000000000410976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.312a62210068adb32021-12-21 10:42:46.444root 11241100x8000000000000000410977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a53d20b60383fd12021-12-21 10:42:46.444root 11241100x8000000000000000410978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a2746c81686a1252021-12-21 10:42:46.444root 11241100x8000000000000000410979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20b0715d87e6cbb82021-12-21 10:42:46.943root 11241100x8000000000000000410980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8718191c09900d02021-12-21 10:42:46.943root 11241100x8000000000000000410981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef006f039aca5012021-12-21 10:42:46.943root 11241100x8000000000000000410982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4626b8ccf9f8aa882021-12-21 10:42:46.943root 11241100x8000000000000000410983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.342f2bc526b30f0b2021-12-21 10:42:46.944root 11241100x8000000000000000410984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93dad26af884a9a22021-12-21 10:42:46.944root 11241100x8000000000000000410985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f14edc4f020946b2021-12-21 10:42:46.944root 11241100x8000000000000000410986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9cec421a554330b2021-12-21 10:42:46.944root 11241100x8000000000000000410987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0bfd01049b317e12021-12-21 10:42:46.944root 11241100x8000000000000000410988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea6cc41a545301d2021-12-21 10:42:46.944root 11241100x8000000000000000410989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a242571fbc192b2021-12-21 10:42:46.944root 11241100x8000000000000000410990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368b4b43d24946582021-12-21 10:42:46.944root 11241100x8000000000000000410991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e97d6d5f5213cf2021-12-21 10:42:46.944root 11241100x8000000000000000410992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27084c79182b42072021-12-21 10:42:46.944root 11241100x8000000000000000410993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c4193b9edb19f82021-12-21 10:42:46.944root 11241100x8000000000000000410994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a430bee726b5462021-12-21 10:42:46.944root 11241100x8000000000000000410995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b068ee5f1411edc22021-12-21 10:42:46.944root 11241100x8000000000000000410996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9f10c14ec8a5222021-12-21 10:42:46.944root 11241100x8000000000000000410997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1464b26413931ad2021-12-21 10:42:47.443root 11241100x8000000000000000410998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.137a34773e20688f2021-12-21 10:42:47.443root 11241100x8000000000000000410999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ca5f7f63ea44a62021-12-21 10:42:47.443root 11241100x8000000000000000411000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7605c0ff764f3a2021-12-21 10:42:47.443root 11241100x8000000000000000411001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9995e98bd99ae022021-12-21 10:42:47.443root 11241100x8000000000000000411002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce033ff1e55461732021-12-21 10:42:47.444root 11241100x8000000000000000411003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a0d5e3948fe2ef62021-12-21 10:42:47.444root 11241100x8000000000000000411004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0918797874a30e82021-12-21 10:42:47.444root 11241100x8000000000000000411005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0522ee96c089c802021-12-21 10:42:47.444root 11241100x8000000000000000411006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c85ff19b971a3e2021-12-21 10:42:47.444root 11241100x8000000000000000411007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.303c4db5c278133f2021-12-21 10:42:47.444root 11241100x8000000000000000411008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab5eacabc858f1f52021-12-21 10:42:47.444root 11241100x8000000000000000411009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e684515df18d0af62021-12-21 10:42:47.444root 11241100x8000000000000000411010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8d4e132f7c1fce92021-12-21 10:42:47.444root 11241100x8000000000000000411011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9c83e6d6748a7792021-12-21 10:42:47.444root 11241100x8000000000000000411012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a9d8d3130f588072021-12-21 10:42:47.444root 11241100x8000000000000000411013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c609b1b8b77aead2021-12-21 10:42:47.444root 11241100x8000000000000000411014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22732bf5de00e9f02021-12-21 10:42:47.444root 11241100x8000000000000000411015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c69644e37d8825ce2021-12-21 10:42:47.943root 11241100x8000000000000000411016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a581413017fcbaf2021-12-21 10:42:47.943root 11241100x8000000000000000411017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.896b48ffc05a4c7c2021-12-21 10:42:47.943root 11241100x8000000000000000411018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e415dc69c22347772021-12-21 10:42:47.943root 11241100x8000000000000000411019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f3b30a59e68d92a2021-12-21 10:42:47.943root 11241100x8000000000000000411020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ae5b2c8f05a9322021-12-21 10:42:47.943root 11241100x8000000000000000411021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b64a40624e582a2021-12-21 10:42:47.944root 11241100x8000000000000000411022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd32d41302f7d292021-12-21 10:42:47.944root 11241100x8000000000000000411023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aee08a156f13b2e2021-12-21 10:42:47.944root 11241100x8000000000000000411024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7f8c963517073ac2021-12-21 10:42:47.944root 11241100x8000000000000000411025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b07427ccab31c02021-12-21 10:42:47.944root 11241100x8000000000000000411026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f154e0302c778a3c2021-12-21 10:42:47.944root 11241100x8000000000000000411027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a795adacb9c6772021-12-21 10:42:47.944root 11241100x8000000000000000411028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e91d2eafb3ac8a2e2021-12-21 10:42:47.944root 11241100x8000000000000000411029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc45699f474df892021-12-21 10:42:47.944root 11241100x8000000000000000411030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75009a5007148c9b2021-12-21 10:42:47.944root 11241100x8000000000000000411031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73cdc434e766a11b2021-12-21 10:42:47.944root 11241100x8000000000000000411032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc33c97c6c3f6bf2021-12-21 10:42:47.944root 11241100x8000000000000000411033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffab4f9aadd871db2021-12-21 10:42:48.443root 11241100x8000000000000000411034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.263f7787fb3b6f952021-12-21 10:42:48.443root 11241100x8000000000000000411035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc33215c6a5b66232021-12-21 10:42:48.443root 11241100x8000000000000000411036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1bd40bd3be653022021-12-21 10:42:48.444root 11241100x8000000000000000411037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a4acb7fbbbf40d2021-12-21 10:42:48.444root 11241100x8000000000000000411038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cde88e60c4db52a2021-12-21 10:42:48.444root 11241100x8000000000000000411039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c15638e62f85ae162021-12-21 10:42:48.444root 11241100x8000000000000000411040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ef257a6fe1553d2021-12-21 10:42:48.444root 11241100x8000000000000000411041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaac4d72d42205762021-12-21 10:42:48.444root 11241100x8000000000000000411042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f619948f62b406512021-12-21 10:42:48.444root 11241100x8000000000000000411043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d51bcb3e8159be2021-12-21 10:42:48.444root 11241100x8000000000000000411044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa3db3bca190a482021-12-21 10:42:48.444root 11241100x8000000000000000411045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb398b66d866219b2021-12-21 10:42:48.444root 11241100x8000000000000000411046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.063f1d8d9918e40b2021-12-21 10:42:48.444root 11241100x8000000000000000411047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c57a1f3b37ff4f5d2021-12-21 10:42:48.444root 11241100x8000000000000000411048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9851bf947d8dc9d42021-12-21 10:42:48.444root 11241100x8000000000000000411049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19531f4aff0ff2002021-12-21 10:42:48.444root 11241100x8000000000000000411050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49069f75735368b52021-12-21 10:42:48.444root 11241100x8000000000000000411051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb102225105fe4bd2021-12-21 10:42:48.943root 11241100x8000000000000000411052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddce683adfcfed3d2021-12-21 10:42:48.943root 11241100x8000000000000000411053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9585e53f19c02cd12021-12-21 10:42:48.943root 11241100x8000000000000000411054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136f1b7aeb1c79d62021-12-21 10:42:48.943root 11241100x8000000000000000411055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8fe556305eb8fc92021-12-21 10:42:48.943root 11241100x8000000000000000411056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0fa1e1a8f4c4d612021-12-21 10:42:48.944root 11241100x8000000000000000411057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.522c8bd5abed87c72021-12-21 10:42:48.944root 11241100x8000000000000000411058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f779768a05674e02021-12-21 10:42:48.944root 11241100x8000000000000000411059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b4d19798adbb1482021-12-21 10:42:48.944root 11241100x8000000000000000411060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a832ec4289fafb052021-12-21 10:42:48.944root 11241100x8000000000000000411061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5af4c38e34d925612021-12-21 10:42:48.944root 11241100x8000000000000000411062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35ad268b664ea94e2021-12-21 10:42:48.944root 11241100x8000000000000000411063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b88a80c7b22ec91d2021-12-21 10:42:48.944root 11241100x8000000000000000411064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ffa3aee0c9d65cb2021-12-21 10:42:48.944root 11241100x8000000000000000411065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df96be9ebcce8ca2021-12-21 10:42:48.944root 11241100x8000000000000000411066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.499a462afd2bac052021-12-21 10:42:48.944root 11241100x8000000000000000411067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c740b9dd13f869902021-12-21 10:42:48.944root 11241100x8000000000000000411068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.795262892c5a355a2021-12-21 10:42:48.944root 11241100x8000000000000000411069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc1852f20bb7c3b2021-12-21 10:42:49.443root 11241100x8000000000000000411070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ff8e4aba76cdc692021-12-21 10:42:49.443root 11241100x8000000000000000411071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ceb2ae6aa0b6c4a2021-12-21 10:42:49.443root 11241100x8000000000000000411072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.862861cc7f4786e52021-12-21 10:42:49.443root 11241100x8000000000000000411073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ddc7912c0970cc22021-12-21 10:42:49.443root 11241100x8000000000000000411074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a7be7424e9a3e62021-12-21 10:42:49.444root 11241100x8000000000000000411075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b309325105de1b2021-12-21 10:42:49.444root 11241100x8000000000000000411076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.471c2be54bf981892021-12-21 10:42:49.444root 11241100x8000000000000000411077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.113da0ebb481bac42021-12-21 10:42:49.444root 11241100x8000000000000000411078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed3b3a5a1f18a2742021-12-21 10:42:49.444root 11241100x8000000000000000411079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce4e18c7a8b068d2021-12-21 10:42:49.444root 11241100x8000000000000000411080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e67f96f11509562021-12-21 10:42:49.444root 11241100x8000000000000000411081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba1679209fe083fb2021-12-21 10:42:49.444root 11241100x8000000000000000411082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.808311dc309ea9ff2021-12-21 10:42:49.444root 11241100x8000000000000000411083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2054b684d9c30cd12021-12-21 10:42:49.444root 11241100x8000000000000000411084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3573e5f367510c222021-12-21 10:42:49.444root 11241100x8000000000000000411085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01712358f76344f22021-12-21 10:42:49.444root 11241100x8000000000000000411086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a67dd58a8311832021-12-21 10:42:49.444root 11241100x8000000000000000411087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92406823cc557d3e2021-12-21 10:42:49.943root 11241100x8000000000000000411088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56749b741a0db17a2021-12-21 10:42:49.943root 11241100x8000000000000000411089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8ceeb077aeabda62021-12-21 10:42:49.943root 11241100x8000000000000000411090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46bd38626b0d69992021-12-21 10:42:49.943root 11241100x8000000000000000411091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ae7810366b5ffe2021-12-21 10:42:49.944root 11241100x8000000000000000411092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9996bd773355d5b2021-12-21 10:42:49.944root 11241100x8000000000000000411093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ef3fbe468a5be52021-12-21 10:42:49.944root 11241100x8000000000000000411094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ade4b1fffd819ee2021-12-21 10:42:49.944root 11241100x8000000000000000411095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a37831b3fef595a32021-12-21 10:42:49.944root 11241100x8000000000000000411096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.870fda2d42b957ad2021-12-21 10:42:49.944root 11241100x8000000000000000411097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82fa63075bf8e792021-12-21 10:42:49.944root 11241100x8000000000000000411098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.623c27b6fc8d43f52021-12-21 10:42:49.944root 11241100x8000000000000000411099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3187bcf2520ba642021-12-21 10:42:49.944root 11241100x8000000000000000411100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46170675058476752021-12-21 10:42:49.944root 11241100x8000000000000000411101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e543a06e5cdd8aa2021-12-21 10:42:49.944root 11241100x8000000000000000411102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.013c9097767e6a872021-12-21 10:42:49.944root 11241100x8000000000000000411103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21f60c0cbb72f0622021-12-21 10:42:49.944root 11241100x8000000000000000411104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.964d2c686668e0692021-12-21 10:42:49.945root 11241100x8000000000000000411105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d23473d2cce0a8612021-12-21 10:42:50.443root 11241100x8000000000000000411106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f3ae4ee7f9448f2021-12-21 10:42:50.443root 11241100x8000000000000000411107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32c4c19ef7e0630a2021-12-21 10:42:50.443root 11241100x8000000000000000411108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c89d22545f08752021-12-21 10:42:50.443root 11241100x8000000000000000411109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e7fbc85f42c06a2021-12-21 10:42:50.444root 11241100x8000000000000000411110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0182fe649b3638d2021-12-21 10:42:50.444root 11241100x8000000000000000411111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62c85714da988582021-12-21 10:42:50.444root 11241100x8000000000000000411112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e1674e776b36de2021-12-21 10:42:50.444root 11241100x8000000000000000411113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd8adf9824086f912021-12-21 10:42:50.444root 11241100x8000000000000000411114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5abaeddee915aa2021-12-21 10:42:50.444root 11241100x8000000000000000411115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c10337910f4dcff2021-12-21 10:42:50.444root 11241100x8000000000000000411116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a05afb25489d5ec52021-12-21 10:42:50.444root 11241100x8000000000000000411117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85aede6ccc67cc892021-12-21 10:42:50.444root 11241100x8000000000000000411118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e908673d5b8804e2021-12-21 10:42:50.444root 11241100x8000000000000000411119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.762643a95474672d2021-12-21 10:42:50.444root 11241100x8000000000000000411120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4847d96b62456612021-12-21 10:42:50.444root 11241100x8000000000000000411121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb64db898be1af32021-12-21 10:42:50.444root 11241100x8000000000000000411122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce4c41dc5fd23c7c2021-12-21 10:42:50.444root 11241100x8000000000000000411123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae60f7df27f89d6c2021-12-21 10:42:50.943root 11241100x8000000000000000411124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331328ce7477853e2021-12-21 10:42:50.943root 11241100x8000000000000000411125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.899614753cfb0cff2021-12-21 10:42:50.943root 11241100x8000000000000000411126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88235c152feaf1972021-12-21 10:42:50.943root 11241100x8000000000000000411127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d79cbefb522daa2021-12-21 10:42:50.943root 11241100x8000000000000000411128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b7e164429d36542021-12-21 10:42:50.944root 11241100x8000000000000000411129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66cf47625003973b2021-12-21 10:42:50.944root 11241100x8000000000000000411130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95e8404832e0a6f72021-12-21 10:42:50.944root 11241100x8000000000000000411131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.618d4d3fed72e2842021-12-21 10:42:50.944root 11241100x8000000000000000411132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c873589a85cee782021-12-21 10:42:50.944root 11241100x8000000000000000411133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9d39281841bdb9d2021-12-21 10:42:50.944root 11241100x8000000000000000411134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d4d486f48c9ca32021-12-21 10:42:50.944root 11241100x8000000000000000411135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a01dc71a374f8d332021-12-21 10:42:50.944root 11241100x8000000000000000411136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.243923adeeedd3f32021-12-21 10:42:50.944root 11241100x8000000000000000411137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db1d637f23f753ad2021-12-21 10:42:50.944root 11241100x8000000000000000411138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f08945e6d366fb2021-12-21 10:42:50.944root 11241100x8000000000000000411139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d80634536b557b282021-12-21 10:42:50.944root 11241100x8000000000000000411140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5935e5671d5c6592021-12-21 10:42:50.944root 354300x8000000000000000411141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:51.113{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47494-false10.0.1.12-8000- 11241100x8000000000000000411142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921da5f3b5c7a6c32021-12-21 10:42:51.443root 11241100x8000000000000000411143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc55a5daf7807d3d2021-12-21 10:42:51.444root 11241100x8000000000000000411144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a40f611652cab8932021-12-21 10:42:51.444root 11241100x8000000000000000411145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c62c42ec79ec0f52021-12-21 10:42:51.444root 11241100x8000000000000000411146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b21328f01a61a3c62021-12-21 10:42:51.444root 11241100x8000000000000000411147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41517fb6a0e032552021-12-21 10:42:51.444root 11241100x8000000000000000411148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a24122588b65a092021-12-21 10:42:51.444root 11241100x8000000000000000411149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ade6aa33b75a4f292021-12-21 10:42:51.444root 11241100x8000000000000000411150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f7c4fff0a3ea15d2021-12-21 10:42:51.445root 11241100x8000000000000000411151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51a0c6fdc57365652021-12-21 10:42:51.445root 11241100x8000000000000000411152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a0fe482c11a03872021-12-21 10:42:51.445root 11241100x8000000000000000411153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209c0cd1eafb0c1f2021-12-21 10:42:51.445root 11241100x8000000000000000411154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dfd7ac3ecf83b1f2021-12-21 10:42:51.445root 11241100x8000000000000000411155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d389f66c532ebf2021-12-21 10:42:51.445root 11241100x8000000000000000411156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f69f565da32110da2021-12-21 10:42:51.445root 11241100x8000000000000000411157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.769f16068e25513c2021-12-21 10:42:51.445root 11241100x8000000000000000411158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ff4fcae27475f82021-12-21 10:42:51.445root 11241100x8000000000000000411159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cdeecc9a21bb1072021-12-21 10:42:51.445root 11241100x8000000000000000411160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f7f679afcd9aa92021-12-21 10:42:51.446root 11241100x8000000000000000411161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1239fd2766c90d1f2021-12-21 10:42:51.943root 11241100x8000000000000000411162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d536bcc54e1e31c2021-12-21 10:42:51.943root 11241100x8000000000000000411163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b24f3ce6953825ba2021-12-21 10:42:51.943root 11241100x8000000000000000411164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19fbc8aeba29eeb82021-12-21 10:42:51.943root 11241100x8000000000000000411165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5fb37fdb851e0de2021-12-21 10:42:51.944root 11241100x8000000000000000411166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c2ec6891242eb172021-12-21 10:42:51.944root 11241100x8000000000000000411167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc71cc995bc62402021-12-21 10:42:51.944root 11241100x8000000000000000411168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb84c7a713084f92021-12-21 10:42:51.944root 11241100x8000000000000000411169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.344c5770d1273c002021-12-21 10:42:51.944root 11241100x8000000000000000411170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d831f03a8c496a52021-12-21 10:42:51.944root 11241100x8000000000000000411171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a3e2981fe2b3ab2021-12-21 10:42:51.944root 11241100x8000000000000000411172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da640cced17f6ba2021-12-21 10:42:51.944root 11241100x8000000000000000411173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81cbb924d60ad3a2021-12-21 10:42:51.944root 11241100x8000000000000000411174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36298c442082dba42021-12-21 10:42:51.944root 11241100x8000000000000000411175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ec8851d550ddd32021-12-21 10:42:51.944root 11241100x8000000000000000411176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02a9b6697dc6211d2021-12-21 10:42:51.944root 11241100x8000000000000000411177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e1b20b818d37552021-12-21 10:42:51.944root 11241100x8000000000000000411178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f6c08d9ea7d496f2021-12-21 10:42:51.944root 11241100x8000000000000000411179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc973d9c0d5d8c722021-12-21 10:42:51.945root 11241100x8000000000000000411180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d00859eabf74bd2021-12-21 10:42:52.443root 11241100x8000000000000000411181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.212fb17f1cfb8c572021-12-21 10:42:52.443root 11241100x8000000000000000411182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e020932c09a8b62021-12-21 10:42:52.443root 11241100x8000000000000000411183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d31b90afb579da52021-12-21 10:42:52.443root 11241100x8000000000000000411184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c24c24511b73f52021-12-21 10:42:52.444root 11241100x8000000000000000411185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074eee9046b962942021-12-21 10:42:52.444root 11241100x8000000000000000411186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb4b34b2548fa13e2021-12-21 10:42:52.444root 11241100x8000000000000000411187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dad633f7dd1804c2021-12-21 10:42:52.444root 11241100x8000000000000000411188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.844d819b4b52f9bf2021-12-21 10:42:52.444root 11241100x8000000000000000411189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a046d19dcb1fd32021-12-21 10:42:52.444root 11241100x8000000000000000411190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddb2dca173a38fa02021-12-21 10:42:52.444root 11241100x8000000000000000411191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaec1b0a64ab9fc22021-12-21 10:42:52.444root 11241100x8000000000000000411192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a26e7cfcf1412c882021-12-21 10:42:52.444root 11241100x8000000000000000411193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a451d4849faae9f2021-12-21 10:42:52.444root 11241100x8000000000000000411194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a1671ba6485ae82021-12-21 10:42:52.444root 11241100x8000000000000000411195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe6b692f863fea002021-12-21 10:42:52.444root 11241100x8000000000000000411196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c9d45b32b6e6972021-12-21 10:42:52.444root 11241100x8000000000000000411197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8132c5b4f922ddcf2021-12-21 10:42:52.444root 11241100x8000000000000000411198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a40c2f17460eebc2021-12-21 10:42:52.445root 11241100x8000000000000000411199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b918a54875a34bd2021-12-21 10:42:52.943root 11241100x8000000000000000411200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb1b89b5a565b0262021-12-21 10:42:52.943root 11241100x8000000000000000411201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c255561f5b89dc332021-12-21 10:42:52.943root 11241100x8000000000000000411202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b45329eaff78f12021-12-21 10:42:52.943root 11241100x8000000000000000411203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2edb87025b4c3072021-12-21 10:42:52.944root 11241100x8000000000000000411204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.137ea2afbb95a2342021-12-21 10:42:52.944root 11241100x8000000000000000411205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c1d75c74d98f5242021-12-21 10:42:52.944root 11241100x8000000000000000411206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4775e7ad69cf104d2021-12-21 10:42:52.944root 11241100x8000000000000000411207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e28cb66a027a1a92021-12-21 10:42:52.944root 11241100x8000000000000000411208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcad3e93833b12262021-12-21 10:42:52.944root 11241100x8000000000000000411209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bbeb946a5e085b42021-12-21 10:42:52.944root 11241100x8000000000000000411210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11efb5b2c16144612021-12-21 10:42:52.944root 11241100x8000000000000000411211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9e599f4f9b204832021-12-21 10:42:52.944root 11241100x8000000000000000411212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.241e520c5cbc41df2021-12-21 10:42:52.944root 11241100x8000000000000000411213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78da176fb6f9c71a2021-12-21 10:42:52.944root 11241100x8000000000000000411214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46db9f045e8af5812021-12-21 10:42:52.944root 11241100x8000000000000000411215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bdd3a6669caeb452021-12-21 10:42:52.944root 11241100x8000000000000000411216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa9bf58b7c299cfd2021-12-21 10:42:52.944root 11241100x8000000000000000411217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23076c94777974552021-12-21 10:42:52.944root 11241100x8000000000000000411218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d465b0a2f1c7e912021-12-21 10:42:53.443root 11241100x8000000000000000411219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1f19333c190237b2021-12-21 10:42:53.443root 11241100x8000000000000000411220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0938ec045769d5342021-12-21 10:42:53.444root 11241100x8000000000000000411221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a632e22153244f92021-12-21 10:42:53.444root 11241100x8000000000000000411222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d86e91884f26b9ae2021-12-21 10:42:53.444root 11241100x8000000000000000411223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c955efba5b570d82021-12-21 10:42:53.444root 11241100x8000000000000000411224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.006880f67505d9d72021-12-21 10:42:53.444root 11241100x8000000000000000411225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9958b18b1ce060212021-12-21 10:42:53.444root 11241100x8000000000000000411226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1caba5df05ee37522021-12-21 10:42:53.445root 11241100x8000000000000000411227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c788e7ddac71fba22021-12-21 10:42:53.445root 11241100x8000000000000000411228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b7a180440c164732021-12-21 10:42:53.445root 11241100x8000000000000000411229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c2f966a577f76b32021-12-21 10:42:53.445root 11241100x8000000000000000411230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fddd8b9d0d07fdb82021-12-21 10:42:53.445root 11241100x8000000000000000411231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5981b82a26abc6c32021-12-21 10:42:53.445root 11241100x8000000000000000411232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32932a6d01c5e7402021-12-21 10:42:53.445root 11241100x8000000000000000411233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acf1ac8551ca45812021-12-21 10:42:53.445root 11241100x8000000000000000411234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a5ab9f5655ffe842021-12-21 10:42:53.445root 11241100x8000000000000000411235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad0b20a19d611cd2021-12-21 10:42:53.445root 11241100x8000000000000000411236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3abba0fd4aba22c52021-12-21 10:42:53.445root 11241100x8000000000000000411237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64e16d34133ac3f2021-12-21 10:42:53.943root 11241100x8000000000000000411238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18195a25963195642021-12-21 10:42:53.943root 11241100x8000000000000000411239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f2d8dc18754ad62021-12-21 10:42:53.943root 11241100x8000000000000000411240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51a7b97b39d3bb012021-12-21 10:42:53.943root 11241100x8000000000000000411241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d6d9f49b6884d002021-12-21 10:42:53.944root 11241100x8000000000000000411242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f24c96e79ea1fcc2021-12-21 10:42:53.944root 11241100x8000000000000000411243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a95ba394f55f02d62021-12-21 10:42:53.944root 11241100x8000000000000000411244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.102f62d784c2e7e32021-12-21 10:42:53.944root 11241100x8000000000000000411245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4da159a79d102562021-12-21 10:42:53.944root 11241100x8000000000000000411246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d562e61b8b559a2021-12-21 10:42:53.944root 11241100x8000000000000000411247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3f3ec766ea7fc1f2021-12-21 10:42:53.944root 11241100x8000000000000000411248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4846bf9a69dee7f32021-12-21 10:42:53.944root 11241100x8000000000000000411249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30f0794fd8ab4da12021-12-21 10:42:53.944root 11241100x8000000000000000411250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40d399211cb457682021-12-21 10:42:53.944root 11241100x8000000000000000411251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c4502c8684ced692021-12-21 10:42:53.944root 11241100x8000000000000000411252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89835974a00981042021-12-21 10:42:53.944root 11241100x8000000000000000411253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6690384ae052aa442021-12-21 10:42:53.944root 11241100x8000000000000000411254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c4543b4333245c2021-12-21 10:42:53.944root 11241100x8000000000000000411255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aa186952730e93c2021-12-21 10:42:53.944root 11241100x8000000000000000411256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee0638a576d5cc62021-12-21 10:42:54.443root 11241100x8000000000000000411257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.586180f5e8d8ee652021-12-21 10:42:54.443root 11241100x8000000000000000411258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c682af05d206a42021-12-21 10:42:54.443root 11241100x8000000000000000411259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b98617e6b9af1ac2021-12-21 10:42:54.443root 11241100x8000000000000000411260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb0a73074c43ea52021-12-21 10:42:54.444root 11241100x8000000000000000411261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677d8c23e5aedbab2021-12-21 10:42:54.444root 11241100x8000000000000000411262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7406aeb5dba05d12021-12-21 10:42:54.444root 11241100x8000000000000000411263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c95d973106613f2021-12-21 10:42:54.444root 11241100x8000000000000000411264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c52b7d2bd4021d2021-12-21 10:42:54.444root 11241100x8000000000000000411265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d5199351011aa442021-12-21 10:42:54.444root 11241100x8000000000000000411266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98bfe8f966d67b292021-12-21 10:42:54.444root 11241100x8000000000000000411267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b326987d85139272021-12-21 10:42:54.444root 11241100x8000000000000000411268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e583f43c0967fad12021-12-21 10:42:54.444root 11241100x8000000000000000411269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c77e06dabc31d56b2021-12-21 10:42:54.444root 11241100x8000000000000000411270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.329d9419ec95c8422021-12-21 10:42:54.444root 11241100x8000000000000000411271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c5fcf53c993e3502021-12-21 10:42:54.444root 11241100x8000000000000000411272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c648471103928b2021-12-21 10:42:54.444root 11241100x8000000000000000411273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b9fe0c2f4425af2021-12-21 10:42:54.444root 11241100x8000000000000000411274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b327748de4776f22021-12-21 10:42:54.445root 11241100x8000000000000000411275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce783fe8c3bfba702021-12-21 10:42:54.943root 11241100x8000000000000000411276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9281ba3f14e3510b2021-12-21 10:42:54.943root 11241100x8000000000000000411277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc6228bef17b8f912021-12-21 10:42:54.943root 11241100x8000000000000000411278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb8db881a901412e2021-12-21 10:42:54.944root 11241100x8000000000000000411279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.979767faa3d1e5f42021-12-21 10:42:54.944root 11241100x8000000000000000411280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a80142053c5ccdd52021-12-21 10:42:54.944root 11241100x8000000000000000411281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb6d2cdd09b5b2fe2021-12-21 10:42:54.944root 11241100x8000000000000000411282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50d4beabb79323912021-12-21 10:42:54.944root 11241100x8000000000000000411283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14bce98625ef8db02021-12-21 10:42:54.944root 11241100x8000000000000000411284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dfd6a3015e8b2f62021-12-21 10:42:54.944root 11241100x8000000000000000411285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e67a5dd23e306282021-12-21 10:42:54.944root 11241100x8000000000000000411286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e3df1b6edae489f2021-12-21 10:42:54.944root 11241100x8000000000000000411287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01efd98e691403ff2021-12-21 10:42:54.944root 11241100x8000000000000000411288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a1a15c307506e62021-12-21 10:42:54.944root 11241100x8000000000000000411289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9981d8c4fe6022652021-12-21 10:42:54.944root 11241100x8000000000000000411290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff30c0c5cbe65962021-12-21 10:42:54.944root 11241100x8000000000000000411291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46e1c6841fa2ce4a2021-12-21 10:42:54.945root 11241100x8000000000000000411292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.675e943d3bd600a62021-12-21 10:42:54.945root 11241100x8000000000000000411293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad1b51ac7c24376f2021-12-21 10:42:54.945root 11241100x8000000000000000411294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c797cce68b344352021-12-21 10:42:55.443root 11241100x8000000000000000411295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b019e2eef6c7c5442021-12-21 10:42:55.443root 11241100x8000000000000000411296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e915be781209f0d2021-12-21 10:42:55.443root 11241100x8000000000000000411297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8417c609fef4adf2021-12-21 10:42:55.443root 11241100x8000000000000000411298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8454960609ea71b42021-12-21 10:42:55.444root 11241100x8000000000000000411299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.538ab67bf7ffe3832021-12-21 10:42:55.444root 11241100x8000000000000000411300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45529b514cef1fdb2021-12-21 10:42:55.444root 11241100x8000000000000000411301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be11ff139d2285922021-12-21 10:42:55.444root 11241100x8000000000000000411302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f178da8a7097b2f2021-12-21 10:42:55.444root 11241100x8000000000000000411303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf67ac0409d3f0242021-12-21 10:42:55.444root 11241100x8000000000000000411304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0c80e132dc5995c2021-12-21 10:42:55.444root 11241100x8000000000000000411305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ace84776176a5b272021-12-21 10:42:55.444root 11241100x8000000000000000411306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7abec75db60009572021-12-21 10:42:55.444root 11241100x8000000000000000411307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a9cb32a2d51eef2021-12-21 10:42:55.444root 11241100x8000000000000000411308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3264d57a3c85c992021-12-21 10:42:55.444root 11241100x8000000000000000411309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66671e131f8c73282021-12-21 10:42:55.444root 11241100x8000000000000000411310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46472671398a1742021-12-21 10:42:55.444root 11241100x8000000000000000411311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e76c492214b0f082021-12-21 10:42:55.444root 11241100x8000000000000000411312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f367a7b3a5144882021-12-21 10:42:55.444root 11241100x8000000000000000411313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a2af210f87c21252021-12-21 10:42:55.943root 11241100x8000000000000000411314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a7725669ef0abfb2021-12-21 10:42:55.943root 11241100x8000000000000000411315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa1945f9a81231632021-12-21 10:42:55.943root 11241100x8000000000000000411316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6656101e4a386d722021-12-21 10:42:55.943root 11241100x8000000000000000411317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ee1c31378ccd5e2021-12-21 10:42:55.944root 11241100x8000000000000000411318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa8d406139785bb2021-12-21 10:42:55.944root 11241100x8000000000000000411319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c00e4443f4c52292021-12-21 10:42:55.944root 11241100x8000000000000000411320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b34baaf38fd19932021-12-21 10:42:55.944root 11241100x8000000000000000411321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.563d2689aaefd6942021-12-21 10:42:55.944root 11241100x8000000000000000411322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a2289e32c7635b72021-12-21 10:42:55.944root 11241100x8000000000000000411323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee691555196321892021-12-21 10:42:55.944root 11241100x8000000000000000411324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc1a106904533292021-12-21 10:42:55.944root 11241100x8000000000000000411325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6d1130df3fcfe62021-12-21 10:42:55.944root 11241100x8000000000000000411326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b7a34a0866a3f32021-12-21 10:42:55.944root 11241100x8000000000000000411327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a991822291f50d3f2021-12-21 10:42:55.944root 11241100x8000000000000000411328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.306d142204e182c42021-12-21 10:42:55.944root 11241100x8000000000000000411329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41bad62b41e5d2c52021-12-21 10:42:55.944root 11241100x8000000000000000411330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3ea9252432726ac2021-12-21 10:42:55.944root 11241100x8000000000000000411331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b49ea34b7cd4e342021-12-21 10:42:55.944root 354300x8000000000000000411332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:56.211{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47496-false10.0.1.12-8000- 11241100x8000000000000000411333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:56.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ffed3fefab3e182021-12-21 10:42:56.212root 11241100x8000000000000000411334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:56.213{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d78c875933eaed2021-12-21 10:42:56.213root 11241100x8000000000000000411335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:56.213{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d46360b1ff00bf32021-12-21 10:42:56.213root 11241100x8000000000000000411336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:56.213{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eac8bd999f998952021-12-21 10:42:56.213root 11241100x8000000000000000411337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:56.214{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a6d15df2297cca62021-12-21 10:42:56.214root 11241100x8000000000000000411338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:56.214{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a498a2d39dbdabbc2021-12-21 10:42:56.214root 11241100x8000000000000000411339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:56.214{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a89a4038f0e97b882021-12-21 10:42:56.214root 11241100x8000000000000000411340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:56.214{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b6a3730ca14cff72021-12-21 10:42:56.214root 11241100x8000000000000000411341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:56.214{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31bc72d4729934722021-12-21 10:42:56.214root 11241100x8000000000000000411342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:56.214{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5353fe9f8bd516442021-12-21 10:42:56.214root 11241100x8000000000000000411343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:56.214{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91509aa15bdec26c2021-12-21 10:42:56.214root 11241100x8000000000000000411344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:56.214{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb9836a1640d88d2021-12-21 10:42:56.214root 11241100x8000000000000000411345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:56.214{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0921cc8fb314a0932021-12-21 10:42:56.214root 11241100x8000000000000000411346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:56.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e19376f6bde5914c2021-12-21 10:42:56.215root 11241100x8000000000000000411347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:56.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7cb4343f4c121b72021-12-21 10:42:56.215root 11241100x8000000000000000411348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:56.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f56cee5d8b9f9622021-12-21 10:42:56.215root 11241100x8000000000000000411349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:56.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46006baadf72e8802021-12-21 10:42:56.215root 11241100x8000000000000000411350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:56.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae3238f22e16d702021-12-21 10:42:56.215root 11241100x8000000000000000411351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:56.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.054494c501766a4f2021-12-21 10:42:56.215root 11241100x8000000000000000411352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:56.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.996d5cab8cedc9af2021-12-21 10:42:56.215root 11241100x8000000000000000411353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:56.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43d4fc55d1a776d82021-12-21 10:42:56.215root 11241100x8000000000000000411354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8b9e871320e6b12021-12-21 10:42:56.693root 11241100x8000000000000000411355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d386e95134830712021-12-21 10:42:56.693root 11241100x8000000000000000411356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.922550a9744e74c52021-12-21 10:42:56.693root 11241100x8000000000000000411357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b87b715f9ce41e6c2021-12-21 10:42:56.693root 11241100x8000000000000000411358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f331676aeefa44812021-12-21 10:42:56.693root 11241100x8000000000000000411359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595f6663e29289332021-12-21 10:42:56.693root 11241100x8000000000000000411360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c191a2c64b8742be2021-12-21 10:42:56.693root 11241100x8000000000000000411361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3051eca1cd79512021-12-21 10:42:56.693root 11241100x8000000000000000411362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b4335cdb0d61542021-12-21 10:42:56.693root 11241100x8000000000000000411363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21dbb25488e9faba2021-12-21 10:42:56.693root 11241100x8000000000000000411364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d8c3ea58515a3352021-12-21 10:42:56.693root 11241100x8000000000000000411365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ff32cca9e9c7352021-12-21 10:42:56.693root 11241100x8000000000000000411366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87720f183fc6af342021-12-21 10:42:56.693root 11241100x8000000000000000411367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.717ac80392cc3fca2021-12-21 10:42:56.693root 11241100x8000000000000000411368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5dbdf18b8e1b8252021-12-21 10:42:56.694root 11241100x8000000000000000411369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b37055dfc6a586be2021-12-21 10:42:56.694root 11241100x8000000000000000411370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca00a749fbf961d2021-12-21 10:42:56.694root 11241100x8000000000000000411371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e55434aed06aed4b2021-12-21 10:42:56.694root 11241100x8000000000000000411372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.111bf9a6906561d92021-12-21 10:42:56.694root 11241100x8000000000000000411373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62a8e0136ea13bd52021-12-21 10:42:56.694root 11241100x8000000000000000411374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f3535e132dab622021-12-21 10:42:56.694root 11241100x8000000000000000411375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e46cdd41f327732021-12-21 10:42:56.694root 11241100x8000000000000000411376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f69ab05021f55fa2021-12-21 10:42:57.193root 11241100x8000000000000000411377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c5c847aaf8765b2021-12-21 10:42:57.193root 11241100x8000000000000000411378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b32cad04cd67f5262021-12-21 10:42:57.193root 11241100x8000000000000000411379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560d4ea6beb9f69a2021-12-21 10:42:57.194root 11241100x8000000000000000411380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.122ec9c9fde07efe2021-12-21 10:42:57.194root 11241100x8000000000000000411381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b11e0851a6a1f4212021-12-21 10:42:57.194root 11241100x8000000000000000411382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a393f92a6b6ee79a2021-12-21 10:42:57.194root 11241100x8000000000000000411383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad3e9ce8db7efa142021-12-21 10:42:57.194root 11241100x8000000000000000411384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec60a50a049375fc2021-12-21 10:42:57.194root 11241100x8000000000000000411385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d3c98932530d8292021-12-21 10:42:57.194root 11241100x8000000000000000411386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e919f52464b02b332021-12-21 10:42:57.194root 11241100x8000000000000000411387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c26d42257e7a5fc2021-12-21 10:42:57.194root 11241100x8000000000000000411388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af06e76a0cf518162021-12-21 10:42:57.194root 11241100x8000000000000000411389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e8095d50bf1f902021-12-21 10:42:57.194root 11241100x8000000000000000411390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da9625e0b2b3409b2021-12-21 10:42:57.194root 11241100x8000000000000000411391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1c9faabc9bdeeb72021-12-21 10:42:57.194root 11241100x8000000000000000411392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9326c5c1bd67249b2021-12-21 10:42:57.194root 11241100x8000000000000000411393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed75b95e2d90afd2021-12-21 10:42:57.194root 11241100x8000000000000000411394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d31796d16556bf942021-12-21 10:42:57.194root 11241100x8000000000000000411395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f2a203d5cc90412021-12-21 10:42:57.195root 11241100x8000000000000000411396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:57.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e59407befca1b88e2021-12-21 10:42:57.692root 11241100x8000000000000000411397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb5a9405251b4c0e2021-12-21 10:42:57.693root 11241100x8000000000000000411398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00060042af902ecb2021-12-21 10:42:57.693root 11241100x8000000000000000411399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d781d66c55cfc662021-12-21 10:42:57.693root 11241100x8000000000000000411400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4291f8ab49198e12021-12-21 10:42:57.694root 11241100x8000000000000000411401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a59339781f1b592021-12-21 10:42:57.694root 11241100x8000000000000000411402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe768de705ed3fe2021-12-21 10:42:57.694root 11241100x8000000000000000411403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db0c5b777d25c20d2021-12-21 10:42:57.694root 11241100x8000000000000000411404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428835f172c7db112021-12-21 10:42:57.694root 11241100x8000000000000000411405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f80e5cc23ee46c7e2021-12-21 10:42:57.695root 11241100x8000000000000000411406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d81468b55ba491f42021-12-21 10:42:57.695root 11241100x8000000000000000411407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.957084eeb04ca99f2021-12-21 10:42:57.695root 11241100x8000000000000000411408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c519836e3bdd2cd52021-12-21 10:42:57.695root 11241100x8000000000000000411409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c306ec42a4290bd2021-12-21 10:42:57.695root 11241100x8000000000000000411410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.090051de7c44b87b2021-12-21 10:42:57.695root 11241100x8000000000000000411411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a54dcb51ef8d162021-12-21 10:42:57.696root 11241100x8000000000000000411412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a95467cdcfdc11d52021-12-21 10:42:57.696root 11241100x8000000000000000411413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5231f0d16380472f2021-12-21 10:42:57.696root 11241100x8000000000000000411414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6f131b0cdb93e702021-12-21 10:42:57.696root 11241100x8000000000000000411415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde901921f9f08ea2021-12-21 10:42:57.696root 11241100x8000000000000000411416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600046a39afcbaf22021-12-21 10:42:57.696root 11241100x8000000000000000411417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd9bd93f605696942021-12-21 10:42:57.696root 11241100x8000000000000000411418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:58.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.844f34c30cf2d6af2021-12-21 10:42:58.192root 11241100x8000000000000000411419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe0a0ca5b6e37ab92021-12-21 10:42:58.193root 11241100x8000000000000000411420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d0f23f7f9fa7c022021-12-21 10:42:58.193root 11241100x8000000000000000411421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa8ecbca2fceb6a52021-12-21 10:42:58.193root 11241100x8000000000000000411422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f85153b5068c93082021-12-21 10:42:58.193root 11241100x8000000000000000411423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e669f3cc792a28c52021-12-21 10:42:58.193root 11241100x8000000000000000411424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b5f5c1cb432e7e62021-12-21 10:42:58.193root 11241100x8000000000000000411425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f09a393627aac32021-12-21 10:42:58.193root 11241100x8000000000000000411426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f384994f450972662021-12-21 10:42:58.193root 11241100x8000000000000000411427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6c9189527cadebd2021-12-21 10:42:58.193root 11241100x8000000000000000411428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39e9b7a9b1f5f2462021-12-21 10:42:58.193root 11241100x8000000000000000411429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4777b7ea25f97312021-12-21 10:42:58.193root 11241100x8000000000000000411430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b77f32fc8ad19e92021-12-21 10:42:58.193root 11241100x8000000000000000411431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea40f4077b408a522021-12-21 10:42:58.193root 11241100x8000000000000000411432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf33f2c29960dbe2021-12-21 10:42:58.194root 11241100x8000000000000000411433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af3e0896f5c8c8232021-12-21 10:42:58.194root 11241100x8000000000000000411434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b49980585e2010902021-12-21 10:42:58.194root 11241100x8000000000000000411435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8afe23a24a168dad2021-12-21 10:42:58.194root 11241100x8000000000000000411436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9ac2ffa7323b9cd2021-12-21 10:42:58.194root 11241100x8000000000000000411437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5073613652548ed2021-12-21 10:42:58.194root 11241100x8000000000000000411438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cdefb40c5d6d96b2021-12-21 10:42:58.194root 11241100x8000000000000000411439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62888c1ac1fa76e82021-12-21 10:42:58.194root 11241100x8000000000000000411440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e8eca04f154a6a2021-12-21 10:42:58.693root 11241100x8000000000000000411441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7efe924ce5947e02021-12-21 10:42:58.693root 11241100x8000000000000000411442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca0baf7807243a812021-12-21 10:42:58.693root 11241100x8000000000000000411443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f4a5a8035915c12021-12-21 10:42:58.693root 11241100x8000000000000000411444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df3f740457f0d5a82021-12-21 10:42:58.694root 11241100x8000000000000000411445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a00fb3714af2442021-12-21 10:42:58.694root 11241100x8000000000000000411446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.580f65b79fae36302021-12-21 10:42:58.694root 11241100x8000000000000000411447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbfe40538fcbfee52021-12-21 10:42:58.694root 11241100x8000000000000000411448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8acf343196c82dcb2021-12-21 10:42:58.694root 11241100x8000000000000000411449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a97d484e05ba4c52021-12-21 10:42:58.694root 11241100x8000000000000000411450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5024da50148075c82021-12-21 10:42:58.694root 11241100x8000000000000000411451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c293b4436c5359982021-12-21 10:42:58.694root 11241100x8000000000000000411452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57382e74e41efab32021-12-21 10:42:58.694root 11241100x8000000000000000411453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb7fb09c77b8f1e82021-12-21 10:42:58.694root 11241100x8000000000000000411454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af85f75b22e1fc732021-12-21 10:42:58.694root 11241100x8000000000000000411455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941503efd632446e2021-12-21 10:42:58.694root 11241100x8000000000000000411456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64786e738e1970f2021-12-21 10:42:58.694root 11241100x8000000000000000411457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43ad43cd37751af42021-12-21 10:42:58.694root 11241100x8000000000000000411458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:58.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e95c1a8bbe46aa6b2021-12-21 10:42:58.695root 11241100x8000000000000000411459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:58.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25bbf13766dff9312021-12-21 10:42:58.695root 11241100x8000000000000000411460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04268ef37b8285ef2021-12-21 10:42:59.193root 11241100x8000000000000000411461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.204ae5fb09a7a5952021-12-21 10:42:59.193root 11241100x8000000000000000411462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b9c5a05aaddb0402021-12-21 10:42:59.193root 11241100x8000000000000000411463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f64818424640fa72021-12-21 10:42:59.193root 11241100x8000000000000000411464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb768dec7228b292021-12-21 10:42:59.195root 11241100x8000000000000000411465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.472337c5a82562ab2021-12-21 10:42:59.195root 11241100x8000000000000000411466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bfc9b1bd16b08172021-12-21 10:42:59.195root 11241100x8000000000000000411467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1956e4694298e82021-12-21 10:42:59.195root 11241100x8000000000000000411468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad41f0146f6f59082021-12-21 10:42:59.195root 11241100x8000000000000000411469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.723519a99fc6f4092021-12-21 10:42:59.195root 11241100x8000000000000000411470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b79565d9eda4c5c2021-12-21 10:42:59.196root 11241100x8000000000000000411471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a6b0bcc4bb320a82021-12-21 10:42:59.196root 11241100x8000000000000000411472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0990d986542b0daf2021-12-21 10:42:59.196root 11241100x8000000000000000411473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7e7bf0db52d3652021-12-21 10:42:59.196root 11241100x8000000000000000411474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea2749f281857572021-12-21 10:42:59.196root 11241100x8000000000000000411475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81c64cd8906555b62021-12-21 10:42:59.196root 11241100x8000000000000000411476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62dd5cdd77b98f312021-12-21 10:42:59.196root 11241100x8000000000000000411477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc8b208d40b0d3412021-12-21 10:42:59.196root 11241100x8000000000000000411478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ef246c5a76da5282021-12-21 10:42:59.196root 11241100x8000000000000000411479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e2fab74e52154a12021-12-21 10:42:59.196root 11241100x8000000000000000411480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82fde5b02bbfd1cd2021-12-21 10:42:59.693root 11241100x8000000000000000411481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de47ea011ebac492021-12-21 10:42:59.693root 11241100x8000000000000000411482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be538a5b9fb450e72021-12-21 10:42:59.693root 11241100x8000000000000000411483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d2888c7ee310932021-12-21 10:42:59.693root 11241100x8000000000000000411484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7304da372241e932021-12-21 10:42:59.693root 11241100x8000000000000000411485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7107a32b2cb9f4932021-12-21 10:42:59.693root 11241100x8000000000000000411486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49af9ea28d65f0e62021-12-21 10:42:59.694root 11241100x8000000000000000411487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ec2958d447cc522021-12-21 10:42:59.694root 11241100x8000000000000000411488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b51aae61682cd0e72021-12-21 10:42:59.694root 11241100x8000000000000000411489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d762fa572698b3132021-12-21 10:42:59.694root 11241100x8000000000000000411490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d74bcc90b848c90b2021-12-21 10:42:59.694root 11241100x8000000000000000411491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.226e035ba40f214d2021-12-21 10:42:59.694root 11241100x8000000000000000411492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b8b2633b060d8422021-12-21 10:42:59.694root 11241100x8000000000000000411493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.869b41ff640559272021-12-21 10:42:59.694root 11241100x8000000000000000411494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d40e932232b058d2021-12-21 10:42:59.694root 11241100x8000000000000000411495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6089a21e13fee3842021-12-21 10:42:59.694root 11241100x8000000000000000411496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.898d03f71001f6342021-12-21 10:42:59.695root 11241100x8000000000000000411497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40009526bd5446192021-12-21 10:42:59.695root 11241100x8000000000000000411498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81e00162c3555a52021-12-21 10:42:59.695root 11241100x8000000000000000411499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:42:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1239cda4db570df2021-12-21 10:42:59.695root 11241100x8000000000000000411500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:00.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb503fe458e5ac72021-12-21 10:43:00.192root 11241100x8000000000000000411501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46658a9727660fc2021-12-21 10:43:00.193root 11241100x8000000000000000411502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54586d4b09ff32882021-12-21 10:43:00.193root 11241100x8000000000000000411503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad8984ad3bf11a292021-12-21 10:43:00.193root 11241100x8000000000000000411504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1163a366b3b8cded2021-12-21 10:43:00.193root 11241100x8000000000000000411505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ef29854f4675e02021-12-21 10:43:00.193root 11241100x8000000000000000411506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e8c83ca350b45262021-12-21 10:43:00.193root 11241100x8000000000000000411507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c1d7b93af9a70442021-12-21 10:43:00.193root 11241100x8000000000000000411508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b7ae6c55f59ede2021-12-21 10:43:00.193root 11241100x8000000000000000411509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.150600956cd1c9fc2021-12-21 10:43:00.193root 11241100x8000000000000000411510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b28852cac2b9ed2021-12-21 10:43:00.193root 11241100x8000000000000000411511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd5c397a42095272021-12-21 10:43:00.193root 11241100x8000000000000000411512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06428f021366d6f12021-12-21 10:43:00.193root 11241100x8000000000000000411513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b84f683d457e922021-12-21 10:43:00.194root 11241100x8000000000000000411514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7335969c9376661c2021-12-21 10:43:00.194root 11241100x8000000000000000411515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b5af827478d18ff2021-12-21 10:43:00.194root 11241100x8000000000000000411516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c0cc1f2982806c52021-12-21 10:43:00.194root 11241100x8000000000000000411517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57aeedce182167fa2021-12-21 10:43:00.194root 11241100x8000000000000000411518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4bdb38b873368442021-12-21 10:43:00.194root 11241100x8000000000000000411519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.893e972b91fc737b2021-12-21 10:43:00.194root 11241100x8000000000000000411520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f7eef684d5d2892021-12-21 10:43:00.693root 11241100x8000000000000000411521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da50435f2de0abb2021-12-21 10:43:00.693root 11241100x8000000000000000411522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4048da721c3d89602021-12-21 10:43:00.693root 11241100x8000000000000000411523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d5c4d894bd8aebe2021-12-21 10:43:00.693root 11241100x8000000000000000411524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5711ef001cf4bd712021-12-21 10:43:00.693root 11241100x8000000000000000411525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d82913883559b4d42021-12-21 10:43:00.694root 11241100x8000000000000000411526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.386999cd3b02f1102021-12-21 10:43:00.694root 11241100x8000000000000000411527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a09bbded75503f42021-12-21 10:43:00.694root 11241100x8000000000000000411528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f3ce6f6c63a1922021-12-21 10:43:00.694root 11241100x8000000000000000411529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f98d79701105a3ab2021-12-21 10:43:00.694root 11241100x8000000000000000411530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270870fc8409d8302021-12-21 10:43:00.694root 11241100x8000000000000000411531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42334dd6461c9aed2021-12-21 10:43:00.694root 11241100x8000000000000000411532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c51ddc0e298629732021-12-21 10:43:00.694root 11241100x8000000000000000411533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ba9ffb6ef96545d2021-12-21 10:43:00.694root 11241100x8000000000000000411534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6238bb77b0635cfe2021-12-21 10:43:00.694root 11241100x8000000000000000411535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb6a43077f8f9752021-12-21 10:43:00.694root 11241100x8000000000000000411536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a0772f051fb1a1e2021-12-21 10:43:00.694root 11241100x8000000000000000411537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:00.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.635fd369d13692a42021-12-21 10:43:00.695root 11241100x8000000000000000411538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:00.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad1ded66eeed40c42021-12-21 10:43:00.695root 11241100x8000000000000000411539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:00.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a32905c62c8d2392021-12-21 10:43:00.695root 11241100x8000000000000000411540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7599175faaceea6b2021-12-21 10:43:01.193root 11241100x8000000000000000411541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b87d0fd113d44e702021-12-21 10:43:01.193root 11241100x8000000000000000411542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7dfb11b2ddf97ff2021-12-21 10:43:01.193root 11241100x8000000000000000411543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c3ba5d4ba0a812a2021-12-21 10:43:01.193root 11241100x8000000000000000411544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17da225e9393a0a82021-12-21 10:43:01.193root 11241100x8000000000000000411545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f0a3b45b0b0adc2021-12-21 10:43:01.193root 11241100x8000000000000000411546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38ed790147e206612021-12-21 10:43:01.193root 11241100x8000000000000000411547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cbe92a92dfcdaa72021-12-21 10:43:01.193root 11241100x8000000000000000411548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b1762a606a91c22021-12-21 10:43:01.193root 11241100x8000000000000000411549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c15eee1604076f202021-12-21 10:43:01.193root 11241100x8000000000000000411550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4e467d2f011e5fb2021-12-21 10:43:01.193root 11241100x8000000000000000411551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89d9b0b94423beb62021-12-21 10:43:01.194root 11241100x8000000000000000411552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9814ca9939faee62021-12-21 10:43:01.194root 11241100x8000000000000000411553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f4bf955e124fc6c2021-12-21 10:43:01.194root 11241100x8000000000000000411554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed931d79d1f0f43e2021-12-21 10:43:01.194root 11241100x8000000000000000411555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0abb057f77933b2021-12-21 10:43:01.194root 11241100x8000000000000000411556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.854fe1ab152d806a2021-12-21 10:43:01.194root 11241100x8000000000000000411557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.435230c5cc512d802021-12-21 10:43:01.194root 11241100x8000000000000000411558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.932816290c7f0c582021-12-21 10:43:01.195root 11241100x8000000000000000411559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd721c190126ba62021-12-21 10:43:01.195root 11241100x8000000000000000411560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50adc9c3e6ab35a22021-12-21 10:43:01.693root 11241100x8000000000000000411561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.556ef2e771880db72021-12-21 10:43:01.693root 11241100x8000000000000000411562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d5bd17b422486682021-12-21 10:43:01.693root 11241100x8000000000000000411563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e62a95afd01d4d8c2021-12-21 10:43:01.693root 11241100x8000000000000000411564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ff940d98e9f964e2021-12-21 10:43:01.694root 11241100x8000000000000000411565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb7b8da1e24465b02021-12-21 10:43:01.694root 11241100x8000000000000000411566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee6d84d5911fbc42021-12-21 10:43:01.694root 11241100x8000000000000000411567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b04ddd08a8ecb3282021-12-21 10:43:01.694root 11241100x8000000000000000411568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e8514b2936977952021-12-21 10:43:01.694root 11241100x8000000000000000411569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941f58829c0f68082021-12-21 10:43:01.694root 11241100x8000000000000000411570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8762930218a6b3b72021-12-21 10:43:01.694root 11241100x8000000000000000411571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5ddc8453337e28f2021-12-21 10:43:01.694root 11241100x8000000000000000411572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbafd502243624762021-12-21 10:43:01.694root 11241100x8000000000000000411573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd355b913080ebb2021-12-21 10:43:01.694root 11241100x8000000000000000411574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d1665078389c6bb2021-12-21 10:43:01.694root 11241100x8000000000000000411575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff90b3f43f8bb8582021-12-21 10:43:01.694root 11241100x8000000000000000411576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e26b61a8a3305cb02021-12-21 10:43:01.694root 11241100x8000000000000000411577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fbd475886c87cae2021-12-21 10:43:01.694root 11241100x8000000000000000411578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac9813c095a4e772021-12-21 10:43:01.694root 11241100x8000000000000000411579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24490af2b43835312021-12-21 10:43:01.694root 354300x8000000000000000411580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.127{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47498-false10.0.1.12-8000- 11241100x8000000000000000411581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a0323712f940f82021-12-21 10:43:02.128root 11241100x8000000000000000411582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da5b754ee2e344212021-12-21 10:43:02.128root 11241100x8000000000000000411583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee666446381e5202021-12-21 10:43:02.128root 11241100x8000000000000000411584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db4647ca812b88c52021-12-21 10:43:02.128root 11241100x8000000000000000411585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4573dc30f9045eba2021-12-21 10:43:02.128root 11241100x8000000000000000411586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.128{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.570e5170fed657792021-12-21 10:43:02.128root 11241100x8000000000000000411587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.129{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc84a39731d6bd202021-12-21 10:43:02.129root 11241100x8000000000000000411588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.129{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a52b43c4757b4db02021-12-21 10:43:02.129root 11241100x8000000000000000411589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.129{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e91033b4fa9b3572021-12-21 10:43:02.129root 11241100x8000000000000000411590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.129{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d6f9eb7f7909a92021-12-21 10:43:02.129root 11241100x8000000000000000411591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.129{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e808dbd9a7e4a62021-12-21 10:43:02.129root 11241100x8000000000000000411592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.129{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36635c5c40c2244a2021-12-21 10:43:02.129root 11241100x8000000000000000411593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.129{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ae9389522b9d2b82021-12-21 10:43:02.129root 11241100x8000000000000000411594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc70f95b8635bf22021-12-21 10:43:02.130root 11241100x8000000000000000411595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f59746062580972021-12-21 10:43:02.130root 11241100x8000000000000000411596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af304a5040077ac22021-12-21 10:43:02.130root 11241100x8000000000000000411597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a9cdef4238787ed2021-12-21 10:43:02.130root 11241100x8000000000000000411598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8767395dc1dc0ad2021-12-21 10:43:02.130root 11241100x8000000000000000411599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9975b3c92dc30dd62021-12-21 10:43:02.130root 11241100x8000000000000000411600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a6ff77b029b2262021-12-21 10:43:02.130root 11241100x8000000000000000411601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a390676addf6d732021-12-21 10:43:02.130root 11241100x8000000000000000411602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc9ef5416b96364a2021-12-21 10:43:02.131root 11241100x8000000000000000411603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.066b20392714de852021-12-21 10:43:02.131root 11241100x8000000000000000411604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27db6ea5c98561782021-12-21 10:43:02.131root 11241100x8000000000000000411605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ffe7740439edc472021-12-21 10:43:02.131root 11241100x8000000000000000411606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a502387e381bb59c2021-12-21 10:43:02.131root 11241100x8000000000000000411607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.780608e7253559d72021-12-21 10:43:02.131root 11241100x8000000000000000411608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0629b7b6412001f42021-12-21 10:43:02.131root 11241100x8000000000000000411609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada1ec5683b908122021-12-21 10:43:02.131root 11241100x8000000000000000411610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be7767c651120bb2021-12-21 10:43:02.443root 11241100x8000000000000000411611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c548e88365326c32021-12-21 10:43:02.444root 11241100x8000000000000000411612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8f7379b5fd84a92021-12-21 10:43:02.444root 11241100x8000000000000000411613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32720b5cf9bdebe82021-12-21 10:43:02.444root 11241100x8000000000000000411614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.678dd4a4008b71522021-12-21 10:43:02.444root 11241100x8000000000000000411615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7567c6d1f9f368af2021-12-21 10:43:02.444root 11241100x8000000000000000411616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf45104291474ae02021-12-21 10:43:02.444root 11241100x8000000000000000411617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb02b90dcc06e7f12021-12-21 10:43:02.445root 11241100x8000000000000000411618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c0f049eaf9111a2021-12-21 10:43:02.445root 11241100x8000000000000000411619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d8814d7726073e2021-12-21 10:43:02.445root 11241100x8000000000000000411620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d706fa33303ada2021-12-21 10:43:02.445root 11241100x8000000000000000411621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4855073748bfcc792021-12-21 10:43:02.445root 11241100x8000000000000000411622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b42e612af9a17a2021-12-21 10:43:02.446root 11241100x8000000000000000411623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93970e26da83f3062021-12-21 10:43:02.446root 11241100x8000000000000000411624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f661e47d61dec1c12021-12-21 10:43:02.446root 11241100x8000000000000000411625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d83699a0c5628c372021-12-21 10:43:02.446root 11241100x8000000000000000411626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.800d4298b10bc9992021-12-21 10:43:02.447root 11241100x8000000000000000411627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30185b93e09685fc2021-12-21 10:43:02.447root 11241100x8000000000000000411628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be7ed44194b021942021-12-21 10:43:02.447root 11241100x8000000000000000411629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd05dcf957b16332021-12-21 10:43:02.447root 11241100x8000000000000000411630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.830908c8c46cf4572021-12-21 10:43:02.448root 11241100x8000000000000000411631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c6ec123af50dd402021-12-21 10:43:02.943root 11241100x8000000000000000411632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da6eae23f3c89622021-12-21 10:43:02.944root 11241100x8000000000000000411633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36baf13ecce1de662021-12-21 10:43:02.944root 11241100x8000000000000000411634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcabe1943d8227ba2021-12-21 10:43:02.944root 11241100x8000000000000000411635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e5e169e95d305422021-12-21 10:43:02.944root 11241100x8000000000000000411636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c23f2e4298a07e212021-12-21 10:43:02.945root 11241100x8000000000000000411637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afe513e39cd6ffeb2021-12-21 10:43:02.945root 11241100x8000000000000000411638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07e18804dcf9bbd2021-12-21 10:43:02.945root 11241100x8000000000000000411639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03c5a9bedbe6b492021-12-21 10:43:02.945root 11241100x8000000000000000411640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb108a1f15bb2302021-12-21 10:43:02.945root 11241100x8000000000000000411641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8363bb1477e40d552021-12-21 10:43:02.945root 11241100x8000000000000000411642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcde1c33242bae302021-12-21 10:43:02.945root 11241100x8000000000000000411643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbda53d2949d7c722021-12-21 10:43:02.945root 11241100x8000000000000000411644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d112f1395248f6c2021-12-21 10:43:02.945root 11241100x8000000000000000411645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.394e6b6e770a7dd22021-12-21 10:43:02.946root 11241100x8000000000000000411646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.415cb95471ad0b942021-12-21 10:43:02.946root 11241100x8000000000000000411647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e17f2d7e19bbf82021-12-21 10:43:02.946root 11241100x8000000000000000411648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4919d44457ea16d72021-12-21 10:43:02.946root 11241100x8000000000000000411649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec5b9ca86fbbb6b2021-12-21 10:43:02.946root 11241100x8000000000000000411650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a3645bb5f5cce7a2021-12-21 10:43:02.946root 11241100x8000000000000000411651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e8db7eeac161172021-12-21 10:43:02.947root 11241100x8000000000000000411652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5655df044565dc912021-12-21 10:43:03.443root 11241100x8000000000000000411653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7080550e89646a9e2021-12-21 10:43:03.443root 11241100x8000000000000000411654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cb1b2071ef3a5242021-12-21 10:43:03.444root 11241100x8000000000000000411655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2832b3b109e9f5d82021-12-21 10:43:03.444root 11241100x8000000000000000411656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b988c5aa25a78c422021-12-21 10:43:03.444root 11241100x8000000000000000411657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc90ff962a224f842021-12-21 10:43:03.444root 11241100x8000000000000000411658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d915532c6c93f872021-12-21 10:43:03.444root 11241100x8000000000000000411659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3798cccb523f55a2021-12-21 10:43:03.445root 11241100x8000000000000000411660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db4890859d8bd622021-12-21 10:43:03.445root 11241100x8000000000000000411661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e3ba4402320d812021-12-21 10:43:03.445root 11241100x8000000000000000411662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6971e6faea3cf8e72021-12-21 10:43:03.445root 11241100x8000000000000000411663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c6f7e326fee6a722021-12-21 10:43:03.445root 11241100x8000000000000000411664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ac53ce38587e1692021-12-21 10:43:03.445root 11241100x8000000000000000411665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c6578279ec3c692021-12-21 10:43:03.445root 11241100x8000000000000000411666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f033ba1d4d05380e2021-12-21 10:43:03.445root 11241100x8000000000000000411667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.350053548be58a5e2021-12-21 10:43:03.445root 11241100x8000000000000000411668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1455881a2be3e442021-12-21 10:43:03.445root 11241100x8000000000000000411669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e156f5c13a8941252021-12-21 10:43:03.445root 11241100x8000000000000000411670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.768b08175fb60d182021-12-21 10:43:03.446root 11241100x8000000000000000411671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa311fed92420f372021-12-21 10:43:03.446root 11241100x8000000000000000411672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53cca020529722c92021-12-21 10:43:03.446root 11241100x8000000000000000411673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953d143296af43c62021-12-21 10:43:03.943root 11241100x8000000000000000411674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40d26b196f1dabe82021-12-21 10:43:03.943root 11241100x8000000000000000411675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f2692380c16d13b2021-12-21 10:43:03.943root 11241100x8000000000000000411676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883fe466ce7f8d672021-12-21 10:43:03.943root 11241100x8000000000000000411677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c51504779fa0502021-12-21 10:43:03.943root 11241100x8000000000000000411678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2314f5c493647e52021-12-21 10:43:03.943root 11241100x8000000000000000411679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.975d78452bf5ddab2021-12-21 10:43:03.944root 11241100x8000000000000000411680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b63cb4b549201d92021-12-21 10:43:03.944root 11241100x8000000000000000411681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84cb0e6a457819462021-12-21 10:43:03.944root 11241100x8000000000000000411682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c752667c6a0c37e42021-12-21 10:43:03.944root 11241100x8000000000000000411683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37cdabd6610667982021-12-21 10:43:03.944root 11241100x8000000000000000411684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a251e6959f12192021-12-21 10:43:03.944root 11241100x8000000000000000411685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e97f234ad5b7e92021-12-21 10:43:03.944root 11241100x8000000000000000411686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d1735629a823d212021-12-21 10:43:03.944root 11241100x8000000000000000411687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54139895b5210f392021-12-21 10:43:03.945root 11241100x8000000000000000411688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27924a9b0980ef192021-12-21 10:43:03.945root 11241100x8000000000000000411689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2303e510bf47ba8b2021-12-21 10:43:03.945root 11241100x8000000000000000411690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfbe26c8307c6b362021-12-21 10:43:03.945root 11241100x8000000000000000411691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40a02f9821866a552021-12-21 10:43:03.945root 11241100x8000000000000000411692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eaf4440af747bc72021-12-21 10:43:03.945root 11241100x8000000000000000411693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b6670162fb3304a2021-12-21 10:43:03.946root 11241100x8000000000000000411694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8cc79542084a4452021-12-21 10:43:04.443root 11241100x8000000000000000411695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aae0a43989e35baa2021-12-21 10:43:04.443root 11241100x8000000000000000411696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e378a3e37362f042021-12-21 10:43:04.443root 11241100x8000000000000000411697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3011db0ba179c2be2021-12-21 10:43:04.443root 11241100x8000000000000000411698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1171ac0111c91442021-12-21 10:43:04.444root 11241100x8000000000000000411699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8de84935b2c42902021-12-21 10:43:04.444root 11241100x8000000000000000411700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e250814e8f1ef0762021-12-21 10:43:04.444root 11241100x8000000000000000411701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8087e5dc6c478db42021-12-21 10:43:04.444root 11241100x8000000000000000411702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458795b1ba410b1d2021-12-21 10:43:04.444root 11241100x8000000000000000411703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1ed5f795f410c452021-12-21 10:43:04.444root 11241100x8000000000000000411704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a832c04868d60212021-12-21 10:43:04.444root 11241100x8000000000000000411705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16b302caa6d8ed2e2021-12-21 10:43:04.444root 11241100x8000000000000000411706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d3360085cdf5c512021-12-21 10:43:04.444root 11241100x8000000000000000411707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a18b047b7d64bc02021-12-21 10:43:04.444root 11241100x8000000000000000411708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2136bd020b05d1a92021-12-21 10:43:04.444root 11241100x8000000000000000411709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f8a53c83a3e1ec2021-12-21 10:43:04.444root 11241100x8000000000000000411710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e052bda63395c62021-12-21 10:43:04.444root 11241100x8000000000000000411711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d68e4fb64419a0fd2021-12-21 10:43:04.444root 11241100x8000000000000000411712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07b3cea41b46028a2021-12-21 10:43:04.444root 11241100x8000000000000000411713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a37909f22d363672021-12-21 10:43:04.445root 11241100x8000000000000000411714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.062c7330061acd0c2021-12-21 10:43:04.445root 11241100x8000000000000000411715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb3cdc51376954f92021-12-21 10:43:04.943root 11241100x8000000000000000411716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d0f6420a56ec6ce2021-12-21 10:43:04.943root 11241100x8000000000000000411717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b7f479fb64a1f12021-12-21 10:43:04.943root 11241100x8000000000000000411718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d2e0ad231f3b0d62021-12-21 10:43:04.943root 11241100x8000000000000000411719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae5aa81144b3eab82021-12-21 10:43:04.943root 11241100x8000000000000000411720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffcbb35b838f37962021-12-21 10:43:04.943root 11241100x8000000000000000411721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eab56cf81e469bf42021-12-21 10:43:04.943root 11241100x8000000000000000411722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa7666ab1f246a72021-12-21 10:43:04.943root 11241100x8000000000000000411723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d7d8b9db416867b2021-12-21 10:43:04.943root 11241100x8000000000000000411724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db6c8d816d285042021-12-21 10:43:04.943root 11241100x8000000000000000411725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53f104a3d1a94c532021-12-21 10:43:04.944root 11241100x8000000000000000411726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56d7360dcce9bac92021-12-21 10:43:04.944root 11241100x8000000000000000411727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a1d067f6212511c2021-12-21 10:43:04.944root 11241100x8000000000000000411728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac6e38060416c8a2021-12-21 10:43:04.944root 11241100x8000000000000000411729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed9a3a6d725004c02021-12-21 10:43:04.944root 11241100x8000000000000000411730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98cba1736b2832fc2021-12-21 10:43:04.945root 11241100x8000000000000000411731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941674559f149e862021-12-21 10:43:04.945root 11241100x8000000000000000411732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eef17011f8cf67f2021-12-21 10:43:04.945root 11241100x8000000000000000411733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd709c980028cd02021-12-21 10:43:04.945root 11241100x8000000000000000411734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d442f1722b971f2021-12-21 10:43:04.945root 11241100x8000000000000000411735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b3d1a6f0dc6f6ce2021-12-21 10:43:04.945root 11241100x8000000000000000411736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a4bdcee127b31942021-12-21 10:43:05.443root 11241100x8000000000000000411737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca789cf98feb2912021-12-21 10:43:05.443root 11241100x8000000000000000411738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1b7da03eed01ab42021-12-21 10:43:05.443root 11241100x8000000000000000411739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e9704301c0a3832021-12-21 10:43:05.443root 11241100x8000000000000000411740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c53611d4d22861842021-12-21 10:43:05.443root 11241100x8000000000000000411741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c98ab694234badb2021-12-21 10:43:05.444root 11241100x8000000000000000411742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef118d43c8dbabd2021-12-21 10:43:05.444root 11241100x8000000000000000411743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f28e0bc2bed5ad12021-12-21 10:43:05.444root 11241100x8000000000000000411744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.094a0dc0adb45be72021-12-21 10:43:05.444root 11241100x8000000000000000411745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4217bb70d332a6a82021-12-21 10:43:05.444root 11241100x8000000000000000411746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.036273fc95027bd42021-12-21 10:43:05.444root 11241100x8000000000000000411747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.942e3a122779a8a72021-12-21 10:43:05.444root 11241100x8000000000000000411748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.399b2864070a4ab32021-12-21 10:43:05.444root 11241100x8000000000000000411749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc285d90d07e3472021-12-21 10:43:05.445root 11241100x8000000000000000411750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b32d04f8f5d4f1b2021-12-21 10:43:05.445root 11241100x8000000000000000411751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ccbfe95f8f58a52021-12-21 10:43:05.445root 11241100x8000000000000000411752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f375f9d1b6f5792021-12-21 10:43:05.445root 11241100x8000000000000000411753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee2cc54b984636062021-12-21 10:43:05.445root 11241100x8000000000000000411754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6caadbb4b2840e9c2021-12-21 10:43:05.445root 11241100x8000000000000000411755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1278c114ab63742d2021-12-21 10:43:05.445root 11241100x8000000000000000411756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.528bbddd7409f3452021-12-21 10:43:05.445root 11241100x8000000000000000411757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c857a4bac6eff3862021-12-21 10:43:05.943root 11241100x8000000000000000411758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bede13d1c92dc1db2021-12-21 10:43:05.943root 11241100x8000000000000000411759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93a8a281d6ec4de72021-12-21 10:43:05.943root 11241100x8000000000000000411760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82a49d5d600b4e2b2021-12-21 10:43:05.943root 11241100x8000000000000000411761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374be02b7ba1f4ec2021-12-21 10:43:05.943root 11241100x8000000000000000411762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e24c39425b1d5e92021-12-21 10:43:05.943root 11241100x8000000000000000411763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a136fe29fe62cfd02021-12-21 10:43:05.943root 11241100x8000000000000000411764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64322803c2ddada12021-12-21 10:43:05.943root 11241100x8000000000000000411765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.886866047eba7f532021-12-21 10:43:05.943root 11241100x8000000000000000411766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4486d6920f5fbd92021-12-21 10:43:05.943root 11241100x8000000000000000411767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.896aad03d6c9e2c12021-12-21 10:43:05.943root 11241100x8000000000000000411768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63feb650cffa7ce32021-12-21 10:43:05.944root 11241100x8000000000000000411769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ebf33d534f7e1052021-12-21 10:43:05.944root 11241100x8000000000000000411770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2517b7e24e42082d2021-12-21 10:43:05.944root 11241100x8000000000000000411771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c080027d1157b12021-12-21 10:43:05.944root 11241100x8000000000000000411772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8456989a985d2292021-12-21 10:43:05.944root 11241100x8000000000000000411773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f4da9effd895a22021-12-21 10:43:05.945root 11241100x8000000000000000411774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.164987d5447853f52021-12-21 10:43:05.945root 11241100x8000000000000000411775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b5b629fdd0319872021-12-21 10:43:05.945root 11241100x8000000000000000411776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0aaf290d38016e92021-12-21 10:43:05.945root 11241100x8000000000000000411777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f847a0896aadb22021-12-21 10:43:05.945root 11241100x8000000000000000411778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:06.343{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 10:43:06.343root 11241100x8000000000000000411779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:06.344{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc2acdf70617be6b2021-12-21 10:43:06.344root 11241100x8000000000000000411780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:06.344{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ee784e2858dc482021-12-21 10:43:06.344root 11241100x8000000000000000411781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:06.344{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39920b2c6fbaca042021-12-21 10:43:06.344root 11241100x8000000000000000411782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:06.344{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.942af5aea1618cff2021-12-21 10:43:06.344root 11241100x8000000000000000411783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:06.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6200ecaed41129392021-12-21 10:43:06.345root 11241100x8000000000000000411784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:06.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e21527da1ada04912021-12-21 10:43:06.345root 11241100x8000000000000000411785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:06.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aec240da561d5fc2021-12-21 10:43:06.345root 11241100x8000000000000000411786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:06.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc91dab958beb5bc2021-12-21 10:43:06.345root 11241100x8000000000000000411787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:06.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9dc5b4f9ab822482021-12-21 10:43:06.345root 11241100x8000000000000000411788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:06.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc3a0ce47b87fbe12021-12-21 10:43:06.345root 11241100x8000000000000000411789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:06.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d0eca15c640c202021-12-21 10:43:06.345root 11241100x8000000000000000411790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:06.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f19784ef3f310192021-12-21 10:43:06.345root 11241100x8000000000000000411791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:06.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bf3b9353ee452fa2021-12-21 10:43:06.345root 11241100x8000000000000000411792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:06.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e214cca27d3dab52021-12-21 10:43:06.345root 11241100x8000000000000000411793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:06.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49242565ab596aac2021-12-21 10:43:06.346root 11241100x8000000000000000411794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:06.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef468a4bd10d4912021-12-21 10:43:06.346root 11241100x8000000000000000411795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:06.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d979095ac2e98722021-12-21 10:43:06.346root 11241100x8000000000000000411796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:06.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e3abe079239cdc12021-12-21 10:43:06.346root 11241100x8000000000000000411797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:06.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0f3729e381c4c932021-12-21 10:43:06.346root 11241100x8000000000000000411798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:06.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db4a77ade4caad92021-12-21 10:43:06.346root 11241100x8000000000000000411799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:06.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26872b40be55d9942021-12-21 10:43:06.346root 11241100x8000000000000000411800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:06.347{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec55487d4e1f5a1c2021-12-21 10:43:06.347root 11241100x8000000000000000411801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:06.347{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.960dd96cd72923e62021-12-21 10:43:06.347root 11241100x8000000000000000411802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:06.347{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.676bfd6db1119c2b2021-12-21 10:43:06.347root 11241100x8000000000000000411803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:06.347{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d70cb152f7e9a6392021-12-21 10:43:06.347root 11241100x8000000000000000411804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:06.347{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e2c49d39a6de992021-12-21 10:43:06.347root 11241100x8000000000000000411805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:06.347{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50daf80737fa41fa2021-12-21 10:43:06.347root 11241100x8000000000000000411806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9796a8b4926f048b2021-12-21 10:43:06.693root 11241100x8000000000000000411807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93d32a5bc4a41ed92021-12-21 10:43:06.693root 11241100x8000000000000000411808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ddb4d5a71b7bf1e2021-12-21 10:43:06.693root 11241100x8000000000000000411809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99e2eb101752aa22021-12-21 10:43:06.693root 11241100x8000000000000000411810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4370201a52a5b7c12021-12-21 10:43:06.693root 11241100x8000000000000000411811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86e0dac6bb4c7d7f2021-12-21 10:43:06.693root 11241100x8000000000000000411812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8fc00c57513fc382021-12-21 10:43:06.693root 11241100x8000000000000000411813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.357c00c88a07415b2021-12-21 10:43:06.694root 11241100x8000000000000000411814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad2358be8d6963d2021-12-21 10:43:06.694root 11241100x8000000000000000411815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da7092899c35da022021-12-21 10:43:06.694root 11241100x8000000000000000411816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc97cc5d3d032492021-12-21 10:43:06.694root 11241100x8000000000000000411817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e55371cad5cd21792021-12-21 10:43:06.694root 11241100x8000000000000000411818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a70ab9f7b7f6a8b42021-12-21 10:43:06.694root 11241100x8000000000000000411819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5ff4a887beb9822021-12-21 10:43:06.695root 11241100x8000000000000000411820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a64bbd4cb685a782021-12-21 10:43:06.695root 11241100x8000000000000000411821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e49bf6925a315ff32021-12-21 10:43:06.695root 11241100x8000000000000000411822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d11658372c20ddd2021-12-21 10:43:06.695root 11241100x8000000000000000411823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb90e5acc033a4db2021-12-21 10:43:06.695root 11241100x8000000000000000411824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0106eefb48be64962021-12-21 10:43:06.695root 11241100x8000000000000000411825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deafefc4d4b01fbf2021-12-21 10:43:06.695root 11241100x8000000000000000411826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee5e39bfd957d8a2021-12-21 10:43:06.695root 11241100x8000000000000000411827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56ac0a30ef0f83d92021-12-21 10:43:06.695root 11241100x8000000000000000411828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c30659db89602fef2021-12-21 10:43:07.193root 11241100x8000000000000000411829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c7587eb15cb93362021-12-21 10:43:07.194root 11241100x8000000000000000411830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cdd5645f0ad7e7d2021-12-21 10:43:07.194root 11241100x8000000000000000411831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9951f9ff2ded63082021-12-21 10:43:07.194root 11241100x8000000000000000411832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.423c1c42a60b60ed2021-12-21 10:43:07.194root 11241100x8000000000000000411833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee4bdbebcfb5b6cc2021-12-21 10:43:07.194root 11241100x8000000000000000411834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceab22e19aa6e2742021-12-21 10:43:07.194root 11241100x8000000000000000411835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b11e183453f242a02021-12-21 10:43:07.195root 11241100x8000000000000000411836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.150970658b2642702021-12-21 10:43:07.195root 11241100x8000000000000000411837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d63cbe5e322885312021-12-21 10:43:07.195root 11241100x8000000000000000411838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5caa1b570f2b1a502021-12-21 10:43:07.195root 11241100x8000000000000000411839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e02be786b7eaed02021-12-21 10:43:07.195root 11241100x8000000000000000411840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f9f1bcdee3866e62021-12-21 10:43:07.195root 11241100x8000000000000000411841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b390a2b20b297a2021-12-21 10:43:07.195root 11241100x8000000000000000411842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f6772ef62b23ee62021-12-21 10:43:07.195root 11241100x8000000000000000411843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c3798ba567150e2021-12-21 10:43:07.195root 11241100x8000000000000000411844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbbfc35b224887b52021-12-21 10:43:07.195root 11241100x8000000000000000411845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.716cf5589b00c2782021-12-21 10:43:07.195root 11241100x8000000000000000411846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f4843fb34fcd0672021-12-21 10:43:07.195root 11241100x8000000000000000411847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78caa8e7308667d32021-12-21 10:43:07.195root 11241100x8000000000000000411848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12002c683d33cfd2021-12-21 10:43:07.195root 11241100x8000000000000000411849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.612f22dd5f1543372021-12-21 10:43:07.196root 11241100x8000000000000000411850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab540e043175b0c02021-12-21 10:43:07.693root 11241100x8000000000000000411851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d59c29a9e08e3c2021-12-21 10:43:07.693root 11241100x8000000000000000411852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c69d48d0988f56092021-12-21 10:43:07.693root 11241100x8000000000000000411853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39a5121261072f612021-12-21 10:43:07.693root 11241100x8000000000000000411854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290e0f5b0f52a56d2021-12-21 10:43:07.694root 11241100x8000000000000000411855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d9d7e06c5a00072021-12-21 10:43:07.694root 11241100x8000000000000000411856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac54dac1b3d874502021-12-21 10:43:07.694root 11241100x8000000000000000411857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe5f43fac45feea2021-12-21 10:43:07.694root 11241100x8000000000000000411858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a84d645673eee8312021-12-21 10:43:07.694root 11241100x8000000000000000411859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.727290a072459e2c2021-12-21 10:43:07.694root 11241100x8000000000000000411860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.624a353d85dff1912021-12-21 10:43:07.694root 11241100x8000000000000000411861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.589376e61d9168f02021-12-21 10:43:07.694root 11241100x8000000000000000411862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.249b351e91cf9f912021-12-21 10:43:07.694root 11241100x8000000000000000411863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd1d792a261b5672021-12-21 10:43:07.694root 11241100x8000000000000000411864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8664df29421593952021-12-21 10:43:07.694root 11241100x8000000000000000411865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b80407930309bdc62021-12-21 10:43:07.694root 11241100x8000000000000000411866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e72da63a6ec8bc12021-12-21 10:43:07.694root 11241100x8000000000000000411867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b565d9f34e4d97652021-12-21 10:43:07.694root 11241100x8000000000000000411868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b92583074393e8272021-12-21 10:43:07.694root 11241100x8000000000000000411869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed4e8f58932d6d52021-12-21 10:43:07.694root 11241100x8000000000000000411870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d88f371a8af954c22021-12-21 10:43:07.695root 11241100x8000000000000000411871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6756fbfab0e6415c2021-12-21 10:43:07.695root 354300x8000000000000000411872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.080{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47500-false10.0.1.12-8000- 11241100x8000000000000000411873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53eae1ac18d3f1db2021-12-21 10:43:08.081root 11241100x8000000000000000411874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75060fe5e706fedf2021-12-21 10:43:08.082root 11241100x8000000000000000411875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b035a92b4408282021-12-21 10:43:08.082root 11241100x8000000000000000411876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.313bd5d7a2f0766e2021-12-21 10:43:08.082root 11241100x8000000000000000411877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c593be67c38126372021-12-21 10:43:08.082root 11241100x8000000000000000411878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd23a82305b32b42021-12-21 10:43:08.082root 11241100x8000000000000000411879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69479f7209ae8efd2021-12-21 10:43:08.082root 11241100x8000000000000000411880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a89bccd2473d3ee2021-12-21 10:43:08.082root 11241100x8000000000000000411881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e00bc57a36860842021-12-21 10:43:08.082root 11241100x8000000000000000411882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2532f8613a9d17e42021-12-21 10:43:08.082root 11241100x8000000000000000411883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faa0a3b0ffac2ab32021-12-21 10:43:08.082root 11241100x8000000000000000411884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99878bb36a89452c2021-12-21 10:43:08.082root 11241100x8000000000000000411885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deeedc99f1ee3e8c2021-12-21 10:43:08.083root 11241100x8000000000000000411886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0606f106667284f72021-12-21 10:43:08.083root 11241100x8000000000000000411887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b0e1b7a4ceac3e62021-12-21 10:43:08.083root 11241100x8000000000000000411888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96e7bb3e0a6b71b2021-12-21 10:43:08.083root 11241100x8000000000000000411889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0da88f820d1b7832021-12-21 10:43:08.083root 11241100x8000000000000000411890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a964c1744adf371b2021-12-21 10:43:08.083root 11241100x8000000000000000411891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a06fc6ef06959e2021-12-21 10:43:08.083root 11241100x8000000000000000411892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61587a4a5dfada372021-12-21 10:43:08.083root 11241100x8000000000000000411893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b95c21f65ea988e2021-12-21 10:43:08.083root 11241100x8000000000000000411894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be0b36a5cb2b5c9c2021-12-21 10:43:08.083root 11241100x8000000000000000411895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46ec6f0c98f688c92021-12-21 10:43:08.083root 11241100x8000000000000000411896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b95c95601198855a2021-12-21 10:43:08.084root 11241100x8000000000000000411897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b95db0421908d8d32021-12-21 10:43:08.084root 11241100x8000000000000000411898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e782e98e6eedbc2021-12-21 10:43:08.443root 11241100x8000000000000000411899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b557a7af1d834652021-12-21 10:43:08.443root 11241100x8000000000000000411900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2195dd26e69e1222021-12-21 10:43:08.443root 11241100x8000000000000000411901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23bb257993f624b02021-12-21 10:43:08.443root 11241100x8000000000000000411902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd61c0b08eb8b8e62021-12-21 10:43:08.444root 11241100x8000000000000000411903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b395cb11dc9f5602021-12-21 10:43:08.444root 11241100x8000000000000000411904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ca185607ae57be92021-12-21 10:43:08.444root 11241100x8000000000000000411905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c51d0c580906bb8f2021-12-21 10:43:08.444root 11241100x8000000000000000411906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e1809737c3b5e12021-12-21 10:43:08.444root 11241100x8000000000000000411907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.236bc3d3a09872fc2021-12-21 10:43:08.444root 11241100x8000000000000000411908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be564ac656c23b7d2021-12-21 10:43:08.444root 11241100x8000000000000000411909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89fa983c71db17152021-12-21 10:43:08.444root 11241100x8000000000000000411910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e56862d910a858c2021-12-21 10:43:08.444root 11241100x8000000000000000411911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8095b8181f438502021-12-21 10:43:08.444root 11241100x8000000000000000411912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.449c0a54c52c2f9d2021-12-21 10:43:08.444root 11241100x8000000000000000411913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df5f19d280aa3b872021-12-21 10:43:08.445root 11241100x8000000000000000411914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b64baee8c61771912021-12-21 10:43:08.445root 11241100x8000000000000000411915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0c120963f1babbc2021-12-21 10:43:08.445root 11241100x8000000000000000411916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9358a95b53d37512021-12-21 10:43:08.445root 11241100x8000000000000000411917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.836b8d3340466a112021-12-21 10:43:08.445root 11241100x8000000000000000411918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1adec233d540fb122021-12-21 10:43:08.445root 11241100x8000000000000000411919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.112a2f7edf650ba02021-12-21 10:43:08.445root 11241100x8000000000000000411920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a472ab1364185d2021-12-21 10:43:08.445root 11241100x8000000000000000411921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b2d1fe377dac2242021-12-21 10:43:08.943root 11241100x8000000000000000411922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a904f93c8af3cfbb2021-12-21 10:43:08.943root 11241100x8000000000000000411923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7438d745c5ca8d12021-12-21 10:43:08.943root 11241100x8000000000000000411924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9da0de7736a1d5872021-12-21 10:43:08.943root 11241100x8000000000000000411925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c748fd8f3e96edad2021-12-21 10:43:08.944root 11241100x8000000000000000411926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8abec43bde0faa602021-12-21 10:43:08.944root 11241100x8000000000000000411927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c772227d9f3c5ec62021-12-21 10:43:08.944root 11241100x8000000000000000411928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bda0a72ed8d7fd302021-12-21 10:43:08.944root 11241100x8000000000000000411929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5888fb43c5c3570b2021-12-21 10:43:08.944root 11241100x8000000000000000411930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e70b8399e36c3fc32021-12-21 10:43:08.944root 11241100x8000000000000000411931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00503874e74ad70f2021-12-21 10:43:08.944root 11241100x8000000000000000411932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b503ba75be5bae52021-12-21 10:43:08.944root 11241100x8000000000000000411933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86975c06771b68382021-12-21 10:43:08.944root 11241100x8000000000000000411934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c6fcaa5330e487f2021-12-21 10:43:08.945root 11241100x8000000000000000411935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab3fbf2bc1630ca2021-12-21 10:43:08.945root 11241100x8000000000000000411936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7229db53a880f3282021-12-21 10:43:08.945root 11241100x8000000000000000411937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b9fd4d770741bb22021-12-21 10:43:08.945root 11241100x8000000000000000411938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccddfff314e123eb2021-12-21 10:43:08.945root 11241100x8000000000000000411939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cf8125735477c0e2021-12-21 10:43:08.945root 11241100x8000000000000000411940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8938fa524625d9d2021-12-21 10:43:08.945root 11241100x8000000000000000411941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ece218263534f512021-12-21 10:43:08.945root 11241100x8000000000000000411942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95e3873ee0a48a0c2021-12-21 10:43:08.946root 11241100x8000000000000000411943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:08.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f9fe72efd677b4a2021-12-21 10:43:08.946root 23542300x8000000000000000411944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.196{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000411945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.488fc3b079d99cff2021-12-21 10:43:09.197root 11241100x8000000000000000411946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c59d32e203f4c02021-12-21 10:43:09.197root 11241100x8000000000000000411947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11af08a3ff24a53c2021-12-21 10:43:09.197root 11241100x8000000000000000411948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b151edf34014ea0a2021-12-21 10:43:09.197root 11241100x8000000000000000411949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7042aabea82683ea2021-12-21 10:43:09.197root 11241100x8000000000000000411950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.413348493c11990c2021-12-21 10:43:09.197root 11241100x8000000000000000411951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba4bc2b36698dcba2021-12-21 10:43:09.197root 11241100x8000000000000000411952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be7de1961268b042021-12-21 10:43:09.198root 11241100x8000000000000000411953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf414a69b3898c0a2021-12-21 10:43:09.198root 11241100x8000000000000000411954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a48f44ddc9162d442021-12-21 10:43:09.198root 11241100x8000000000000000411955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.495f5f7b3b7496732021-12-21 10:43:09.198root 11241100x8000000000000000411956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e18ab5127dce4d2021-12-21 10:43:09.198root 11241100x8000000000000000411957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae73d86b14a2378e2021-12-21 10:43:09.198root 11241100x8000000000000000411958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f704aa772a17192021-12-21 10:43:09.199root 11241100x8000000000000000411959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.347887871460cd432021-12-21 10:43:09.199root 11241100x8000000000000000411960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c5e6857bab3ffd2021-12-21 10:43:09.199root 11241100x8000000000000000411961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c858fba8d811d62021-12-21 10:43:09.200root 11241100x8000000000000000411962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e70e203678e309b2021-12-21 10:43:09.200root 11241100x8000000000000000411963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdaa6dca3de45c762021-12-21 10:43:09.200root 11241100x8000000000000000411964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.811a78a4ecbe0fdc2021-12-21 10:43:09.200root 11241100x8000000000000000411965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d891ac3de25fd6a2021-12-21 10:43:09.200root 11241100x8000000000000000411966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d0f5cd142cc3572021-12-21 10:43:09.200root 11241100x8000000000000000411967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b1fef80c678add2021-12-21 10:43:09.200root 11241100x8000000000000000411968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab0ec81b6af86522021-12-21 10:43:09.201root 11241100x8000000000000000411969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1718caf037d708a2021-12-21 10:43:09.201root 11241100x8000000000000000411970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33c33d7a217f6d3e2021-12-21 10:43:09.201root 11241100x8000000000000000411971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23751b35e3924fbe2021-12-21 10:43:09.201root 11241100x8000000000000000411972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ccf00aec743ee42021-12-21 10:43:09.201root 11241100x8000000000000000411973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e056384feb2d2d492021-12-21 10:43:09.201root 11241100x8000000000000000411974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0753166d584e72272021-12-21 10:43:09.201root 11241100x8000000000000000411975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d06fbf25148a3b32021-12-21 10:43:09.202root 11241100x8000000000000000411976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cfd16218f6c35b22021-12-21 10:43:09.202root 11241100x8000000000000000411977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f277f178319b952021-12-21 10:43:09.202root 11241100x8000000000000000411978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.612aea9769475e8f2021-12-21 10:43:09.202root 11241100x8000000000000000411979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ec99f096df5e4e2021-12-21 10:43:09.202root 11241100x8000000000000000411980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7cb9734f8660a702021-12-21 10:43:09.202root 11241100x8000000000000000411981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d0d1789571168a2021-12-21 10:43:09.693root 11241100x8000000000000000411982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43330d7be8de01492021-12-21 10:43:09.693root 11241100x8000000000000000411983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67aff66f8601bbbf2021-12-21 10:43:09.694root 11241100x8000000000000000411984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d378244d545ead542021-12-21 10:43:09.694root 11241100x8000000000000000411985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.041c4446f410b04f2021-12-21 10:43:09.694root 11241100x8000000000000000411986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e831cfa8997fc7532021-12-21 10:43:09.694root 11241100x8000000000000000411987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f51bb0d4998ad5f92021-12-21 10:43:09.694root 11241100x8000000000000000411988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3cb3db21be4a2c02021-12-21 10:43:09.694root 11241100x8000000000000000411989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e717fba3bd53c5fb2021-12-21 10:43:09.695root 11241100x8000000000000000411990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc918801873cdcf22021-12-21 10:43:09.695root 11241100x8000000000000000411991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc7ed6cb19c4134b2021-12-21 10:43:09.695root 11241100x8000000000000000411992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af857a03ff2c3a772021-12-21 10:43:09.695root 11241100x8000000000000000411993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b7047a9ed9f7ae2021-12-21 10:43:09.695root 11241100x8000000000000000411994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60bcd60d08736bd12021-12-21 10:43:09.695root 11241100x8000000000000000411995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e262f3a6054f625e2021-12-21 10:43:09.695root 11241100x8000000000000000411996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a31d9c872086cd22021-12-21 10:43:09.695root 11241100x8000000000000000411997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0949fda902b6fdeb2021-12-21 10:43:09.695root 11241100x8000000000000000411998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33223cc9949f95a82021-12-21 10:43:09.695root 11241100x8000000000000000411999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0858049660ae05542021-12-21 10:43:09.695root 11241100x8000000000000000412000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6a15b679bfeaef72021-12-21 10:43:09.695root 11241100x8000000000000000412001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a7aae3a2d9ca04e2021-12-21 10:43:09.695root 11241100x8000000000000000412002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13b1aac000abdce22021-12-21 10:43:09.695root 11241100x8000000000000000412003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c71f1bd7e307aa2a2021-12-21 10:43:09.696root 11241100x8000000000000000412004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c60817e833a052bd2021-12-21 10:43:09.696root 11241100x8000000000000000412005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d6c0d4afa8c1522021-12-21 10:43:10.193root 11241100x8000000000000000412006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54dff398f87e3c7d2021-12-21 10:43:10.193root 11241100x8000000000000000412007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.760fc6c0bf6f5c7a2021-12-21 10:43:10.194root 11241100x8000000000000000412008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab4a11f87c35e8942021-12-21 10:43:10.194root 11241100x8000000000000000412009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6115bb8554bc7012021-12-21 10:43:10.194root 11241100x8000000000000000412010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf16db0c83bfe9a22021-12-21 10:43:10.194root 11241100x8000000000000000412011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e530879fe1a638d2021-12-21 10:43:10.194root 11241100x8000000000000000412012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8859db3becb0d6542021-12-21 10:43:10.194root 11241100x8000000000000000412013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d03ed069ad94e77a2021-12-21 10:43:10.194root 11241100x8000000000000000412014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.547112723c9a4ecf2021-12-21 10:43:10.194root 11241100x8000000000000000412015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03fa46a8ba4643082021-12-21 10:43:10.194root 11241100x8000000000000000412016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.067e73df502518182021-12-21 10:43:10.194root 11241100x8000000000000000412017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37958562f0e157202021-12-21 10:43:10.195root 11241100x8000000000000000412018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7a5a97eaeb8dfd92021-12-21 10:43:10.195root 11241100x8000000000000000412019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddcb26b3254bb9362021-12-21 10:43:10.195root 11241100x8000000000000000412020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de3990a23bff2262021-12-21 10:43:10.195root 11241100x8000000000000000412021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f6f553fd1262b12021-12-21 10:43:10.195root 11241100x8000000000000000412022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e757110c864e4aa2021-12-21 10:43:10.195root 11241100x8000000000000000412023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.208212a22e9a13452021-12-21 10:43:10.195root 11241100x8000000000000000412024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a5773f7ab3af98e2021-12-21 10:43:10.195root 11241100x8000000000000000412025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0469ab90822d91d12021-12-21 10:43:10.195root 11241100x8000000000000000412026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd0828c92d41af12021-12-21 10:43:10.196root 11241100x8000000000000000412027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b6b7308c61dfbf82021-12-21 10:43:10.196root 11241100x8000000000000000412028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.019006f73033c67a2021-12-21 10:43:10.196root 11241100x8000000000000000412029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7314ade28bc13e1b2021-12-21 10:43:10.693root 11241100x8000000000000000412030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec26d640263fe6362021-12-21 10:43:10.693root 11241100x8000000000000000412031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e6b2806d16a39f92021-12-21 10:43:10.693root 11241100x8000000000000000412032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8086d35969717492021-12-21 10:43:10.693root 11241100x8000000000000000412033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed30502c5a6abea2021-12-21 10:43:10.693root 11241100x8000000000000000412034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dfd48d34e4e76512021-12-21 10:43:10.693root 11241100x8000000000000000412035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf76146b921ee7c22021-12-21 10:43:10.694root 11241100x8000000000000000412036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7ea13e978a4e2372021-12-21 10:43:10.694root 11241100x8000000000000000412037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2cb0ae139b3c6342021-12-21 10:43:10.694root 11241100x8000000000000000412038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b7397f833e67bd72021-12-21 10:43:10.694root 11241100x8000000000000000412039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e78e907613c170a2021-12-21 10:43:10.694root 11241100x8000000000000000412040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e53126b52150f5e62021-12-21 10:43:10.694root 11241100x8000000000000000412041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df5c6a505da39ee2021-12-21 10:43:10.694root 11241100x8000000000000000412042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e58ac678a56b762021-12-21 10:43:10.694root 11241100x8000000000000000412043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aba9965097db3532021-12-21 10:43:10.694root 11241100x8000000000000000412044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a16448e72f29b9152021-12-21 10:43:10.694root 11241100x8000000000000000412045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd85a516e7b88f5d2021-12-21 10:43:10.695root 11241100x8000000000000000412046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f16040e19c5eafa2021-12-21 10:43:10.695root 11241100x8000000000000000412047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e988bcc134ca552021-12-21 10:43:10.695root 11241100x8000000000000000412048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7aeed5583f01a162021-12-21 10:43:10.695root 11241100x8000000000000000412049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f83de4a46b217132021-12-21 10:43:10.695root 11241100x8000000000000000412050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2166d7b1c0319522021-12-21 10:43:10.695root 11241100x8000000000000000412051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffb34b82628ca25a2021-12-21 10:43:10.695root 11241100x8000000000000000412052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6059656b52e3a3e02021-12-21 10:43:10.695root 11241100x8000000000000000412053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df89c058b308da082021-12-21 10:43:10.695root 11241100x8000000000000000412054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:11.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c59dad51b4095f22021-12-21 10:43:11.192root 11241100x8000000000000000412055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65729a279a04ff5a2021-12-21 10:43:11.193root 11241100x8000000000000000412056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3af673263436c8c2021-12-21 10:43:11.193root 11241100x8000000000000000412057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c656c63b7c6b322021-12-21 10:43:11.193root 11241100x8000000000000000412058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1bcda855cab8a122021-12-21 10:43:11.193root 11241100x8000000000000000412059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e463fa05133a3d9e2021-12-21 10:43:11.193root 11241100x8000000000000000412060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74598b933276bfda2021-12-21 10:43:11.193root 11241100x8000000000000000412061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09633878f23d1e3c2021-12-21 10:43:11.194root 11241100x8000000000000000412062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40d9cd906d17dc372021-12-21 10:43:11.194root 11241100x8000000000000000412063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a1ae1671b2665072021-12-21 10:43:11.194root 11241100x8000000000000000412064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bcf7f8be1a8af452021-12-21 10:43:11.194root 11241100x8000000000000000412065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e15dde5d8510f63e2021-12-21 10:43:11.195root 11241100x8000000000000000412066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e595c9289e6b76b82021-12-21 10:43:11.195root 11241100x8000000000000000412067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a44ae5e93b7c57362021-12-21 10:43:11.195root 11241100x8000000000000000412068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02da10269313adc72021-12-21 10:43:11.195root 11241100x8000000000000000412069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:11.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c92c4d77387a2afd2021-12-21 10:43:11.196root 11241100x8000000000000000412070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:11.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a440cbb3bdef9d2021-12-21 10:43:11.196root 11241100x8000000000000000412071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:11.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eac2bc6b662bbce2021-12-21 10:43:11.196root 11241100x8000000000000000412072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:11.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae0ec1ed219e2e22021-12-21 10:43:11.196root 11241100x8000000000000000412073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:11.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ff5921be9da2fa2021-12-21 10:43:11.196root 11241100x8000000000000000412074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:11.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64b4c6b34d811d802021-12-21 10:43:11.197root 11241100x8000000000000000412075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:11.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38b6818f6097bf2b2021-12-21 10:43:11.197root 11241100x8000000000000000412076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:11.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d124e1a7ae1c2262021-12-21 10:43:11.197root 11241100x8000000000000000412077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:11.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba771b885dfa6a132021-12-21 10:43:11.197root 11241100x8000000000000000412078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:11.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc2392df488cbca2021-12-21 10:43:11.197root 11241100x8000000000000000412079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:11.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe1e253d988ec262021-12-21 10:43:11.197root 11241100x8000000000000000412080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:11.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48be8159f336522d2021-12-21 10:43:11.197root 11241100x8000000000000000412081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:11.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953394f8b0c51eaa2021-12-21 10:43:11.197root 11241100x8000000000000000412082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bbc4618c299ebf52021-12-21 10:43:11.693root 11241100x8000000000000000412083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500948d39c1661712021-12-21 10:43:11.693root 11241100x8000000000000000412084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c299658c63d7df5a2021-12-21 10:43:11.693root 11241100x8000000000000000412085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e758bdf5420e7d2021-12-21 10:43:11.693root 11241100x8000000000000000412086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.904a8e6a7a4709e82021-12-21 10:43:11.694root 11241100x8000000000000000412087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52318ce2d422a8dd2021-12-21 10:43:11.694root 11241100x8000000000000000412088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99570c9b73c76cf62021-12-21 10:43:11.694root 11241100x8000000000000000412089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c723963852cfa4e2021-12-21 10:43:11.694root 11241100x8000000000000000412090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d148285857a546d62021-12-21 10:43:11.694root 11241100x8000000000000000412091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da3ae3bacf8d0dbd2021-12-21 10:43:11.694root 11241100x8000000000000000412092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7365a63f01ea647d2021-12-21 10:43:11.694root 11241100x8000000000000000412093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc5a6dd754ba1c12021-12-21 10:43:11.694root 11241100x8000000000000000412094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4691cf403adb5ad72021-12-21 10:43:11.694root 11241100x8000000000000000412095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.584e255a87b4af1d2021-12-21 10:43:11.694root 11241100x8000000000000000412096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8bb87d8af8bd3252021-12-21 10:43:11.695root 11241100x8000000000000000412097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.329d4f7ff63b39dd2021-12-21 10:43:11.695root 11241100x8000000000000000412098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63984f728e7ced0d2021-12-21 10:43:11.695root 11241100x8000000000000000412099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99192f914e21dfab2021-12-21 10:43:11.695root 11241100x8000000000000000412100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2010daa16ce6915c2021-12-21 10:43:11.695root 11241100x8000000000000000412101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43862664fe8080c12021-12-21 10:43:11.695root 11241100x8000000000000000412102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adec15dee22c51682021-12-21 10:43:11.695root 11241100x8000000000000000412103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b25eb0333ad5b1b2021-12-21 10:43:11.695root 11241100x8000000000000000412104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2868f307df9d6922021-12-21 10:43:11.695root 11241100x8000000000000000412105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a41d7105989fc522021-12-21 10:43:11.695root 11241100x8000000000000000412106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd4837c9188ca93a2021-12-21 10:43:12.193root 11241100x8000000000000000412107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718a3f0e0e85e4e62021-12-21 10:43:12.193root 11241100x8000000000000000412108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.605ee9da16ed4c772021-12-21 10:43:12.193root 11241100x8000000000000000412109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f589ccd627646f2021-12-21 10:43:12.193root 11241100x8000000000000000412110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e90f2c2a1c8b40212021-12-21 10:43:12.193root 11241100x8000000000000000412111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff8b601dd99e62582021-12-21 10:43:12.193root 11241100x8000000000000000412112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc8db7ed55e7169d2021-12-21 10:43:12.194root 11241100x8000000000000000412113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40bb64181154fb062021-12-21 10:43:12.194root 11241100x8000000000000000412114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e43ac4e5b3abd02021-12-21 10:43:12.194root 11241100x8000000000000000412115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fc63694b05a5a6d2021-12-21 10:43:12.194root 11241100x8000000000000000412116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15427f11cf50d6b02021-12-21 10:43:12.194root 11241100x8000000000000000412117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abcab7605de47dc62021-12-21 10:43:12.194root 11241100x8000000000000000412118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b43f20d47c4b4bf2021-12-21 10:43:12.194root 11241100x8000000000000000412119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0735b0c445d00492021-12-21 10:43:12.194root 11241100x8000000000000000412120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ddb7bb76f8551d2021-12-21 10:43:12.194root 11241100x8000000000000000412121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.057ae6e39b4a78fd2021-12-21 10:43:12.194root 11241100x8000000000000000412122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f4d4698df48d942021-12-21 10:43:12.194root 11241100x8000000000000000412123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb746f9070bfdeb22021-12-21 10:43:12.195root 11241100x8000000000000000412124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.186db895ca8570892021-12-21 10:43:12.195root 11241100x8000000000000000412125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bfe4bbab993e7842021-12-21 10:43:12.195root 11241100x8000000000000000412126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4bf800e6119e9442021-12-21 10:43:12.195root 11241100x8000000000000000412127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da5595fd3028db422021-12-21 10:43:12.195root 11241100x8000000000000000412128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6453b740ad1d24052021-12-21 10:43:12.195root 11241100x8000000000000000412129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1210b9220ca74cda2021-12-21 10:43:12.195root 11241100x8000000000000000412130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e79b3a2bd91dd9102021-12-21 10:43:12.195root 11241100x8000000000000000412131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eae547af7fc87f42021-12-21 10:43:12.195root 11241100x8000000000000000412132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf352c78571486f2021-12-21 10:43:12.195root 11241100x8000000000000000412133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaeb02e195c837552021-12-21 10:43:12.195root 11241100x8000000000000000412134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2ab1696571c6fec2021-12-21 10:43:12.693root 11241100x8000000000000000412135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18daf83c05f86b2b2021-12-21 10:43:12.693root 11241100x8000000000000000412136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56cd0a805ee07b8d2021-12-21 10:43:12.693root 11241100x8000000000000000412137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e0a30a209c9a73b2021-12-21 10:43:12.693root 11241100x8000000000000000412138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.038e73f1df5f43da2021-12-21 10:43:12.694root 11241100x8000000000000000412139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c9318df25762e652021-12-21 10:43:12.694root 11241100x8000000000000000412140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5034c01683974f4d2021-12-21 10:43:12.694root 11241100x8000000000000000412141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e4d511d7fec35e72021-12-21 10:43:12.694root 11241100x8000000000000000412142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee3ea84ac9408ce92021-12-21 10:43:12.694root 11241100x8000000000000000412143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a909de1b326a692021-12-21 10:43:12.694root 11241100x8000000000000000412144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcb43bcc53be00922021-12-21 10:43:12.694root 11241100x8000000000000000412145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2b319309f12fcec2021-12-21 10:43:12.694root 11241100x8000000000000000412146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18cee0904e2b8f22021-12-21 10:43:12.694root 11241100x8000000000000000412147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c200988b068af8682021-12-21 10:43:12.694root 11241100x8000000000000000412148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c186f7049f7ba472021-12-21 10:43:12.694root 11241100x8000000000000000412149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adf0def6e4750ee92021-12-21 10:43:12.694root 11241100x8000000000000000412150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ccb5cd54b0db0672021-12-21 10:43:12.694root 11241100x8000000000000000412151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5117eb7410cc40e2021-12-21 10:43:12.694root 11241100x8000000000000000412152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeca6f86c284868b2021-12-21 10:43:12.694root 11241100x8000000000000000412153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa0883f4eb9de2692021-12-21 10:43:12.695root 11241100x8000000000000000412154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e71477c98071e4892021-12-21 10:43:12.695root 11241100x8000000000000000412155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651d63b9acb905fc2021-12-21 10:43:12.695root 11241100x8000000000000000412156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.618783cb00256d032021-12-21 10:43:12.695root 11241100x8000000000000000412157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7602ebcad3c016a82021-12-21 10:43:12.695root 354300x8000000000000000412158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.166{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47502-false10.0.1.12-8000- 11241100x8000000000000000412159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.167{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2dbb220e7a2b32e2021-12-21 10:43:13.167root 11241100x8000000000000000412160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.167{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac8bbef06a4bb2fb2021-12-21 10:43:13.167root 11241100x8000000000000000412161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.168{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c043771b52b7b1062021-12-21 10:43:13.168root 11241100x8000000000000000412162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.168{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f40cf626910d4b22021-12-21 10:43:13.168root 11241100x8000000000000000412163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.168{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b9c5efbdfe05862021-12-21 10:43:13.168root 11241100x8000000000000000412164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.168{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4acdada473800872021-12-21 10:43:13.168root 11241100x8000000000000000412165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.169{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242138cd52938c172021-12-21 10:43:13.169root 11241100x8000000000000000412166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.169{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.952f1da44a598ca62021-12-21 10:43:13.169root 11241100x8000000000000000412167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.169{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c840db8797c85c2021-12-21 10:43:13.169root 11241100x8000000000000000412168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.169{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa4f3b4b3e17eb5f2021-12-21 10:43:13.169root 11241100x8000000000000000412169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.169{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff07628fb3eff1ee2021-12-21 10:43:13.169root 11241100x8000000000000000412170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.169{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed6041247d57cb3e2021-12-21 10:43:13.169root 11241100x8000000000000000412171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.169{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d874a532b8cc102021-12-21 10:43:13.169root 11241100x8000000000000000412172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.169{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7abc4631bbe9f33a2021-12-21 10:43:13.169root 11241100x8000000000000000412173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.169{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c33722159b7b8ab92021-12-21 10:43:13.169root 11241100x8000000000000000412174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.170{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ecdccebb1c7c362021-12-21 10:43:13.170root 11241100x8000000000000000412175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.170{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed57a0e6167f34af2021-12-21 10:43:13.170root 11241100x8000000000000000412176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.170{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62f20a2c5f6928cd2021-12-21 10:43:13.170root 11241100x8000000000000000412177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.170{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d74e2e8d894e2f7c2021-12-21 10:43:13.170root 11241100x8000000000000000412178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.170{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a92fd5b5a4b8fd22021-12-21 10:43:13.170root 11241100x8000000000000000412179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.170{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55bde121a134360a2021-12-21 10:43:13.170root 11241100x8000000000000000412180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.170{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01f3ef4d3a3a491a2021-12-21 10:43:13.170root 11241100x8000000000000000412181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.170{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c88204489f061d2021-12-21 10:43:13.170root 11241100x8000000000000000412182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.170{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f445333a6cb2c2622021-12-21 10:43:13.170root 11241100x8000000000000000412183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.170{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daf7c0feaa8be03e2021-12-21 10:43:13.170root 11241100x8000000000000000412184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.170{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b38726fe4338d9262021-12-21 10:43:13.170root 11241100x8000000000000000412185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.170{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ccc029fe02ac07d2021-12-21 10:43:13.170root 11241100x8000000000000000412186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.171{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb75cb57b747d7f2021-12-21 10:43:13.171root 11241100x8000000000000000412187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.171{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c305f0251a71b142021-12-21 10:43:13.171root 11241100x8000000000000000412188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.171{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ffe3959a5c162f22021-12-21 10:43:13.171root 11241100x8000000000000000412189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.171{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbffb2bb4d593b3c2021-12-21 10:43:13.171root 11241100x8000000000000000412190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b3a3b7d73bb7fe2021-12-21 10:43:13.443root 11241100x8000000000000000412191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b47d4ad20fcc522021-12-21 10:43:13.443root 11241100x8000000000000000412192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e34857d57ba738472021-12-21 10:43:13.443root 11241100x8000000000000000412193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4730dc41255ea8cc2021-12-21 10:43:13.444root 11241100x8000000000000000412194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc0e9dc8484b12132021-12-21 10:43:13.444root 11241100x8000000000000000412195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.769625459b7e69282021-12-21 10:43:13.444root 11241100x8000000000000000412196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e515fc52aab820a82021-12-21 10:43:13.444root 11241100x8000000000000000412197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4cddf5d98758aab2021-12-21 10:43:13.444root 11241100x8000000000000000412198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e022334dae5231292021-12-21 10:43:13.444root 11241100x8000000000000000412199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d0902d4c0d38b22021-12-21 10:43:13.444root 11241100x8000000000000000412200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f557b945fdd0d682021-12-21 10:43:13.444root 11241100x8000000000000000412201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d5d03e3722a393e2021-12-21 10:43:13.445root 11241100x8000000000000000412202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb50da4d340b3fc2021-12-21 10:43:13.445root 11241100x8000000000000000412203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca1d8465a3b4042b2021-12-21 10:43:13.445root 11241100x8000000000000000412204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85cacffbdb26bfa02021-12-21 10:43:13.445root 11241100x8000000000000000412205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b23513687532bed02021-12-21 10:43:13.445root 11241100x8000000000000000412206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c262449d44d06cd62021-12-21 10:43:13.445root 11241100x8000000000000000412207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8976a918a77ecfe82021-12-21 10:43:13.445root 11241100x8000000000000000412208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.642770c59865cbe52021-12-21 10:43:13.445root 11241100x8000000000000000412209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb252628cc31a62e2021-12-21 10:43:13.445root 11241100x8000000000000000412210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.087eecca622e3a5b2021-12-21 10:43:13.445root 11241100x8000000000000000412211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.260188a10ae8de742021-12-21 10:43:13.446root 11241100x8000000000000000412212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d4bf0238791487a2021-12-21 10:43:13.446root 11241100x8000000000000000412213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4ecb97b155582fa2021-12-21 10:43:13.446root 11241100x8000000000000000412214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56017eae706c19852021-12-21 10:43:13.446root 11241100x8000000000000000412215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.808194408f7f224f2021-12-21 10:43:13.446root 11241100x8000000000000000412216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a622d8f7c363a1a52021-12-21 10:43:13.446root 11241100x8000000000000000412217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd40cf5198727a322021-12-21 10:43:13.446root 11241100x8000000000000000412218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f17e102527afdc2021-12-21 10:43:13.446root 11241100x8000000000000000412219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd1bc414dfb287a2021-12-21 10:43:13.943root 11241100x8000000000000000412220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08bfc67e0e4b46ed2021-12-21 10:43:13.943root 11241100x8000000000000000412221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ca0db963802e6a2021-12-21 10:43:13.944root 11241100x8000000000000000412222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f40aaf1efd419772021-12-21 10:43:13.944root 11241100x8000000000000000412223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6812de0ae542872021-12-21 10:43:13.944root 11241100x8000000000000000412224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c302b31fffc245e2021-12-21 10:43:13.945root 11241100x8000000000000000412225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a6b242e3de404c2021-12-21 10:43:13.945root 11241100x8000000000000000412226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fce8bef16a2c5a2a2021-12-21 10:43:13.945root 11241100x8000000000000000412227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b9bbe17c8547a22021-12-21 10:43:13.945root 11241100x8000000000000000412228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e5ea3cbd2610e482021-12-21 10:43:13.945root 11241100x8000000000000000412229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d782ee0647b7bbc2021-12-21 10:43:13.945root 11241100x8000000000000000412230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f36ac76a3489982021-12-21 10:43:13.946root 11241100x8000000000000000412231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc17b4ad4608e102021-12-21 10:43:13.946root 11241100x8000000000000000412232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4fc135e61518e792021-12-21 10:43:13.946root 11241100x8000000000000000412233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d927ddfb5a2efcf62021-12-21 10:43:13.946root 11241100x8000000000000000412234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e09df343223a56c82021-12-21 10:43:13.946root 11241100x8000000000000000412235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2770628141877f22021-12-21 10:43:13.946root 11241100x8000000000000000412236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136754022f20b6402021-12-21 10:43:13.946root 11241100x8000000000000000412237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8750a94a5f1ba202021-12-21 10:43:13.946root 11241100x8000000000000000412238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0caeab99ad56807e2021-12-21 10:43:13.946root 11241100x8000000000000000412239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a0740b5c41d6ab2021-12-21 10:43:13.947root 11241100x8000000000000000412240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a38d01ca93d7ee3d2021-12-21 10:43:13.947root 11241100x8000000000000000412241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25803a3e687450c72021-12-21 10:43:13.947root 11241100x8000000000000000412242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ccfa883d5ed071e2021-12-21 10:43:13.947root 11241100x8000000000000000412243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:13.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f099158a8e86b902021-12-21 10:43:13.947root 11241100x8000000000000000412244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb7f94cb555741e2021-12-21 10:43:14.443root 11241100x8000000000000000412245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e588ddb212900f7a2021-12-21 10:43:14.443root 11241100x8000000000000000412246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ed1bda2e51dde22021-12-21 10:43:14.443root 11241100x8000000000000000412247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cdc538ab79c0b142021-12-21 10:43:14.443root 11241100x8000000000000000412248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e1a8764463c1cb2021-12-21 10:43:14.444root 11241100x8000000000000000412249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4eb5084e87973162021-12-21 10:43:14.444root 11241100x8000000000000000412250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b1dbfaf36bf71362021-12-21 10:43:14.444root 11241100x8000000000000000412251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e16058c7ab2ba012021-12-21 10:43:14.444root 11241100x8000000000000000412252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33900a8a43159df32021-12-21 10:43:14.444root 11241100x8000000000000000412253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.279ae8e0bd9231f62021-12-21 10:43:14.444root 11241100x8000000000000000412254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8febe5275b820e702021-12-21 10:43:14.444root 11241100x8000000000000000412255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0adbb4768fae996c2021-12-21 10:43:14.444root 11241100x8000000000000000412256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae2a0c2af90780762021-12-21 10:43:14.444root 11241100x8000000000000000412257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.842ce89662a6c8be2021-12-21 10:43:14.444root 11241100x8000000000000000412258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37d772e3d947ffb32021-12-21 10:43:14.445root 11241100x8000000000000000412259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2fbc992427e41442021-12-21 10:43:14.445root 11241100x8000000000000000412260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b0487e913d51712021-12-21 10:43:14.445root 11241100x8000000000000000412261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d83b5a5e6337315a2021-12-21 10:43:14.445root 11241100x8000000000000000412262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.192fb906e8d1e9322021-12-21 10:43:14.445root 11241100x8000000000000000412263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ea4901610362c42021-12-21 10:43:14.445root 11241100x8000000000000000412264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d95777183eb562f2021-12-21 10:43:14.445root 11241100x8000000000000000412265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d0dec222c96e4a2021-12-21 10:43:14.445root 11241100x8000000000000000412266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440f44536bd7c8e52021-12-21 10:43:14.445root 11241100x8000000000000000412267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e600056f5b51c842021-12-21 10:43:14.445root 11241100x8000000000000000412268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.248080d63fa97c502021-12-21 10:43:14.446root 11241100x8000000000000000412269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc47273a81a3c732021-12-21 10:43:14.943root 11241100x8000000000000000412270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24987e4ee7737e172021-12-21 10:43:14.943root 11241100x8000000000000000412271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8558d209255bd232021-12-21 10:43:14.943root 11241100x8000000000000000412272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2599f6265775bfac2021-12-21 10:43:14.943root 11241100x8000000000000000412273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6e84da974106b42021-12-21 10:43:14.943root 11241100x8000000000000000412274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6569b33c662b79ad2021-12-21 10:43:14.943root 11241100x8000000000000000412275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d175d27a1d9f9d1d2021-12-21 10:43:14.944root 11241100x8000000000000000412276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d39027918b7d8cee2021-12-21 10:43:14.944root 11241100x8000000000000000412277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc1fe4f21ab285912021-12-21 10:43:14.944root 11241100x8000000000000000412278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.788282b5afb0dbbb2021-12-21 10:43:14.944root 11241100x8000000000000000412279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.664322a820f534de2021-12-21 10:43:14.944root 11241100x8000000000000000412280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.019777b97de37bca2021-12-21 10:43:14.944root 11241100x8000000000000000412281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.771301330f7de8ba2021-12-21 10:43:14.944root 11241100x8000000000000000412282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31777198de6c19532021-12-21 10:43:14.944root 11241100x8000000000000000412283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07c03fc4418df562021-12-21 10:43:14.945root 11241100x8000000000000000412284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e1a0a9c811131182021-12-21 10:43:14.945root 11241100x8000000000000000412285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6edf300c5ec41e62021-12-21 10:43:14.945root 11241100x8000000000000000412286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc890c1d369277b2021-12-21 10:43:14.945root 11241100x8000000000000000412287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fc27efd1517b8ad2021-12-21 10:43:14.945root 11241100x8000000000000000412288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4104dae959615102021-12-21 10:43:14.945root 11241100x8000000000000000412289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e798c0ed5f3ad3902021-12-21 10:43:14.945root 11241100x8000000000000000412290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce04c4e5efea0b272021-12-21 10:43:14.945root 11241100x8000000000000000412291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7b9a6558f00e1642021-12-21 10:43:14.945root 11241100x8000000000000000412292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db9a6a5042a0de092021-12-21 10:43:14.946root 11241100x8000000000000000412293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9e9f742ddf64342021-12-21 10:43:14.946root 11241100x8000000000000000412294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c4be3aa1f9b1bb2021-12-21 10:43:14.946root 11241100x8000000000000000412295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8529ad6e5cdb87a42021-12-21 10:43:14.946root 11241100x8000000000000000412296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3430e17943051ae32021-12-21 10:43:14.946root 11241100x8000000000000000412297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14afba42dadd02d32021-12-21 10:43:15.443root 11241100x8000000000000000412298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91203d4540bf652e2021-12-21 10:43:15.443root 11241100x8000000000000000412299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d5873d6948d6412021-12-21 10:43:15.444root 11241100x8000000000000000412300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c81c500381de37422021-12-21 10:43:15.444root 11241100x8000000000000000412301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60059a5a337b367d2021-12-21 10:43:15.444root 11241100x8000000000000000412302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc2994effa7b7ed2021-12-21 10:43:15.444root 11241100x8000000000000000412303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.798dc1ac6367f5ae2021-12-21 10:43:15.444root 11241100x8000000000000000412304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec6a6e9534b4858d2021-12-21 10:43:15.444root 11241100x8000000000000000412305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0280669f1edb85822021-12-21 10:43:15.444root 11241100x8000000000000000412306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71454ec505f452e62021-12-21 10:43:15.444root 11241100x8000000000000000412307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.076578804d3a93022021-12-21 10:43:15.445root 11241100x8000000000000000412308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb65dca794ebe4a2021-12-21 10:43:15.445root 11241100x8000000000000000412309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.341f9ba549e194232021-12-21 10:43:15.445root 11241100x8000000000000000412310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2219092adee197bf2021-12-21 10:43:15.445root 11241100x8000000000000000412311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.870a76eb51ee101d2021-12-21 10:43:15.445root 11241100x8000000000000000412312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e37a68bf70ce59e92021-12-21 10:43:15.445root 11241100x8000000000000000412313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dbdf1132c83e84a2021-12-21 10:43:15.445root 11241100x8000000000000000412314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f123496a2bf56d2021-12-21 10:43:15.445root 11241100x8000000000000000412315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8428c608ec0f5a1c2021-12-21 10:43:15.445root 11241100x8000000000000000412316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71bd59fb4f2762aa2021-12-21 10:43:15.445root 11241100x8000000000000000412317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e740a65b49482a6c2021-12-21 10:43:15.445root 11241100x8000000000000000412318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f99f7c58f670da72021-12-21 10:43:15.446root 11241100x8000000000000000412319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e911da8772e1aa7e2021-12-21 10:43:15.446root 11241100x8000000000000000412320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9950ff0e14c4b3822021-12-21 10:43:15.446root 11241100x8000000000000000412321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e84d5cbe5902a9592021-12-21 10:43:15.446root 11241100x8000000000000000412322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f891e13cb9936812021-12-21 10:43:15.943root 11241100x8000000000000000412323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d97df4711fc502ac2021-12-21 10:43:15.943root 11241100x8000000000000000412324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de35d66c73d3fcf2021-12-21 10:43:15.943root 11241100x8000000000000000412325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e148edaaf87a720e2021-12-21 10:43:15.943root 11241100x8000000000000000412326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fabb40026457a3d2021-12-21 10:43:15.943root 11241100x8000000000000000412327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e31ce02758e1b7f72021-12-21 10:43:15.944root 11241100x8000000000000000412328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.083ce65dced455782021-12-21 10:43:15.944root 11241100x8000000000000000412329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac628e2c4e938eb32021-12-21 10:43:15.944root 11241100x8000000000000000412330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf5efd49dc8f6882021-12-21 10:43:15.944root 11241100x8000000000000000412331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e70e1b23bee9bf42021-12-21 10:43:15.944root 11241100x8000000000000000412332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea8276e48193e8ca2021-12-21 10:43:15.944root 11241100x8000000000000000412333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c31e0925fa94e4422021-12-21 10:43:15.944root 11241100x8000000000000000412334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61f0c1e28c5152b32021-12-21 10:43:15.944root 11241100x8000000000000000412335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37fe1d49b870e4512021-12-21 10:43:15.944root 11241100x8000000000000000412336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4a33d5b43764742021-12-21 10:43:15.944root 11241100x8000000000000000412337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07edff25d3e5d4a42021-12-21 10:43:15.944root 11241100x8000000000000000412338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4cb0f4c7fbd4f622021-12-21 10:43:15.944root 11241100x8000000000000000412339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85fdb0311e8cf6442021-12-21 10:43:15.944root 11241100x8000000000000000412340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9007792d7697d42021-12-21 10:43:15.945root 11241100x8000000000000000412341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f619dc71af206612021-12-21 10:43:15.945root 11241100x8000000000000000412342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b58d25c6776f44a2021-12-21 10:43:15.945root 11241100x8000000000000000412343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b569cea0eb102592021-12-21 10:43:15.945root 11241100x8000000000000000412344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b18c11f78d88da2021-12-21 10:43:15.945root 11241100x8000000000000000412345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae76137bdded5aec2021-12-21 10:43:15.945root 11241100x8000000000000000412346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b069bbc28b4dce3d2021-12-21 10:43:15.945root 11241100x8000000000000000412347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a00f427b8182ad2021-12-21 10:43:15.945root 11241100x8000000000000000412348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b4cbf5d12f26e6f2021-12-21 10:43:15.945root 11241100x8000000000000000412349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea87ac33a506dd0c2021-12-21 10:43:15.945root 11241100x8000000000000000412350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccec8b866895ecf52021-12-21 10:43:16.443root 11241100x8000000000000000412351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbcf00a1c550dd702021-12-21 10:43:16.443root 11241100x8000000000000000412352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd64db7f43d3a53f2021-12-21 10:43:16.443root 11241100x8000000000000000412353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f6009b80a48687c2021-12-21 10:43:16.443root 11241100x8000000000000000412354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30956db9620900d12021-12-21 10:43:16.443root 11241100x8000000000000000412355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e43699cbc11e428e2021-12-21 10:43:16.444root 11241100x8000000000000000412356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00352afe58f9565a2021-12-21 10:43:16.444root 11241100x8000000000000000412357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aa5848b4c28ed292021-12-21 10:43:16.444root 11241100x8000000000000000412358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c62228680930c6542021-12-21 10:43:16.444root 11241100x8000000000000000412359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f91f0be8115970b2021-12-21 10:43:16.444root 11241100x8000000000000000412360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5c76b0e3f419ee42021-12-21 10:43:16.444root 11241100x8000000000000000412361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e2180f8ecb0dbc2021-12-21 10:43:16.445root 11241100x8000000000000000412362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72aef6779c1c14c62021-12-21 10:43:16.445root 11241100x8000000000000000412363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e34e164c01e781b02021-12-21 10:43:16.445root 11241100x8000000000000000412364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c8b6d372cda5be2021-12-21 10:43:16.445root 11241100x8000000000000000412365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc36060c8f333ce2021-12-21 10:43:16.445root 11241100x8000000000000000412366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3ee5b90c3bd6e532021-12-21 10:43:16.445root 11241100x8000000000000000412367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c83e396f50fa8772021-12-21 10:43:16.446root 11241100x8000000000000000412368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0491f5d88ac2af2021-12-21 10:43:16.446root 11241100x8000000000000000412369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf9387bb47843462021-12-21 10:43:16.446root 11241100x8000000000000000412370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc762eea1db67f2f2021-12-21 10:43:16.446root 11241100x8000000000000000412371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e617f5dd92e7262021-12-21 10:43:16.446root 11241100x8000000000000000412372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60e22b2bfdd583212021-12-21 10:43:16.446root 11241100x8000000000000000412373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fdc45447cd7482c2021-12-21 10:43:16.446root 11241100x8000000000000000412374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1afc69095f25029b2021-12-21 10:43:16.446root 11241100x8000000000000000412375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd9bef4e8ec8fd392021-12-21 10:43:16.943root 11241100x8000000000000000412376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d4972ead8b705eb2021-12-21 10:43:16.943root 11241100x8000000000000000412377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.704804304c41fd282021-12-21 10:43:16.943root 11241100x8000000000000000412378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a1d09ba3457e04a2021-12-21 10:43:16.943root 11241100x8000000000000000412379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.524056ce91f4d2412021-12-21 10:43:16.944root 11241100x8000000000000000412380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e96e7dbcab629bd2021-12-21 10:43:16.944root 11241100x8000000000000000412381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.550917424fe8a5172021-12-21 10:43:16.944root 11241100x8000000000000000412382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.979fc630ca8f9c352021-12-21 10:43:16.944root 11241100x8000000000000000412383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a65e79da86188862021-12-21 10:43:16.944root 11241100x8000000000000000412384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e257c2fa4f204ae52021-12-21 10:43:16.944root 11241100x8000000000000000412385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a92793c39c015932021-12-21 10:43:16.944root 11241100x8000000000000000412386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f5da0d5c79429c2021-12-21 10:43:16.944root 11241100x8000000000000000412387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84cfe4ca9e3deab02021-12-21 10:43:16.944root 11241100x8000000000000000412388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64156921921853b22021-12-21 10:43:16.945root 11241100x8000000000000000412389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d8687990a2f1bf92021-12-21 10:43:16.945root 11241100x8000000000000000412390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12bfbd02997d1edf2021-12-21 10:43:16.945root 11241100x8000000000000000412391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.518de90809c3a0372021-12-21 10:43:16.945root 11241100x8000000000000000412392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a0b5ea88c8bc2b2021-12-21 10:43:16.945root 11241100x8000000000000000412393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c136a5fb0d9425f2021-12-21 10:43:16.945root 11241100x8000000000000000412394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb230284360513862021-12-21 10:43:16.945root 11241100x8000000000000000412395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1abd4a59589cbafa2021-12-21 10:43:16.945root 11241100x8000000000000000412396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.432eebbfa78ee18d2021-12-21 10:43:16.945root 11241100x8000000000000000412397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a8f884aa000c7c2021-12-21 10:43:16.945root 11241100x8000000000000000412398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbabaee1ba3767762021-12-21 10:43:16.946root 11241100x8000000000000000412399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73e9fd3ef76458ef2021-12-21 10:43:16.946root 11241100x8000000000000000412400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82f5b1ee22fb83d42021-12-21 10:43:17.443root 11241100x8000000000000000412401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9414b0f8212d63422021-12-21 10:43:17.443root 11241100x8000000000000000412402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.322c57f1a5d527c02021-12-21 10:43:17.443root 11241100x8000000000000000412403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4193ce27c1dd0c62021-12-21 10:43:17.443root 11241100x8000000000000000412404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e89ec5626fb0ee432021-12-21 10:43:17.443root 11241100x8000000000000000412405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b63e8b432daa9482021-12-21 10:43:17.443root 11241100x8000000000000000412406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0facee0de45827e2021-12-21 10:43:17.443root 11241100x8000000000000000412407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ad17ad93dd3ccf72021-12-21 10:43:17.443root 11241100x8000000000000000412408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2cb7472f6a9d5302021-12-21 10:43:17.444root 11241100x8000000000000000412409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1f607587c8ec6a32021-12-21 10:43:17.444root 11241100x8000000000000000412410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d240b0d027ac572021-12-21 10:43:17.444root 11241100x8000000000000000412411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.591d83f28c7d3c3f2021-12-21 10:43:17.444root 11241100x8000000000000000412412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d685efcd8411f54b2021-12-21 10:43:17.444root 11241100x8000000000000000412413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.199817b082bd54922021-12-21 10:43:17.444root 11241100x8000000000000000412414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a702592c7bf3a32021-12-21 10:43:17.444root 11241100x8000000000000000412415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a060d050509d25912021-12-21 10:43:17.444root 11241100x8000000000000000412416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d02a7ca110721202021-12-21 10:43:17.444root 11241100x8000000000000000412417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d62b5b7c16f4734d2021-12-21 10:43:17.444root 11241100x8000000000000000412418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f1baf320eaf0df42021-12-21 10:43:17.444root 11241100x8000000000000000412419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d669d006f2898c42021-12-21 10:43:17.445root 11241100x8000000000000000412420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.452d4365ba578be32021-12-21 10:43:17.445root 11241100x8000000000000000412421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07120863aa456c72021-12-21 10:43:17.445root 11241100x8000000000000000412422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8775cc1337550892021-12-21 10:43:17.445root 11241100x8000000000000000412423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9c2a7d6befad5332021-12-21 10:43:17.445root 11241100x8000000000000000412424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d91d98776a03452021-12-21 10:43:17.445root 11241100x8000000000000000412425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d35973e2d844dbad2021-12-21 10:43:17.943root 11241100x8000000000000000412426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a76e7c279cc8ba9b2021-12-21 10:43:17.943root 11241100x8000000000000000412427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.018a2ca7a0c575d82021-12-21 10:43:17.943root 11241100x8000000000000000412428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a8818846520dea82021-12-21 10:43:17.943root 11241100x8000000000000000412429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb89ef8fb996325c2021-12-21 10:43:17.943root 11241100x8000000000000000412430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.375a93c037f1fe952021-12-21 10:43:17.943root 11241100x8000000000000000412431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6546d872db9ba7b2021-12-21 10:43:17.944root 11241100x8000000000000000412432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.956fd498c6c51ffb2021-12-21 10:43:17.944root 11241100x8000000000000000412433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f046d7f2722a44c2021-12-21 10:43:17.944root 11241100x8000000000000000412434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22260e4f85ab39522021-12-21 10:43:17.944root 11241100x8000000000000000412435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c380e5478e5d512021-12-21 10:43:17.944root 11241100x8000000000000000412436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea126d57ea227e732021-12-21 10:43:17.944root 11241100x8000000000000000412437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.028fd9991b48a1152021-12-21 10:43:17.944root 11241100x8000000000000000412438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96938a55b61004af2021-12-21 10:43:17.945root 11241100x8000000000000000412439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d34847c822a9bae92021-12-21 10:43:17.945root 11241100x8000000000000000412440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49513bc49b02d6f62021-12-21 10:43:17.945root 11241100x8000000000000000412441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af67ecfe74512b22021-12-21 10:43:17.945root 11241100x8000000000000000412442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d7dca637ec271482021-12-21 10:43:17.945root 11241100x8000000000000000412443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae809d6a75510eb2021-12-21 10:43:17.945root 11241100x8000000000000000412444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b702bc906a8692cf2021-12-21 10:43:17.945root 11241100x8000000000000000412445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17233b08467e3be52021-12-21 10:43:17.945root 11241100x8000000000000000412446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd1ffad6bd936422021-12-21 10:43:17.946root 11241100x8000000000000000412447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f1c3c86755599d2021-12-21 10:43:17.946root 11241100x8000000000000000412448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a4764beb0ce0582021-12-21 10:43:17.946root 11241100x8000000000000000412449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfeab4ff45006fd32021-12-21 10:43:17.946root 11241100x8000000000000000412450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.348ed42d429a52ec2021-12-21 10:43:17.946root 11241100x8000000000000000412451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.448624b981b1ca362021-12-21 10:43:17.946root 354300x8000000000000000412452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.226{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47504-false10.0.1.12-8000- 11241100x8000000000000000412453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.227{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08a437842816d1322021-12-21 10:43:18.227root 11241100x8000000000000000412454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.227{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f848778d7c03af2021-12-21 10:43:18.227root 11241100x8000000000000000412455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.227{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac4abf64b96b59a92021-12-21 10:43:18.227root 11241100x8000000000000000412456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.227{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3db17a219853ac72021-12-21 10:43:18.227root 11241100x8000000000000000412457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.227{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce98429d10898802021-12-21 10:43:18.227root 11241100x8000000000000000412458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.227{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49463f9a127eba072021-12-21 10:43:18.227root 11241100x8000000000000000412459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.227{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c47cb9f7f3c41b4d2021-12-21 10:43:18.227root 11241100x8000000000000000412460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.227{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.432ff8eee7ca7cc32021-12-21 10:43:18.227root 11241100x8000000000000000412461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.227{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a54133629999a70e2021-12-21 10:43:18.227root 11241100x8000000000000000412462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ef5573ea7c3c2fb2021-12-21 10:43:18.228root 11241100x8000000000000000412463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c13c32f6369bc82021-12-21 10:43:18.228root 11241100x8000000000000000412464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5069afd22d15ff682021-12-21 10:43:18.228root 11241100x8000000000000000412465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb6807b653923f32021-12-21 10:43:18.228root 11241100x8000000000000000412466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f2fea1cf62a877a2021-12-21 10:43:18.228root 11241100x8000000000000000412467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d894f9368c23fc8f2021-12-21 10:43:18.228root 11241100x8000000000000000412468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a6629bf7535f5662021-12-21 10:43:18.228root 11241100x8000000000000000412469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7586fecc936c25a82021-12-21 10:43:18.228root 11241100x8000000000000000412470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1132161b08c2e4342021-12-21 10:43:18.229root 11241100x8000000000000000412471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be65078031eaa5682021-12-21 10:43:18.229root 11241100x8000000000000000412472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fce563eda7028ef22021-12-21 10:43:18.229root 11241100x8000000000000000412473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc78fbd33174c3d2021-12-21 10:43:18.229root 11241100x8000000000000000412474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b7c91554e49c4812021-12-21 10:43:18.229root 11241100x8000000000000000412475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da52a9cd55d918782021-12-21 10:43:18.229root 11241100x8000000000000000412476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d052e244706ca822021-12-21 10:43:18.229root 11241100x8000000000000000412477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c751c554433783292021-12-21 10:43:18.229root 11241100x8000000000000000412478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e353b41abc3b213c2021-12-21 10:43:18.229root 11241100x8000000000000000412479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db532c4cf92388832021-12-21 10:43:18.230root 11241100x8000000000000000412480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b68005e1dc59d27c2021-12-21 10:43:18.230root 11241100x8000000000000000412481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01f382f977fe4c092021-12-21 10:43:18.230root 11241100x8000000000000000412482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e4d02ab2872df92021-12-21 10:43:18.230root 11241100x8000000000000000412483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a6febba1ada1302021-12-21 10:43:18.230root 11241100x8000000000000000412484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e129f59f595ade8a2021-12-21 10:43:18.230root 11241100x8000000000000000412485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.231{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c859e78b04886eb2021-12-21 10:43:18.231root 11241100x8000000000000000412486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.231{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a68ab29bb603722021-12-21 10:43:18.231root 11241100x8000000000000000412487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.231{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6053c97ad63ed7c62021-12-21 10:43:18.231root 11241100x8000000000000000412488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.231{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2f80f8350d2e092021-12-21 10:43:18.231root 11241100x8000000000000000412489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.231{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f5cc1d7199bcfc2021-12-21 10:43:18.231root 11241100x8000000000000000412490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cefe37edcfa64ff82021-12-21 10:43:18.693root 11241100x8000000000000000412491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af72e7e133a31662021-12-21 10:43:18.694root 11241100x8000000000000000412492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3082700b464dd1fa2021-12-21 10:43:18.694root 11241100x8000000000000000412493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4833121335a0491d2021-12-21 10:43:18.694root 11241100x8000000000000000412494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82cdfe5a4b3156922021-12-21 10:43:18.694root 11241100x8000000000000000412495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.582907284af3488e2021-12-21 10:43:18.694root 11241100x8000000000000000412496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa006d4caced8aa2021-12-21 10:43:18.694root 11241100x8000000000000000412497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25508cf1da2644332021-12-21 10:43:18.694root 11241100x8000000000000000412498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9d9128382a28d62021-12-21 10:43:18.694root 11241100x8000000000000000412499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbb465601c9463d92021-12-21 10:43:18.694root 11241100x8000000000000000412500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83456c17d97343682021-12-21 10:43:18.694root 11241100x8000000000000000412501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6222f1dd4c91928c2021-12-21 10:43:18.694root 11241100x8000000000000000412502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.977c8797c925d0ca2021-12-21 10:43:18.694root 11241100x8000000000000000412503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874a5d3a5676a92e2021-12-21 10:43:18.695root 11241100x8000000000000000412504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c2bb63aa43a06822021-12-21 10:43:18.695root 11241100x8000000000000000412505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbb47fd6197ba0392021-12-21 10:43:18.695root 11241100x8000000000000000412506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d56e9ce633b26332021-12-21 10:43:18.695root 11241100x8000000000000000412507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0debee53fb3bff282021-12-21 10:43:18.695root 11241100x8000000000000000412508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44c72d1994dace6c2021-12-21 10:43:18.695root 11241100x8000000000000000412509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e874af168f62c9f2021-12-21 10:43:18.695root 11241100x8000000000000000412510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c24d31582816c592021-12-21 10:43:18.695root 11241100x8000000000000000412511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599bc36feb728ed92021-12-21 10:43:18.696root 11241100x8000000000000000412512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c2be4c7bbafff22021-12-21 10:43:18.696root 11241100x8000000000000000412513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10fdc302066a3ecb2021-12-21 10:43:18.696root 11241100x8000000000000000412514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d7e1574d68b03c2021-12-21 10:43:18.696root 11241100x8000000000000000412515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:18.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dce3eb698975e672021-12-21 10:43:18.696root 11241100x8000000000000000412516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e7288b7dc89cfa2021-12-21 10:43:19.193root 11241100x8000000000000000412517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c2b6640a59771f2021-12-21 10:43:19.193root 11241100x8000000000000000412518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04bd412f8742adb32021-12-21 10:43:19.193root 11241100x8000000000000000412519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d78f0730819a51032021-12-21 10:43:19.194root 11241100x8000000000000000412520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8067931ca790ff6c2021-12-21 10:43:19.194root 11241100x8000000000000000412521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c4253e8b9219aa2021-12-21 10:43:19.194root 11241100x8000000000000000412522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a1635a4630498b02021-12-21 10:43:19.194root 11241100x8000000000000000412523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8105a2cd5d606e362021-12-21 10:43:19.194root 11241100x8000000000000000412524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4cead2a269f68d72021-12-21 10:43:19.194root 11241100x8000000000000000412525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01833229354cfa052021-12-21 10:43:19.195root 11241100x8000000000000000412526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a95fa85099377ff2021-12-21 10:43:19.195root 11241100x8000000000000000412527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc6c08d7e1358a0e2021-12-21 10:43:19.195root 11241100x8000000000000000412528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f628668e64ac86b2021-12-21 10:43:19.195root 11241100x8000000000000000412529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c579f2b7ad56b62021-12-21 10:43:19.195root 11241100x8000000000000000412530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6ab9681a22802b2021-12-21 10:43:19.195root 11241100x8000000000000000412531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac59f6821bcb37372021-12-21 10:43:19.195root 11241100x8000000000000000412532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a287c86f7d4dda42021-12-21 10:43:19.195root 11241100x8000000000000000412533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce4d592572f249592021-12-21 10:43:19.195root 11241100x8000000000000000412534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.211a25cb67e147272021-12-21 10:43:19.195root 11241100x8000000000000000412535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c32ad5067317dc2021-12-21 10:43:19.196root 11241100x8000000000000000412536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0cf0cce6d6c413a2021-12-21 10:43:19.196root 11241100x8000000000000000412537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e31e912bc692d52021-12-21 10:43:19.196root 11241100x8000000000000000412538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8baed94561c4e2df2021-12-21 10:43:19.196root 11241100x8000000000000000412539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f1ce2b933858b1f2021-12-21 10:43:19.196root 11241100x8000000000000000412540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9754079cd5edc262021-12-21 10:43:19.196root 11241100x8000000000000000412541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e85100a56d6256a22021-12-21 10:43:19.196root 11241100x8000000000000000412542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4bcb156b122d9792021-12-21 10:43:19.196root 11241100x8000000000000000412543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be676771fbc6f5c2021-12-21 10:43:19.196root 11241100x8000000000000000412544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b31da3afa0b768342021-12-21 10:43:19.693root 11241100x8000000000000000412545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0888ba0300266e2021-12-21 10:43:19.693root 11241100x8000000000000000412546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b95ca818ebf465462021-12-21 10:43:19.693root 11241100x8000000000000000412547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7270d0c7318f2d5c2021-12-21 10:43:19.693root 11241100x8000000000000000412548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c6f2c013f8971092021-12-21 10:43:19.693root 11241100x8000000000000000412549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.278b70b1aab050c32021-12-21 10:43:19.694root 11241100x8000000000000000412550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5862f48a77c55432021-12-21 10:43:19.694root 11241100x8000000000000000412551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8785717714f40b482021-12-21 10:43:19.694root 11241100x8000000000000000412552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e16254d89bbe4c62021-12-21 10:43:19.694root 11241100x8000000000000000412553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d42adc7822c8fa2021-12-21 10:43:19.694root 11241100x8000000000000000412554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11314f7ec63411fc2021-12-21 10:43:19.694root 11241100x8000000000000000412555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59dbe1441c827f232021-12-21 10:43:19.694root 11241100x8000000000000000412556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83956281884442632021-12-21 10:43:19.694root 11241100x8000000000000000412557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bac43120d447b9d2021-12-21 10:43:19.694root 11241100x8000000000000000412558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daffc694ee2e8a062021-12-21 10:43:19.694root 11241100x8000000000000000412559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.323b4d81b2e566952021-12-21 10:43:19.695root 11241100x8000000000000000412560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cabf4b51e9ea7a342021-12-21 10:43:19.695root 11241100x8000000000000000412561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.546d2cc4edb0c3f42021-12-21 10:43:19.695root 11241100x8000000000000000412562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65a12fdff961f9f52021-12-21 10:43:19.695root 11241100x8000000000000000412563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f16675e3566f1422021-12-21 10:43:19.695root 11241100x8000000000000000412564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6aa0df459ebd5302021-12-21 10:43:19.695root 11241100x8000000000000000412565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96993650b790651e2021-12-21 10:43:19.695root 11241100x8000000000000000412566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afaf9a5fd2e8aab52021-12-21 10:43:19.695root 11241100x8000000000000000412567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ebb902aeb619572021-12-21 10:43:19.695root 11241100x8000000000000000412568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4362a9b250bae45d2021-12-21 10:43:19.695root 11241100x8000000000000000412569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:19.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c2101edf9cfb062021-12-21 10:43:19.696root 11241100x8000000000000000412570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.982b61ffad714fe62021-12-21 10:43:20.193root 11241100x8000000000000000412571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e4478f7c7686ad02021-12-21 10:43:20.193root 11241100x8000000000000000412572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4175f0dd7dea1acf2021-12-21 10:43:20.193root 11241100x8000000000000000412573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f14a4b32d9ce76662021-12-21 10:43:20.193root 11241100x8000000000000000412574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16a8b5d33b1a90ac2021-12-21 10:43:20.193root 11241100x8000000000000000412575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cdfb44785b1c8b92021-12-21 10:43:20.193root 11241100x8000000000000000412576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d56ae834a539452021-12-21 10:43:20.193root 11241100x8000000000000000412577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3efd698fa6e974482021-12-21 10:43:20.193root 11241100x8000000000000000412578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.145b940b214b52592021-12-21 10:43:20.194root 11241100x8000000000000000412579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db754e8f70015ddd2021-12-21 10:43:20.194root 11241100x8000000000000000412580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00aaafb6e8a6b5202021-12-21 10:43:20.194root 11241100x8000000000000000412581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12dad80b4b3801302021-12-21 10:43:20.194root 11241100x8000000000000000412582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0998aa47739076fe2021-12-21 10:43:20.194root 11241100x8000000000000000412583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7155c4eee62549912021-12-21 10:43:20.194root 11241100x8000000000000000412584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3796e7148d88b4d2021-12-21 10:43:20.194root 11241100x8000000000000000412585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18651af57286f782021-12-21 10:43:20.194root 11241100x8000000000000000412586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9efc26f9f2c9856c2021-12-21 10:43:20.194root 11241100x8000000000000000412587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b33b4fd3e1370d2021-12-21 10:43:20.195root 11241100x8000000000000000412588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc40283b01321e8a2021-12-21 10:43:20.195root 11241100x8000000000000000412589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae0a02b9067aaaf82021-12-21 10:43:20.195root 11241100x8000000000000000412590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ed994d5ab4ed9a2021-12-21 10:43:20.195root 11241100x8000000000000000412591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651f4feba842147b2021-12-21 10:43:20.195root 11241100x8000000000000000412592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.030ffbf0bf2410382021-12-21 10:43:20.195root 11241100x8000000000000000412593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32cfe1a13f5030e2021-12-21 10:43:20.195root 11241100x8000000000000000412594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.067e28bf7e742dd62021-12-21 10:43:20.195root 11241100x8000000000000000412595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:20.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ddd4d18c817e482021-12-21 10:43:20.196root 11241100x8000000000000000412596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:20.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02812ea16d4e4f4c2021-12-21 10:43:20.196root 11241100x8000000000000000412597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:20.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f04ded39fb9e866f2021-12-21 10:43:20.196root 11241100x8000000000000000412598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f60154f77b091f2021-12-21 10:43:20.693root 11241100x8000000000000000412599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2083c8a956aa3d702021-12-21 10:43:20.693root 11241100x8000000000000000412600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.258c0b0ea1b19b072021-12-21 10:43:20.693root 11241100x8000000000000000412601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.293da5f170f4b1df2021-12-21 10:43:20.693root 11241100x8000000000000000412602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.121cd3b8b8f1a9f62021-12-21 10:43:20.693root 11241100x8000000000000000412603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3afa6a3f3b508cba2021-12-21 10:43:20.694root 11241100x8000000000000000412604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dfbdea2e0d379732021-12-21 10:43:20.694root 11241100x8000000000000000412605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ed9e45bf08eb56d2021-12-21 10:43:20.694root 11241100x8000000000000000412606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b882eb78eae0703e2021-12-21 10:43:20.694root 11241100x8000000000000000412607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f81f0ef1c12fc122021-12-21 10:43:20.694root 11241100x8000000000000000412608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c93bf1e9bb2d7a052021-12-21 10:43:20.694root 11241100x8000000000000000412609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de6afe9226151b5b2021-12-21 10:43:20.694root 11241100x8000000000000000412610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d45973f34188f32021-12-21 10:43:20.694root 11241100x8000000000000000412611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.872aa1a85abab54b2021-12-21 10:43:20.694root 11241100x8000000000000000412612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccdd8b47eaa78b8a2021-12-21 10:43:20.694root 11241100x8000000000000000412613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9dfa81e455343122021-12-21 10:43:20.694root 11241100x8000000000000000412614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08890fa8a4a81b1f2021-12-21 10:43:20.695root 11241100x8000000000000000412615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b488833ae16160882021-12-21 10:43:20.695root 11241100x8000000000000000412616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb3717b0e007ec412021-12-21 10:43:20.695root 11241100x8000000000000000412617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38cf8c20be8a2b852021-12-21 10:43:20.695root 11241100x8000000000000000412618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f72d1c723f257f622021-12-21 10:43:20.695root 11241100x8000000000000000412619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b1d561220d093fc2021-12-21 10:43:20.695root 11241100x8000000000000000412620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6578baea4e12ccaf2021-12-21 10:43:20.695root 11241100x8000000000000000412621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7100f2816bfe7eb2021-12-21 10:43:20.695root 11241100x8000000000000000412622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b13de0fd3e612a2021-12-21 10:43:20.695root 11241100x8000000000000000412623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f50cb694eba53f2021-12-21 10:43:20.695root 11241100x8000000000000000412624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b8907c41948a7d52021-12-21 10:43:21.193root 11241100x8000000000000000412625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c57eca4e3f768a2021-12-21 10:43:21.193root 11241100x8000000000000000412626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f638a01584f3dae62021-12-21 10:43:21.193root 11241100x8000000000000000412627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4363a4aa72301ba42021-12-21 10:43:21.193root 11241100x8000000000000000412628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e06baf70a668fd592021-12-21 10:43:21.193root 11241100x8000000000000000412629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf692de1fadb0ca2021-12-21 10:43:21.194root 11241100x8000000000000000412630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f06ac6cf892b25fe2021-12-21 10:43:21.194root 11241100x8000000000000000412631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f933924c03397ee92021-12-21 10:43:21.194root 11241100x8000000000000000412632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.669d8d59bd1fea802021-12-21 10:43:21.194root 11241100x8000000000000000412633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da879bbab1e48ca2021-12-21 10:43:21.194root 11241100x8000000000000000412634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d07da449a1fca7e42021-12-21 10:43:21.194root 11241100x8000000000000000412635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9039006de3cf7892021-12-21 10:43:21.194root 11241100x8000000000000000412636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ff68704f495e8162021-12-21 10:43:21.194root 11241100x8000000000000000412637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9bff5e12900cc182021-12-21 10:43:21.194root 11241100x8000000000000000412638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d32a5e5c147e633e2021-12-21 10:43:21.194root 11241100x8000000000000000412639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe9e322424946f92021-12-21 10:43:21.195root 11241100x8000000000000000412640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf985c27edfc10792021-12-21 10:43:21.195root 11241100x8000000000000000412641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e50050738d98057f2021-12-21 10:43:21.195root 11241100x8000000000000000412642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e1bf901f1590442021-12-21 10:43:21.195root 11241100x8000000000000000412643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44bf87f7051034902021-12-21 10:43:21.195root 11241100x8000000000000000412644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677f257f3baa91a72021-12-21 10:43:21.195root 11241100x8000000000000000412645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5d0bdc8ba18e0402021-12-21 10:43:21.195root 11241100x8000000000000000412646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b94b835026d70e2021-12-21 10:43:21.195root 11241100x8000000000000000412647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ed8d1ff14d8f5b02021-12-21 10:43:21.195root 11241100x8000000000000000412648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29630bff9bba3e222021-12-21 10:43:21.195root 11241100x8000000000000000412649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a4c53822d9e5862021-12-21 10:43:21.195root 11241100x8000000000000000412650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d4118d30cd2a5532021-12-21 10:43:21.693root 11241100x8000000000000000412651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04eeab7d1a0143e82021-12-21 10:43:21.693root 11241100x8000000000000000412652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.420bf494ecbf4cb82021-12-21 10:43:21.694root 11241100x8000000000000000412653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.394ecd75c0ff0fcd2021-12-21 10:43:21.694root 11241100x8000000000000000412654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebeb7c976472ad482021-12-21 10:43:21.694root 11241100x8000000000000000412655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a0f74fe1156be32021-12-21 10:43:21.694root 11241100x8000000000000000412656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc1c5ad68e7447832021-12-21 10:43:21.694root 11241100x8000000000000000412657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f536c2e32d8f15f32021-12-21 10:43:21.694root 11241100x8000000000000000412658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b63d186c17ff6d02021-12-21 10:43:21.694root 11241100x8000000000000000412659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fba8404b90261da12021-12-21 10:43:21.694root 11241100x8000000000000000412660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e1540979ca24e3e2021-12-21 10:43:21.694root 11241100x8000000000000000412661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee65c7d82508e7762021-12-21 10:43:21.694root 11241100x8000000000000000412662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c9ee39865a6a0c62021-12-21 10:43:21.694root 11241100x8000000000000000412663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f07b39959cfd852021-12-21 10:43:21.694root 11241100x8000000000000000412664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcd441ba25cfa2492021-12-21 10:43:21.694root 11241100x8000000000000000412665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a25ee7ac6923397e2021-12-21 10:43:21.694root 11241100x8000000000000000412666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.289b3e6a01b6303b2021-12-21 10:43:21.695root 11241100x8000000000000000412667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a1e54ec982faad82021-12-21 10:43:21.695root 11241100x8000000000000000412668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d458f9697fa0882021-12-21 10:43:21.695root 11241100x8000000000000000412669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb7a6e5dff3c974a2021-12-21 10:43:21.695root 11241100x8000000000000000412670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e938224d60a63982021-12-21 10:43:21.695root 11241100x8000000000000000412671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8d5c703a61744172021-12-21 10:43:21.695root 11241100x8000000000000000412672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a3a034cd47289a2021-12-21 10:43:21.695root 11241100x8000000000000000412673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.014c93123a7d42872021-12-21 10:43:21.695root 11241100x8000000000000000412674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4acafc374cc683ef2021-12-21 10:43:21.695root 11241100x8000000000000000412675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e17d22fb3d333db42021-12-21 10:43:21.695root 11241100x8000000000000000412676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49386f6f547aa05c2021-12-21 10:43:22.193root 11241100x8000000000000000412677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:22.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a1f8865d5acb862021-12-21 10:43:22.194root 11241100x8000000000000000412678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:22.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0575bd0685b758f2021-12-21 10:43:22.194root 11241100x8000000000000000412679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:22.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d19b2412451aa5e2021-12-21 10:43:22.194root 11241100x8000000000000000412680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:22.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5862ce9b2c255c92021-12-21 10:43:22.194root 11241100x8000000000000000412681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:22.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa0a1704d973f9d2021-12-21 10:43:22.194root 11241100x8000000000000000412682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:22.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66306808ea4d2ce22021-12-21 10:43:22.194root 11241100x8000000000000000412683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:22.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5334c35ff7f16622021-12-21 10:43:22.195root 11241100x8000000000000000412684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:22.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c1c88ab7a7604862021-12-21 10:43:22.195root 11241100x8000000000000000412685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:22.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d98dbfa92779ce32021-12-21 10:43:22.195root 11241100x8000000000000000412686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:22.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.564d34936ac182a02021-12-21 10:43:22.195root 11241100x8000000000000000412687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:22.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8889392f24c96c632021-12-21 10:43:22.195root 11241100x8000000000000000412688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:22.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e9ba965c327bc472021-12-21 10:43:22.195root 11241100x8000000000000000412689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:22.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac3a5261e3ffee062021-12-21 10:43:22.196root 11241100x8000000000000000412690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:22.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9501e8fb517474562021-12-21 10:43:22.196root 11241100x8000000000000000412691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:22.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.521a3945c4d6b82f2021-12-21 10:43:22.196root 11241100x8000000000000000412692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:22.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06fb9bd77cdbf6eb2021-12-21 10:43:22.196root 11241100x8000000000000000412693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:22.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0c38ac6e43e3e262021-12-21 10:43:22.196root 11241100x8000000000000000412694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:22.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b24e218fd7d5412f2021-12-21 10:43:22.196root 11241100x8000000000000000412695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:22.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd6dd79bd91dd082021-12-21 10:43:22.196root 11241100x8000000000000000412696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:22.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3729058fd44e920b2021-12-21 10:43:22.196root 11241100x8000000000000000412697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:22.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.322a02e1655829422021-12-21 10:43:22.196root 11241100x8000000000000000412698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:22.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ab718dd9a1563402021-12-21 10:43:22.196root 11241100x8000000000000000412699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:22.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd53b13bc358cf02021-12-21 10:43:22.196root 11241100x8000000000000000412700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:22.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.675d333a38167f7b2021-12-21 10:43:22.196root 11241100x8000000000000000412701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:22.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a88e1efe9fcfce62021-12-21 10:43:22.197root 11241100x8000000000000000412702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f6cea5a189a9c402021-12-21 10:43:22.693root 11241100x8000000000000000412703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d443dc8a369b21d2021-12-21 10:43:22.693root 11241100x8000000000000000412704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e686eb182df5f9f32021-12-21 10:43:22.693root 11241100x8000000000000000412705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45af25483ec163f42021-12-21 10:43:22.693root 11241100x8000000000000000412706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b7476fe32da3042021-12-21 10:43:22.694root 11241100x8000000000000000412707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f589acd9035f59b2021-12-21 10:43:22.694root 11241100x8000000000000000412708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.353311611ee995732021-12-21 10:43:22.694root 11241100x8000000000000000412709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c015475556724a0f2021-12-21 10:43:22.694root 11241100x8000000000000000412710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c87729e4f345a9c82021-12-21 10:43:22.694root 11241100x8000000000000000412711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa6ab5dfe2cf4d6e2021-12-21 10:43:22.694root 11241100x8000000000000000412712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b688c8451084a452021-12-21 10:43:22.694root 11241100x8000000000000000412713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6960b3595d1948a72021-12-21 10:43:22.694root 11241100x8000000000000000412714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee27513aee58c2e2021-12-21 10:43:22.694root 11241100x8000000000000000412715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.068daea9ba8109182021-12-21 10:43:22.694root 11241100x8000000000000000412716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b241c6436666752021-12-21 10:43:22.694root 11241100x8000000000000000412717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d074d2c205d8d962021-12-21 10:43:22.694root 11241100x8000000000000000412718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7224023d79f904572021-12-21 10:43:22.694root 11241100x8000000000000000412719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dcf361827f800e62021-12-21 10:43:22.694root 11241100x8000000000000000412720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea6c4aca04b37e962021-12-21 10:43:22.694root 11241100x8000000000000000412721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f1b4d909e0e2042021-12-21 10:43:22.694root 11241100x8000000000000000412722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d22174c90e785cd32021-12-21 10:43:22.695root 11241100x8000000000000000412723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4bf216a3e3fcf12021-12-21 10:43:22.695root 11241100x8000000000000000412724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ffaf212b79607f22021-12-21 10:43:22.695root 11241100x8000000000000000412725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f37346181eb91932021-12-21 10:43:22.695root 11241100x8000000000000000412726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0d1cd2e37e6ac02021-12-21 10:43:22.695root 11241100x8000000000000000412727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07d3bf15e853e1382021-12-21 10:43:22.695root 11241100x8000000000000000412728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7f6da988dcf72802021-12-21 10:43:23.193root 11241100x8000000000000000412729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd82496eb668b5082021-12-21 10:43:23.194root 11241100x8000000000000000412730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.111a5e589b838a382021-12-21 10:43:23.194root 11241100x8000000000000000412731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d650075b3d568c02021-12-21 10:43:23.194root 11241100x8000000000000000412732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c3e101eb87153792021-12-21 10:43:23.194root 11241100x8000000000000000412733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb6c5e1a63a2ccf2021-12-21 10:43:23.194root 11241100x8000000000000000412734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c69f138c82c463ac2021-12-21 10:43:23.194root 11241100x8000000000000000412735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e192e7685f5275e2021-12-21 10:43:23.194root 11241100x8000000000000000412736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c13fcbd8fb4724e2021-12-21 10:43:23.194root 11241100x8000000000000000412737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d83ded65f2d0fd52021-12-21 10:43:23.194root 11241100x8000000000000000412738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cadde1839bbbcef12021-12-21 10:43:23.194root 11241100x8000000000000000412739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81bbb70d7204e5702021-12-21 10:43:23.194root 11241100x8000000000000000412740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065900de8cb43ad52021-12-21 10:43:23.194root 11241100x8000000000000000412741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a501ac1c88dca5f2021-12-21 10:43:23.194root 11241100x8000000000000000412742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:23.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79f464a86723b9f42021-12-21 10:43:23.195root 11241100x8000000000000000412743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:23.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4524a12a1423507d2021-12-21 10:43:23.195root 11241100x8000000000000000412744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:23.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8274533c0010a632021-12-21 10:43:23.195root 11241100x8000000000000000412745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:23.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82d5fbf826278cd32021-12-21 10:43:23.195root 11241100x8000000000000000412746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:23.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b25574793ab4d422021-12-21 10:43:23.195root 11241100x8000000000000000412747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:23.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21dc370a7354db9e2021-12-21 10:43:23.195root 11241100x8000000000000000412748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:23.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f77460db3a6b3de02021-12-21 10:43:23.195root 11241100x8000000000000000412749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:23.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e9c872ec5b2b822021-12-21 10:43:23.195root 11241100x8000000000000000412750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:23.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c72b361537c02fa2021-12-21 10:43:23.195root 11241100x8000000000000000412751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:23.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01981043365b01ce2021-12-21 10:43:23.195root 11241100x8000000000000000412752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:23.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f27a8c56a390f4c82021-12-21 10:43:23.195root 11241100x8000000000000000412753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:23.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb855da638b493fb2021-12-21 10:43:23.196root 11241100x8000000000000000412754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e5b623b5ba4b75a2021-12-21 10:43:23.693root 11241100x8000000000000000412755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93220d7e2decd0d72021-12-21 10:43:23.693root 11241100x8000000000000000412756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c58adb25a306e3f2021-12-21 10:43:23.693root 11241100x8000000000000000412757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d7ea9c22e288bb2021-12-21 10:43:23.693root 11241100x8000000000000000412758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c788526d7e34762021-12-21 10:43:23.693root 11241100x8000000000000000412759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0a734fa2de68f3c2021-12-21 10:43:23.693root 11241100x8000000000000000412760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.715cbe890f541c6a2021-12-21 10:43:23.693root 11241100x8000000000000000412761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a34242b8d20a24cf2021-12-21 10:43:23.693root 11241100x8000000000000000412762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e22d2a520f780a2021-12-21 10:43:23.693root 11241100x8000000000000000412763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93feae76ecf73ca52021-12-21 10:43:23.694root 11241100x8000000000000000412764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf3b343107b60c62021-12-21 10:43:23.694root 11241100x8000000000000000412765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f13dde5d5db504e2021-12-21 10:43:23.694root 11241100x8000000000000000412766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3551cd1b17c44cc22021-12-21 10:43:23.694root 11241100x8000000000000000412767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f88abc6b558aab2021-12-21 10:43:23.694root 11241100x8000000000000000412768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aafacf412bba863d2021-12-21 10:43:23.694root 11241100x8000000000000000412769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89ac7b9ba98330f92021-12-21 10:43:23.694root 11241100x8000000000000000412770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76249df4e68e22b52021-12-21 10:43:23.694root 11241100x8000000000000000412771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d62db3d1085a3de2021-12-21 10:43:23.694root 11241100x8000000000000000412772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d03f087724df572021-12-21 10:43:23.694root 11241100x8000000000000000412773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee91a0b6d4c99fe2021-12-21 10:43:23.695root 11241100x8000000000000000412774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a87da02af78e512021-12-21 10:43:23.695root 11241100x8000000000000000412775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ac180e8f466cb702021-12-21 10:43:23.695root 11241100x8000000000000000412776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a474c247c7d169e2021-12-21 10:43:23.695root 11241100x8000000000000000412777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c99fb63525343912021-12-21 10:43:23.695root 11241100x8000000000000000412778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0abaf7948fd43ba92021-12-21 10:43:23.695root 11241100x8000000000000000412779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29deb276e0dd58302021-12-21 10:43:23.695root 11241100x8000000000000000412780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c94c5a96144f15e02021-12-21 10:43:23.695root 11241100x8000000000000000412781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a487c8f09aa7f22021-12-21 10:43:23.695root 11241100x8000000000000000412782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20247d89d4a9e5b82021-12-21 10:43:23.695root 11241100x8000000000000000412783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fcc522f89ba37f72021-12-21 10:43:23.696root 11241100x8000000000000000412784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc3222b363eed45a2021-12-21 10:43:23.696root 11241100x8000000000000000412785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6047279ee83ff1752021-12-21 10:43:23.696root 354300x8000000000000000412786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.139{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47506-false10.0.1.12-8000- 11241100x8000000000000000412787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.418fb4d75336386f2021-12-21 10:43:24.140root 11241100x8000000000000000412788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a3623cc58c007a2021-12-21 10:43:24.140root 11241100x8000000000000000412789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c62d6f0b9baed02021-12-21 10:43:24.140root 11241100x8000000000000000412790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.764147b6319b01b92021-12-21 10:43:24.141root 11241100x8000000000000000412791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e520f1610a9691142021-12-21 10:43:24.141root 11241100x8000000000000000412792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7338751e6b69a34b2021-12-21 10:43:24.141root 11241100x8000000000000000412793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e433813bf7ac7a622021-12-21 10:43:24.141root 11241100x8000000000000000412794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c3d0e927090a1a22021-12-21 10:43:24.141root 11241100x8000000000000000412795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f263850051049e2021-12-21 10:43:24.141root 11241100x8000000000000000412796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d51311ea2837f0e2021-12-21 10:43:24.142root 11241100x8000000000000000412797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515b9970ea07e55d2021-12-21 10:43:24.142root 11241100x8000000000000000412798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27138cce1a6824382021-12-21 10:43:24.142root 11241100x8000000000000000412799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e861b20a1e559edc2021-12-21 10:43:24.142root 11241100x8000000000000000412800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c329a9d4f1ce79c82021-12-21 10:43:24.142root 11241100x8000000000000000412801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf0f58f59dcef3b2021-12-21 10:43:24.142root 11241100x8000000000000000412802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af56a637826655502021-12-21 10:43:24.143root 11241100x8000000000000000412803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e9daad964d82952021-12-21 10:43:24.143root 11241100x8000000000000000412804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5faa6393e05556b2021-12-21 10:43:24.143root 11241100x8000000000000000412805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a08ae39af533abd2021-12-21 10:43:24.143root 11241100x8000000000000000412806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8269d30950c3c8992021-12-21 10:43:24.143root 11241100x8000000000000000412807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f4f78178907f022021-12-21 10:43:24.144root 11241100x8000000000000000412808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e82fea944cfcbb22021-12-21 10:43:24.144root 11241100x8000000000000000412809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c1fc5623906ad272021-12-21 10:43:24.144root 11241100x8000000000000000412810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50dad29569777c562021-12-21 10:43:24.145root 11241100x8000000000000000412811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c58bb68f3f0355a2021-12-21 10:43:24.145root 11241100x8000000000000000412812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e4a2013384886a32021-12-21 10:43:24.145root 11241100x8000000000000000412813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35482fc5eaf1fdcf2021-12-21 10:43:24.145root 11241100x8000000000000000412814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12308bd5b50a7fb82021-12-21 10:43:24.145root 11241100x8000000000000000412815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceafe04340bbbbab2021-12-21 10:43:24.145root 11241100x8000000000000000412816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a2148e813d11dcd2021-12-21 10:43:24.145root 11241100x8000000000000000412817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60523868bb157a0d2021-12-21 10:43:24.145root 11241100x8000000000000000412818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.481e83cfe97003592021-12-21 10:43:24.145root 11241100x8000000000000000412819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.146{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3febd9fb5f6a0b612021-12-21 10:43:24.146root 11241100x8000000000000000412820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.146{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400832839f407fd72021-12-21 10:43:24.146root 11241100x8000000000000000412821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1a22527acf211b2021-12-21 10:43:24.443root 11241100x8000000000000000412822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c4ddc5930d6f3552021-12-21 10:43:24.443root 11241100x8000000000000000412823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a50dfa8a25ee89122021-12-21 10:43:24.443root 11241100x8000000000000000412824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ac2a6f1dc4c358d2021-12-21 10:43:24.444root 11241100x8000000000000000412825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.831457fae68687c62021-12-21 10:43:24.444root 11241100x8000000000000000412826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.852fa00b026ae3f02021-12-21 10:43:24.444root 11241100x8000000000000000412827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f87bf097d12cadfc2021-12-21 10:43:24.444root 11241100x8000000000000000412828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8f7bf91a3c6b7552021-12-21 10:43:24.444root 11241100x8000000000000000412829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46e56497f4064edb2021-12-21 10:43:24.444root 11241100x8000000000000000412830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b4955c8ed44e6e2021-12-21 10:43:24.444root 11241100x8000000000000000412831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b65130ac96a1a9df2021-12-21 10:43:24.444root 11241100x8000000000000000412832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7952af61c6c4ad6e2021-12-21 10:43:24.444root 11241100x8000000000000000412833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08188c702d3c8432021-12-21 10:43:24.444root 11241100x8000000000000000412834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ef62d242fe85e042021-12-21 10:43:24.444root 11241100x8000000000000000412835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c31125a197d6f12021-12-21 10:43:24.444root 11241100x8000000000000000412836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc82fe3990ec96d2021-12-21 10:43:24.445root 11241100x8000000000000000412837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18480131673be1252021-12-21 10:43:24.445root 11241100x8000000000000000412838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8469ce7ae97934b42021-12-21 10:43:24.445root 11241100x8000000000000000412839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c1fb97dbd567b512021-12-21 10:43:24.445root 11241100x8000000000000000412840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f413222dd06fb6442021-12-21 10:43:24.445root 11241100x8000000000000000412841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc8bedb3af87fc302021-12-21 10:43:24.445root 11241100x8000000000000000412842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb8d1a0351bbcf52021-12-21 10:43:24.445root 11241100x8000000000000000412843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3de19490bee894852021-12-21 10:43:24.445root 11241100x8000000000000000412844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbda84d868d8a3ea2021-12-21 10:43:24.445root 11241100x8000000000000000412845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71badca33af08ade2021-12-21 10:43:24.445root 11241100x8000000000000000412846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28c01f8a58c6a672021-12-21 10:43:24.445root 11241100x8000000000000000412847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7ce4bfd954098572021-12-21 10:43:24.445root 11241100x8000000000000000412848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad06857c6821de992021-12-21 10:43:24.943root 11241100x8000000000000000412849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fefcbed5bd616fd72021-12-21 10:43:24.943root 11241100x8000000000000000412850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9340049e8bae4c5c2021-12-21 10:43:24.943root 11241100x8000000000000000412851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b47308aa40c9c5b32021-12-21 10:43:24.943root 11241100x8000000000000000412852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd16dcc685f2fe372021-12-21 10:43:24.943root 11241100x8000000000000000412853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11154f32a6f13bb82021-12-21 10:43:24.944root 11241100x8000000000000000412854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34be33d0c82118c62021-12-21 10:43:24.944root 11241100x8000000000000000412855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3552dfff982ce48f2021-12-21 10:43:24.944root 11241100x8000000000000000412856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a836971f63f719592021-12-21 10:43:24.944root 11241100x8000000000000000412857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.759f7390cd6265a52021-12-21 10:43:24.944root 11241100x8000000000000000412858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c809cef9a68bfcda2021-12-21 10:43:24.944root 11241100x8000000000000000412859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e652b19f6cca7742021-12-21 10:43:24.944root 11241100x8000000000000000412860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d737293419e8f7df2021-12-21 10:43:24.944root 11241100x8000000000000000412861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e19b3a7ecba62ecd2021-12-21 10:43:24.944root 11241100x8000000000000000412862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e1c559d7e11ea52021-12-21 10:43:24.944root 11241100x8000000000000000412863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0155a43a3322175f2021-12-21 10:43:24.944root 11241100x8000000000000000412864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d76e1b9450a0c122021-12-21 10:43:24.944root 11241100x8000000000000000412865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.affda81e561fed212021-12-21 10:43:24.944root 11241100x8000000000000000412866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0dde9c949eef29d2021-12-21 10:43:24.944root 11241100x8000000000000000412867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a64852075dda8ac2021-12-21 10:43:24.944root 11241100x8000000000000000412868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e6d95f2b1bdc492021-12-21 10:43:24.945root 11241100x8000000000000000412869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb8e1d65d87788a2021-12-21 10:43:24.945root 11241100x8000000000000000412870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccf265a904286b1f2021-12-21 10:43:24.945root 11241100x8000000000000000412871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be3ee730ae03c7be2021-12-21 10:43:24.945root 11241100x8000000000000000412872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cb85c578ebb93592021-12-21 10:43:24.945root 11241100x8000000000000000412873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f41f482e06d1c42021-12-21 10:43:24.945root 11241100x8000000000000000412874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc6c5c8a932221062021-12-21 10:43:24.945root 11241100x8000000000000000412875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce59d3eba6b864f82021-12-21 10:43:24.945root 11241100x8000000000000000412876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.018fe75a8fa87ddb2021-12-21 10:43:24.945root 354300x8000000000000000412877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.203{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-34572-false10.0.1.12-8089- 11241100x8000000000000000412878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71be55f04e9bdcd82021-12-21 10:43:25.204root 11241100x8000000000000000412879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d566af86826aa58d2021-12-21 10:43:25.204root 11241100x8000000000000000412880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.202fd47ccfb4019f2021-12-21 10:43:25.204root 11241100x8000000000000000412881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d7b331b7d9bbf22021-12-21 10:43:25.204root 11241100x8000000000000000412882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ec4fda2c77a0c172021-12-21 10:43:25.204root 11241100x8000000000000000412883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11dd827a3f3306242021-12-21 10:43:25.204root 11241100x8000000000000000412884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.761178a3220f20ac2021-12-21 10:43:25.204root 11241100x8000000000000000412885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1c285d6c5883e8a2021-12-21 10:43:25.204root 11241100x8000000000000000412886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81c4531da2563fe92021-12-21 10:43:25.205root 11241100x8000000000000000412887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69bd67de4df939e52021-12-21 10:43:25.205root 11241100x8000000000000000412888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7df9854b497b6742021-12-21 10:43:25.205root 11241100x8000000000000000412889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.868632c353b18fc92021-12-21 10:43:25.205root 11241100x8000000000000000412890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b14566e4a17cbd2021-12-21 10:43:25.205root 11241100x8000000000000000412891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfcf441eec41d3752021-12-21 10:43:25.205root 11241100x8000000000000000412892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71e264cbbbb336822021-12-21 10:43:25.207root 11241100x8000000000000000412893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acf4b9a20fd96d442021-12-21 10:43:25.207root 11241100x8000000000000000412894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cbe7956c19806c92021-12-21 10:43:25.207root 11241100x8000000000000000412895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a01e32586783fc3c2021-12-21 10:43:25.207root 11241100x8000000000000000412896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cecf21cd52eaeb8e2021-12-21 10:43:25.207root 11241100x8000000000000000412897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d48c1885c6fcd82021-12-21 10:43:25.207root 11241100x8000000000000000412898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.199252118ecf485a2021-12-21 10:43:25.208root 11241100x8000000000000000412899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b21e8ef005fa6772021-12-21 10:43:25.208root 11241100x8000000000000000412900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a0c9b2d8e297d7d2021-12-21 10:43:25.208root 11241100x8000000000000000412901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc103c9864d5cd4c2021-12-21 10:43:25.208root 11241100x8000000000000000412902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a050495f6ab3a1f2021-12-21 10:43:25.208root 11241100x8000000000000000412903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb0671c96689570e2021-12-21 10:43:25.208root 11241100x8000000000000000412904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b1c8ffe6172b84e2021-12-21 10:43:25.209root 11241100x8000000000000000412905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a52be29b13a450de2021-12-21 10:43:25.209root 11241100x8000000000000000412906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac212f28c07bf6d2021-12-21 10:43:25.210root 11241100x8000000000000000412907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71fa5fc9a78027862021-12-21 10:43:25.210root 11241100x8000000000000000412908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb4c5e14d8ecf0a2021-12-21 10:43:25.210root 11241100x8000000000000000412909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e1c458049f718d2021-12-21 10:43:25.210root 11241100x8000000000000000412910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c5462189271d442021-12-21 10:43:25.210root 11241100x8000000000000000412911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9250d99ece20c8b62021-12-21 10:43:25.210root 11241100x8000000000000000412912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a40cea03bbdafa042021-12-21 10:43:25.210root 11241100x8000000000000000412913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd2b653f317909092021-12-21 10:43:25.211root 11241100x8000000000000000412914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa5abce6b169eaa2021-12-21 10:43:25.211root 11241100x8000000000000000412915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c679650410773a322021-12-21 10:43:25.211root 11241100x8000000000000000412916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.646165d09eee702d2021-12-21 10:43:25.212root 11241100x8000000000000000412917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e0dafb2d1405a612021-12-21 10:43:25.212root 11241100x8000000000000000412918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.213{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06689f13ccf1c1d32021-12-21 10:43:25.213root 11241100x8000000000000000412919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.213{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f7e1b28c76b3a92021-12-21 10:43:25.213root 11241100x8000000000000000412920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1490e3453749781c2021-12-21 10:43:25.693root 11241100x8000000000000000412921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcd5061ae90487632021-12-21 10:43:25.693root 11241100x8000000000000000412922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee867827a3f8d632021-12-21 10:43:25.694root 11241100x8000000000000000412923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5fad59f494ae1592021-12-21 10:43:25.694root 11241100x8000000000000000412924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a0b4b1975f9314f2021-12-21 10:43:25.694root 11241100x8000000000000000412925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a44f81c6e1fef7582021-12-21 10:43:25.694root 11241100x8000000000000000412926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d8ae40cbc7034b82021-12-21 10:43:25.694root 11241100x8000000000000000412927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d76e77abbdddf12021-12-21 10:43:25.694root 11241100x8000000000000000412928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d81c26605aa06d2021-12-21 10:43:25.695root 11241100x8000000000000000412929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e855e95efb766a0e2021-12-21 10:43:25.695root 11241100x8000000000000000412930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4324800dab295f82021-12-21 10:43:25.695root 11241100x8000000000000000412931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.150c51f8b12f25472021-12-21 10:43:25.695root 11241100x8000000000000000412932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66cad5193dd582882021-12-21 10:43:25.695root 11241100x8000000000000000412933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55fd9460b04e3ddd2021-12-21 10:43:25.695root 11241100x8000000000000000412934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a882d565f1643ff72021-12-21 10:43:25.695root 11241100x8000000000000000412935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548fff0c669f6db72021-12-21 10:43:25.695root 11241100x8000000000000000412936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dfe131dbfc3e86b2021-12-21 10:43:25.695root 11241100x8000000000000000412937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e461ffcaef15e2072021-12-21 10:43:25.695root 11241100x8000000000000000412938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea04f7322d8eae142021-12-21 10:43:25.696root 11241100x8000000000000000412939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f32118f14c4e33b92021-12-21 10:43:25.696root 11241100x8000000000000000412940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d636c2197b6880022021-12-21 10:43:25.696root 11241100x8000000000000000412941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.391b1eee038c42db2021-12-21 10:43:25.696root 11241100x8000000000000000412942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ba1b2f76b61e6382021-12-21 10:43:25.697root 11241100x8000000000000000412943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adf8a8e1e13ecf672021-12-21 10:43:25.697root 11241100x8000000000000000412944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b769ae6f770c0e2021-12-21 10:43:25.697root 11241100x8000000000000000412945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71da0b6985d972e72021-12-21 10:43:25.697root 11241100x8000000000000000412946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8614ad87de2f2c202021-12-21 10:43:25.698root 11241100x8000000000000000412947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:25.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e4525a9eb00ea832021-12-21 10:43:25.698root 11241100x8000000000000000412948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d64d9fcd0c4b49492021-12-21 10:43:26.193root 11241100x8000000000000000412949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3efa139e36cc3292021-12-21 10:43:26.193root 11241100x8000000000000000412950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb0bcab9e61644f32021-12-21 10:43:26.193root 11241100x8000000000000000412951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e9029f5fe97c302021-12-21 10:43:26.193root 11241100x8000000000000000412952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb2d5afa5381a452021-12-21 10:43:26.193root 11241100x8000000000000000412953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608e7559d62cf66f2021-12-21 10:43:26.193root 11241100x8000000000000000412954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5da0ab05e4fa71a2021-12-21 10:43:26.193root 11241100x8000000000000000412955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2928d9723b088f542021-12-21 10:43:26.194root 11241100x8000000000000000412956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.305b7f7ecc6d5c1c2021-12-21 10:43:26.194root 11241100x8000000000000000412957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea6bac6f934fe212021-12-21 10:43:26.194root 11241100x8000000000000000412958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21022fde3d50a7fb2021-12-21 10:43:26.194root 11241100x8000000000000000412959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2763a7cda76f4d2a2021-12-21 10:43:26.194root 11241100x8000000000000000412960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595b11fecc16dd7d2021-12-21 10:43:26.195root 11241100x8000000000000000412961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e14bb74e7ac7b1c92021-12-21 10:43:26.195root 11241100x8000000000000000412962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b440e5b6345161692021-12-21 10:43:26.195root 11241100x8000000000000000412963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ad3ef0622dff4f2021-12-21 10:43:26.195root 11241100x8000000000000000412964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca411cd46cc76a642021-12-21 10:43:26.195root 11241100x8000000000000000412965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e8dd06c5b759bd82021-12-21 10:43:26.195root 11241100x8000000000000000412966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20819f863abbacea2021-12-21 10:43:26.195root 11241100x8000000000000000412967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa6e2c7c0d67e81b2021-12-21 10:43:26.195root 11241100x8000000000000000412968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.346836219fcb6a652021-12-21 10:43:26.195root 11241100x8000000000000000412969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12c2c10d74c0ff762021-12-21 10:43:26.196root 11241100x8000000000000000412970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0897c30e850dfc22021-12-21 10:43:26.196root 11241100x8000000000000000412971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8afe3906d5a502ce2021-12-21 10:43:26.196root 11241100x8000000000000000412972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e84683b23edc83882021-12-21 10:43:26.196root 11241100x8000000000000000412973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677c290fd045da252021-12-21 10:43:26.196root 11241100x8000000000000000412974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.877b7e1da483cef72021-12-21 10:43:26.196root 11241100x8000000000000000412975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d6828b49b9b25962021-12-21 10:43:26.196root 11241100x8000000000000000412976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d0916ca271f8972021-12-21 10:43:26.693root 11241100x8000000000000000412977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2415fc3bd8e1a852021-12-21 10:43:26.693root 11241100x8000000000000000412978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.663a5f78d848b4292021-12-21 10:43:26.693root 11241100x8000000000000000412979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d9cc229e2de7f3a2021-12-21 10:43:26.693root 11241100x8000000000000000412980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dcb20dbe4333ddd2021-12-21 10:43:26.693root 11241100x8000000000000000412981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da86e68674a5b08f2021-12-21 10:43:26.693root 11241100x8000000000000000412982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c192620ad3f272c22021-12-21 10:43:26.693root 11241100x8000000000000000412983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6705e8e53efdd54a2021-12-21 10:43:26.693root 11241100x8000000000000000412984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa6511238f07d8832021-12-21 10:43:26.693root 11241100x8000000000000000412985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c294348b3ce93cc22021-12-21 10:43:26.694root 11241100x8000000000000000412986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a9624ae86487d6b2021-12-21 10:43:26.694root 11241100x8000000000000000412987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.722114f65e39a5112021-12-21 10:43:26.694root 11241100x8000000000000000412988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b1fb17c45375952021-12-21 10:43:26.694root 11241100x8000000000000000412989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bd47206c3a2f5642021-12-21 10:43:26.694root 11241100x8000000000000000412990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.960b884ecd50f3932021-12-21 10:43:26.694root 11241100x8000000000000000412991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2755425af5bd31bf2021-12-21 10:43:26.694root 11241100x8000000000000000412992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e48ad4a6c28048ac2021-12-21 10:43:26.694root 11241100x8000000000000000412993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c842d860d3b7ceb52021-12-21 10:43:26.695root 11241100x8000000000000000412994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.182005df3c49ec5b2021-12-21 10:43:26.695root 11241100x8000000000000000412995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af357a31661faca2021-12-21 10:43:26.695root 11241100x8000000000000000412996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c91db854a141d6462021-12-21 10:43:26.695root 11241100x8000000000000000412997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b759a70d410c9c2021-12-21 10:43:26.695root 11241100x8000000000000000412998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3053aaab309bdeb12021-12-21 10:43:26.695root 11241100x8000000000000000412999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a2ffb22a2a671ee2021-12-21 10:43:26.695root 11241100x8000000000000000413000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e795672e7892bf32021-12-21 10:43:26.695root 11241100x8000000000000000413001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7ab2fcc4b06af8a2021-12-21 10:43:26.695root 11241100x8000000000000000413002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41575b540ac5b7db2021-12-21 10:43:26.695root 11241100x8000000000000000413003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49d145232970f8b72021-12-21 10:43:26.695root 11241100x8000000000000000413004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7669839b1f8d67e2021-12-21 10:43:26.696root 11241100x8000000000000000413005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c348d7e6a76c6cd92021-12-21 10:43:26.696root 11241100x8000000000000000413006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d67ca358d35faf862021-12-21 10:43:26.696root 11241100x8000000000000000413007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e102ddc733795cc92021-12-21 10:43:26.696root 11241100x8000000000000000413008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b252bbd928c637f2021-12-21 10:43:26.696root 11241100x8000000000000000413009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a2ffcffb91eb62d2021-12-21 10:43:26.696root 11241100x8000000000000000413010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ff1046ee31df292021-12-21 10:43:26.696root 11241100x8000000000000000413011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02a82be3f2bf74bc2021-12-21 10:43:26.696root 11241100x8000000000000000413012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:26.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3de69ce5a3f5e5182021-12-21 10:43:26.696root 11241100x8000000000000000413013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f0e0b3db054a882021-12-21 10:43:27.193root 11241100x8000000000000000413014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18968384fb4e7d02021-12-21 10:43:27.193root 11241100x8000000000000000413015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4370998e86bd26c2021-12-21 10:43:27.193root 11241100x8000000000000000413016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c59b61d0da965532021-12-21 10:43:27.193root 11241100x8000000000000000413017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.178e6aed23d0b9852021-12-21 10:43:27.193root 11241100x8000000000000000413018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc860e15d08b7cdf2021-12-21 10:43:27.193root 11241100x8000000000000000413019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5005ac0b60e2f8fe2021-12-21 10:43:27.193root 11241100x8000000000000000413020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489ab7e41f5fc4082021-12-21 10:43:27.194root 11241100x8000000000000000413021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e86d7845ca1f37112021-12-21 10:43:27.194root 11241100x8000000000000000413022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ae03c50942efb92021-12-21 10:43:27.194root 11241100x8000000000000000413023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8874116d2994565e2021-12-21 10:43:27.194root 11241100x8000000000000000413024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e44048404abac452021-12-21 10:43:27.194root 11241100x8000000000000000413025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48dd7c37788a9a3a2021-12-21 10:43:27.195root 11241100x8000000000000000413026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074f62d549d3702c2021-12-21 10:43:27.195root 11241100x8000000000000000413027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e19672d7c7c6d1df2021-12-21 10:43:27.195root 11241100x8000000000000000413028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecb969dff5c9195f2021-12-21 10:43:27.195root 11241100x8000000000000000413029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874e643e46810d712021-12-21 10:43:27.195root 11241100x8000000000000000413030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:27.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acdaaae2eea998cb2021-12-21 10:43:27.196root 11241100x8000000000000000413031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:27.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48602540db60e7be2021-12-21 10:43:27.196root 11241100x8000000000000000413032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:27.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cacddb5a41735d522021-12-21 10:43:27.196root 11241100x8000000000000000413033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:27.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4865328ddc40217d2021-12-21 10:43:27.196root 11241100x8000000000000000413034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:27.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.350647614c756cf62021-12-21 10:43:27.196root 11241100x8000000000000000413035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:27.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb5f713a5d4ebc0c2021-12-21 10:43:27.196root 11241100x8000000000000000413036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:27.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1e366dcf41f01fa2021-12-21 10:43:27.196root 11241100x8000000000000000413037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:27.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41896d2a40b2ff1e2021-12-21 10:43:27.196root 11241100x8000000000000000413038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:27.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87fe22f7d8743a002021-12-21 10:43:27.197root 11241100x8000000000000000413039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:27.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b44ccb23a3ce7fea2021-12-21 10:43:27.197root 11241100x8000000000000000413040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:27.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05c5fc301f7c48b62021-12-21 10:43:27.197root 11241100x8000000000000000413041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:27.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b83afd3ab3435fdb2021-12-21 10:43:27.197root 11241100x8000000000000000413042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0892425d6464e6c52021-12-21 10:43:27.694root 11241100x8000000000000000413043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a8bdf4b5813b9212021-12-21 10:43:27.694root 11241100x8000000000000000413044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d63550621f7547fb2021-12-21 10:43:27.694root 11241100x8000000000000000413045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50927d5656ad30a42021-12-21 10:43:27.694root 11241100x8000000000000000413046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c5bc5ce471e519c2021-12-21 10:43:27.694root 11241100x8000000000000000413047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a6a1a2b2f21e9f2021-12-21 10:43:27.694root 11241100x8000000000000000413048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f64271f7cac3572021-12-21 10:43:27.694root 11241100x8000000000000000413049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2245c1cb1a84c0eb2021-12-21 10:43:27.695root 11241100x8000000000000000413050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa8834915b50bdb92021-12-21 10:43:27.695root 11241100x8000000000000000413051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6792f106c4ebcea82021-12-21 10:43:27.695root 11241100x8000000000000000413052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8207635eabd515572021-12-21 10:43:27.695root 11241100x8000000000000000413053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0463e5f659a387912021-12-21 10:43:27.695root 11241100x8000000000000000413054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f53464fed31dd892021-12-21 10:43:27.695root 11241100x8000000000000000413055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b361ed0315990822021-12-21 10:43:27.695root 11241100x8000000000000000413056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.effcecd25af303a12021-12-21 10:43:27.695root 11241100x8000000000000000413057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e06032506bbc4fb12021-12-21 10:43:27.695root 11241100x8000000000000000413058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ab0f49089aab432021-12-21 10:43:27.696root 11241100x8000000000000000413059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677caa48aa0051aa2021-12-21 10:43:27.696root 11241100x8000000000000000413060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ab50ce41ddcf872021-12-21 10:43:27.696root 11241100x8000000000000000413061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9303e1747a7e0c2021-12-21 10:43:27.696root 11241100x8000000000000000413062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f950daba15536a7e2021-12-21 10:43:27.696root 11241100x8000000000000000413063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09be1c4ba2b41e42021-12-21 10:43:27.696root 11241100x8000000000000000413064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17be220690fced962021-12-21 10:43:27.696root 11241100x8000000000000000413065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b90ccecb214372b42021-12-21 10:43:27.696root 11241100x8000000000000000413066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef62b797b216fbff2021-12-21 10:43:27.696root 11241100x8000000000000000413067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a44ca4b3de1514332021-12-21 10:43:27.696root 11241100x8000000000000000413068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb49f6acc9713a282021-12-21 10:43:27.696root 11241100x8000000000000000413069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:27.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6976500ca5fd14482021-12-21 10:43:27.697root 11241100x8000000000000000413070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a9b4ad46dff15822021-12-21 10:43:28.193root 11241100x8000000000000000413071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7b89324f8e7889a2021-12-21 10:43:28.194root 11241100x8000000000000000413072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e1c559da43109172021-12-21 10:43:28.194root 11241100x8000000000000000413073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.985d82d5be68ac872021-12-21 10:43:28.194root 11241100x8000000000000000413074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd9224764f7cf142021-12-21 10:43:28.194root 11241100x8000000000000000413075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8272791b5111e4c2021-12-21 10:43:28.194root 11241100x8000000000000000413076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.835fa81d3ea54b262021-12-21 10:43:28.194root 11241100x8000000000000000413077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e85356b04d8a7022021-12-21 10:43:28.194root 11241100x8000000000000000413078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b9af11f32a68642021-12-21 10:43:28.194root 11241100x8000000000000000413079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efced08ba4ae44ff2021-12-21 10:43:28.194root 11241100x8000000000000000413080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e9e8f5a49ef41062021-12-21 10:43:28.194root 11241100x8000000000000000413081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.352b3976328f14982021-12-21 10:43:28.194root 11241100x8000000000000000413082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e1f7af9c9838bec2021-12-21 10:43:28.194root 11241100x8000000000000000413083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd9b043b0fe23482021-12-21 10:43:28.195root 11241100x8000000000000000413084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5279aecc8ae33f7d2021-12-21 10:43:28.195root 11241100x8000000000000000413085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c1d405c0036b7382021-12-21 10:43:28.195root 11241100x8000000000000000413086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1542805a7206faa2021-12-21 10:43:28.195root 11241100x8000000000000000413087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c43aed2e759503552021-12-21 10:43:28.195root 11241100x8000000000000000413088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.333f2b3ae63a31432021-12-21 10:43:28.195root 11241100x8000000000000000413089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecb05bd9fc72bce12021-12-21 10:43:28.195root 11241100x8000000000000000413090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9333f73ed98d234f2021-12-21 10:43:28.195root 11241100x8000000000000000413091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75bab4aa88e2fc9c2021-12-21 10:43:28.195root 11241100x8000000000000000413092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f7c3a5e9d2b81f2021-12-21 10:43:28.196root 11241100x8000000000000000413093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41979206885639242021-12-21 10:43:28.196root 11241100x8000000000000000413094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e253aa1caf47e1a2021-12-21 10:43:28.196root 11241100x8000000000000000413095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cc9cd1dc090d06c2021-12-21 10:43:28.196root 11241100x8000000000000000413096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f15ba10fe580712a2021-12-21 10:43:28.196root 11241100x8000000000000000413097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.517033b8d42ff9bc2021-12-21 10:43:28.196root 11241100x8000000000000000413098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b163fda85618bbc62021-12-21 10:43:28.694root 11241100x8000000000000000413099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a00241c48be990c2021-12-21 10:43:28.694root 11241100x8000000000000000413100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b0e2a7c6064cf922021-12-21 10:43:28.694root 11241100x8000000000000000413101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e66edd003f2d20882021-12-21 10:43:28.694root 11241100x8000000000000000413102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e97a80664c44915a2021-12-21 10:43:28.694root 11241100x8000000000000000413103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aac3b151ef262592021-12-21 10:43:28.694root 11241100x8000000000000000413104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac473a7b296d77622021-12-21 10:43:28.694root 11241100x8000000000000000413105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.093e4412a2b7ecf02021-12-21 10:43:28.694root 11241100x8000000000000000413106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7101e458f4007bd2021-12-21 10:43:28.694root 11241100x8000000000000000413107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c105b6a7616c95bd2021-12-21 10:43:28.694root 11241100x8000000000000000413108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5804d1991eb04402021-12-21 10:43:28.694root 11241100x8000000000000000413109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caf6ee19778d6d252021-12-21 10:43:28.695root 11241100x8000000000000000413110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf55376e85de94f2021-12-21 10:43:28.695root 11241100x8000000000000000413111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf06adae11365c72021-12-21 10:43:28.695root 11241100x8000000000000000413112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0646c1a84aec516e2021-12-21 10:43:28.695root 11241100x8000000000000000413113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f6da80f35e1a112021-12-21 10:43:28.695root 11241100x8000000000000000413114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b9f49ac7f71c1bf2021-12-21 10:43:28.695root 11241100x8000000000000000413115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f6383e6f9a283b62021-12-21 10:43:28.695root 11241100x8000000000000000413116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725d2dd3b410220f2021-12-21 10:43:28.695root 11241100x8000000000000000413117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f2d498dd8cf0ec02021-12-21 10:43:28.695root 11241100x8000000000000000413118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:28.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b5280ad4b282da2021-12-21 10:43:28.696root 11241100x8000000000000000413119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:28.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c75d46e9cd284dda2021-12-21 10:43:28.696root 11241100x8000000000000000413120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:28.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5779c5e0f788b70e2021-12-21 10:43:28.696root 11241100x8000000000000000413121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:28.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49e364ad320142572021-12-21 10:43:28.696root 11241100x8000000000000000413122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:28.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f6c3a8723143202021-12-21 10:43:28.696root 11241100x8000000000000000413123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:28.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d854155f2259a62021-12-21 10:43:28.696root 11241100x8000000000000000413124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:28.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe3280c3ed9c46e72021-12-21 10:43:28.696root 11241100x8000000000000000413125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:28.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf27c7a36820ff52021-12-21 10:43:28.696root 354300x8000000000000000413126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.148{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47510-false10.0.1.12-8000- 11241100x8000000000000000413127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.148{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b56850a29ab8eed2021-12-21 10:43:29.148root 11241100x8000000000000000413128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e077384c14edbae2021-12-21 10:43:29.149root 11241100x8000000000000000413129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ccc792412978d592021-12-21 10:43:29.149root 11241100x8000000000000000413130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bfc9ddfec483d6e2021-12-21 10:43:29.149root 11241100x8000000000000000413131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e21c97859aedbe2021-12-21 10:43:29.149root 11241100x8000000000000000413132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa470d8d38b8053c2021-12-21 10:43:29.149root 11241100x8000000000000000413133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d095d9a62cb309a2021-12-21 10:43:29.149root 11241100x8000000000000000413134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a272a7247920ef12021-12-21 10:43:29.150root 11241100x8000000000000000413135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc85c924f98f17e52021-12-21 10:43:29.150root 11241100x8000000000000000413136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3173b4a24e2374f22021-12-21 10:43:29.150root 11241100x8000000000000000413137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f90402349bede32021-12-21 10:43:29.150root 11241100x8000000000000000413138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63397a5b2bea55ef2021-12-21 10:43:29.150root 11241100x8000000000000000413139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fbe668845c30a7f2021-12-21 10:43:29.150root 11241100x8000000000000000413140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea2cd6de964519882021-12-21 10:43:29.150root 11241100x8000000000000000413141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd67b283039d8f892021-12-21 10:43:29.150root 11241100x8000000000000000413142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a836299ba30e13792021-12-21 10:43:29.151root 11241100x8000000000000000413143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f826f3b70f7a82082021-12-21 10:43:29.151root 11241100x8000000000000000413144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d08ef474a81ddf22021-12-21 10:43:29.151root 11241100x8000000000000000413145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e9deab1ff2a72c2021-12-21 10:43:29.151root 11241100x8000000000000000413146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc4d09af864f42d42021-12-21 10:43:29.151root 11241100x8000000000000000413147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b66fad55ca4cdf62021-12-21 10:43:29.151root 11241100x8000000000000000413148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10dc492b4a54b7a52021-12-21 10:43:29.151root 11241100x8000000000000000413149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a421e8e881cf6d42021-12-21 10:43:29.151root 11241100x8000000000000000413150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.152{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d15d8c1fec106ce2021-12-21 10:43:29.152root 11241100x8000000000000000413151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.152{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa556914c779f3c2021-12-21 10:43:29.152root 11241100x8000000000000000413152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.152{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d028e204effbfdbe2021-12-21 10:43:29.152root 11241100x8000000000000000413153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.152{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab72a8e821a20f52021-12-21 10:43:29.152root 11241100x8000000000000000413154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.152{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc09cb21837cd622021-12-21 10:43:29.152root 11241100x8000000000000000413155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.152{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71906aec64a916a72021-12-21 10:43:29.152root 11241100x8000000000000000413156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.152{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48ec7b83cf51d95c2021-12-21 10:43:29.152root 11241100x8000000000000000413157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e724d5e2152f592021-12-21 10:43:29.153root 11241100x8000000000000000413158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62711234af8060582021-12-21 10:43:29.153root 11241100x8000000000000000413159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.235d9d244061c1512021-12-21 10:43:29.153root 11241100x8000000000000000413160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46d07255700a16432021-12-21 10:43:29.153root 11241100x8000000000000000413161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.220dcc2d28d6763e2021-12-21 10:43:29.153root 11241100x8000000000000000413162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b09ab9f93ef01fc72021-12-21 10:43:29.153root 11241100x8000000000000000413163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58422a93c6e4a06d2021-12-21 10:43:29.153root 11241100x8000000000000000413164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.153{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e4bc940aa9f88a82021-12-21 10:43:29.153root 11241100x8000000000000000413165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2133ae6df7979cd32021-12-21 10:43:29.154root 11241100x8000000000000000413166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f1f81a1cd1e67582021-12-21 10:43:29.154root 11241100x8000000000000000413167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.568e3729af4243ac2021-12-21 10:43:29.154root 11241100x8000000000000000413168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae66c71c1e3c1ce2021-12-21 10:43:29.154root 11241100x8000000000000000413169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3552b1fbb07810ba2021-12-21 10:43:29.154root 11241100x8000000000000000413170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d7c127f84669f8d2021-12-21 10:43:29.154root 11241100x8000000000000000413171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b084cf5d11f53d372021-12-21 10:43:29.154root 11241100x8000000000000000413172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.154{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.771736837ae466042021-12-21 10:43:29.154root 11241100x8000000000000000413173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.155{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d66094de2a03f6492021-12-21 10:43:29.155root 11241100x8000000000000000413174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.155{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52eac597474437002021-12-21 10:43:29.155root 11241100x8000000000000000413175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.155{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c08ffbc65427b42021-12-21 10:43:29.155root 11241100x8000000000000000413176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.155{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f9d5136e84ff8952021-12-21 10:43:29.155root 11241100x8000000000000000413177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.155{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.722ae6fe119371a32021-12-21 10:43:29.155root 11241100x8000000000000000413178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.155{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46680e0f458d74332021-12-21 10:43:29.155root 11241100x8000000000000000413179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.155{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d58b13d77fd956602021-12-21 10:43:29.155root 11241100x8000000000000000413180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.156{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d98442772c7d439d2021-12-21 10:43:29.156root 11241100x8000000000000000413181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.156{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bea62f116e51d3ff2021-12-21 10:43:29.156root 11241100x8000000000000000413182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.156{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e5576549922b602021-12-21 10:43:29.156root 11241100x8000000000000000413183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.156{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.117c8011376be9ef2021-12-21 10:43:29.156root 11241100x8000000000000000413184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.156{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4de1066c655ec72d2021-12-21 10:43:29.156root 11241100x8000000000000000413185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.156{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e331fd2253ce4dd2021-12-21 10:43:29.156root 11241100x8000000000000000413186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.156{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41e4c4474bf2567a2021-12-21 10:43:29.156root 11241100x8000000000000000413187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.156{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4a40bbf27216a842021-12-21 10:43:29.156root 11241100x8000000000000000413188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189fe844c74587532021-12-21 10:43:29.157root 11241100x8000000000000000413189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cdab6b17a2fc7be2021-12-21 10:43:29.157root 11241100x8000000000000000413190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.684e5113d7023d702021-12-21 10:43:29.157root 11241100x8000000000000000413191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35fb8b408da31b552021-12-21 10:43:29.157root 11241100x8000000000000000413192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df8f36f3da0dc6532021-12-21 10:43:29.157root 11241100x8000000000000000413193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc0bce45843015c02021-12-21 10:43:29.157root 11241100x8000000000000000413194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0cc75c3dd829bb22021-12-21 10:43:29.157root 11241100x8000000000000000413195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95050db9a0ce3ed52021-12-21 10:43:29.157root 11241100x8000000000000000413196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20866f30cceecec42021-12-21 10:43:29.157root 11241100x8000000000000000413197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79fd25315108678a2021-12-21 10:43:29.157root 11241100x8000000000000000413198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d3f4ca43fa3b8dc2021-12-21 10:43:29.157root 11241100x8000000000000000413199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41cf88b47ae185be2021-12-21 10:43:29.157root 11241100x8000000000000000413200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df8dcf051a8a31d2021-12-21 10:43:29.157root 11241100x8000000000000000413201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.158{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e8a61533cc08ca2021-12-21 10:43:29.158root 11241100x8000000000000000413202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.158{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6874ce3c9e8e65052021-12-21 10:43:29.158root 11241100x8000000000000000413203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.158{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72259e79b9e02602021-12-21 10:43:29.158root 11241100x8000000000000000413204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.158{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c883644db1dc432021-12-21 10:43:29.158root 11241100x8000000000000000413205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.158{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f63fd403387206572021-12-21 10:43:29.158root 11241100x8000000000000000413206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.158{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acaf038e4edb7e672021-12-21 10:43:29.158root 11241100x8000000000000000413207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.158{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a1073439d78efcd2021-12-21 10:43:29.158root 11241100x8000000000000000413208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.158{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc4d8688c47dae7e2021-12-21 10:43:29.158root 11241100x8000000000000000413209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.158{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2991811641dc24702021-12-21 10:43:29.158root 11241100x8000000000000000413210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.158{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.930a9141a996129b2021-12-21 10:43:29.158root 11241100x8000000000000000413211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.372e7de98a9b8d672021-12-21 10:43:29.443root 11241100x8000000000000000413212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2556d3c7cefba3952021-12-21 10:43:29.443root 11241100x8000000000000000413213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.944b9a8cb133dd142021-12-21 10:43:29.444root 11241100x8000000000000000413214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca971f122c81fee22021-12-21 10:43:29.444root 11241100x8000000000000000413215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb68b7c368b02d6f2021-12-21 10:43:29.444root 11241100x8000000000000000413216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc429d600bce5d302021-12-21 10:43:29.444root 11241100x8000000000000000413217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10bc552f162843352021-12-21 10:43:29.444root 11241100x8000000000000000413218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f34143d671dc3e9d2021-12-21 10:43:29.444root 11241100x8000000000000000413219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2354478fc931dcb2021-12-21 10:43:29.444root 11241100x8000000000000000413220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a49e058c9ff8e092021-12-21 10:43:29.445root 11241100x8000000000000000413221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.952f6e46e14474142021-12-21 10:43:29.445root 11241100x8000000000000000413222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f094e4d404f6d22021-12-21 10:43:29.445root 11241100x8000000000000000413223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ee1d4fa568832b2021-12-21 10:43:29.445root 11241100x8000000000000000413224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c29275e9069a772021-12-21 10:43:29.445root 11241100x8000000000000000413225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a8f928fa8518f712021-12-21 10:43:29.445root 11241100x8000000000000000413226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2210a2c1a0d86a5c2021-12-21 10:43:29.445root 11241100x8000000000000000413227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.554c83a3ef924c642021-12-21 10:43:29.445root 11241100x8000000000000000413228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d432dd7447f06c212021-12-21 10:43:29.445root 11241100x8000000000000000413229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d30432d3c6a42ad2021-12-21 10:43:29.445root 11241100x8000000000000000413230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92fa05c16fadb9062021-12-21 10:43:29.446root 11241100x8000000000000000413231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7942b0b4571a0fd42021-12-21 10:43:29.446root 11241100x8000000000000000413232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c038d40d7d60a42021-12-21 10:43:29.446root 11241100x8000000000000000413233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.868624e56bdc477b2021-12-21 10:43:29.446root 11241100x8000000000000000413234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37950deab8e8370d2021-12-21 10:43:29.446root 11241100x8000000000000000413235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d346e24b5220522021-12-21 10:43:29.446root 11241100x8000000000000000413236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f2c78a003b225f2021-12-21 10:43:29.446root 11241100x8000000000000000413237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a30858f3364c8172021-12-21 10:43:29.446root 11241100x8000000000000000413238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a11981f513430e2021-12-21 10:43:29.447root 11241100x8000000000000000413239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d03779916cfeb3882021-12-21 10:43:29.447root 11241100x8000000000000000413240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd723b50b0b3e6bd2021-12-21 10:43:29.943root 11241100x8000000000000000413241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1ff1a08552db40c2021-12-21 10:43:29.943root 11241100x8000000000000000413242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a25da3ea1674cc8d2021-12-21 10:43:29.943root 11241100x8000000000000000413243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6734f79988605d5e2021-12-21 10:43:29.943root 11241100x8000000000000000413244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.535076a8230483602021-12-21 10:43:29.944root 11241100x8000000000000000413245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3073e239d4d71ecb2021-12-21 10:43:29.944root 11241100x8000000000000000413246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d9581842df7fb042021-12-21 10:43:29.944root 11241100x8000000000000000413247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b189736cbabf52732021-12-21 10:43:29.944root 11241100x8000000000000000413248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8653415636493f252021-12-21 10:43:29.944root 11241100x8000000000000000413249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a88a0ea2185be72021-12-21 10:43:29.944root 11241100x8000000000000000413250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac4baf817ed0d99e2021-12-21 10:43:29.944root 11241100x8000000000000000413251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec08be5485eff632021-12-21 10:43:29.944root 11241100x8000000000000000413252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54cc031dacb18b2a2021-12-21 10:43:29.944root 11241100x8000000000000000413253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf1f77834ab68702021-12-21 10:43:29.944root 11241100x8000000000000000413254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.720cb056fdd4603f2021-12-21 10:43:29.945root 11241100x8000000000000000413255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e078100b77fbe362021-12-21 10:43:29.945root 11241100x8000000000000000413256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f2b8c4226fc749b2021-12-21 10:43:29.945root 11241100x8000000000000000413257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b956e226e66863f2021-12-21 10:43:29.945root 11241100x8000000000000000413258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21cf426eba17f3122021-12-21 10:43:29.945root 11241100x8000000000000000413259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.951b4b5d04b2c8e72021-12-21 10:43:29.945root 11241100x8000000000000000413260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf887e9fdfcfb9af2021-12-21 10:43:29.945root 11241100x8000000000000000413261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73fc87640e1afcc32021-12-21 10:43:29.946root 11241100x8000000000000000413262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.284e9da62da83f432021-12-21 10:43:29.946root 11241100x8000000000000000413263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f14ce6f91c420bf42021-12-21 10:43:29.946root 11241100x8000000000000000413264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2382d3f6209baf362021-12-21 10:43:29.946root 11241100x8000000000000000413265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2220f4b0f440215c2021-12-21 10:43:29.946root 11241100x8000000000000000413266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e862ffc0b9a69add2021-12-21 10:43:29.946root 11241100x8000000000000000413267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6b79dc05f75fb12021-12-21 10:43:29.947root 11241100x8000000000000000413268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.865e1882ec94bc352021-12-21 10:43:29.947root 11241100x8000000000000000413269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae7bd939a85edc432021-12-21 10:43:29.947root 11241100x8000000000000000413270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a311ee52033d9ad62021-12-21 10:43:29.947root 11241100x8000000000000000413271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3d5600d1e233a52021-12-21 10:43:29.947root 11241100x8000000000000000413272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc1cb51754c043222021-12-21 10:43:29.947root 11241100x8000000000000000413273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd326ac86e383a8d2021-12-21 10:43:29.948root 11241100x8000000000000000413274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26499a99d521d66f2021-12-21 10:43:29.948root 11241100x8000000000000000413275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf70ab071cb97c12021-12-21 10:43:29.948root 11241100x8000000000000000413276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a1b39b8a7fa9d882021-12-21 10:43:29.948root 11241100x8000000000000000413277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d13118fd68af7642021-12-21 10:43:29.948root 11241100x8000000000000000413278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97aac532770a9bb92021-12-21 10:43:29.948root 11241100x8000000000000000413279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2f145396ef623b2021-12-21 10:43:29.948root 11241100x8000000000000000413280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37d25d548624bc902021-12-21 10:43:29.948root 11241100x8000000000000000413281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:29.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a0cd536a1a0afd42021-12-21 10:43:29.948root 11241100x8000000000000000413282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccb07cdd19ec10ed2021-12-21 10:43:30.443root 11241100x8000000000000000413283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a5827a590c39d1e2021-12-21 10:43:30.443root 11241100x8000000000000000413284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c644ccdc46caed2021-12-21 10:43:30.443root 11241100x8000000000000000413285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c75f02ac3ef55702021-12-21 10:43:30.444root 11241100x8000000000000000413286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6447c608ccab889a2021-12-21 10:43:30.444root 11241100x8000000000000000413287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d826ea93fb5720e62021-12-21 10:43:30.444root 11241100x8000000000000000413288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd07c75db7822212021-12-21 10:43:30.444root 11241100x8000000000000000413289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f40db171b7bac8342021-12-21 10:43:30.444root 11241100x8000000000000000413290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7e215defb7ba772021-12-21 10:43:30.444root 11241100x8000000000000000413291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4248199636fe47fd2021-12-21 10:43:30.444root 11241100x8000000000000000413292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d10749cca41064202021-12-21 10:43:30.444root 11241100x8000000000000000413293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32252cd62264ef4f2021-12-21 10:43:30.444root 11241100x8000000000000000413294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb0d816985621c92021-12-21 10:43:30.444root 11241100x8000000000000000413295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cdabba8658d90f22021-12-21 10:43:30.444root 11241100x8000000000000000413296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b63f22fb423ea0ca2021-12-21 10:43:30.444root 11241100x8000000000000000413297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14476082bae478fe2021-12-21 10:43:30.445root 11241100x8000000000000000413298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.875335b81d7eb50a2021-12-21 10:43:30.445root 11241100x8000000000000000413299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d8ac5ca3e26e97c2021-12-21 10:43:30.445root 11241100x8000000000000000413300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fce618b95879ecc2021-12-21 10:43:30.445root 11241100x8000000000000000413301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5398ade9243515222021-12-21 10:43:30.445root 11241100x8000000000000000413302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.289ee31bb7ff93222021-12-21 10:43:30.445root 11241100x8000000000000000413303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52d93d4ba284a7232021-12-21 10:43:30.445root 11241100x8000000000000000413304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440679848c396a102021-12-21 10:43:30.445root 11241100x8000000000000000413305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30920004f0f4d2392021-12-21 10:43:30.445root 11241100x8000000000000000413306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67573db956452f732021-12-21 10:43:30.445root 11241100x8000000000000000413307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:30.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec6430403c987cfa2021-12-21 10:43:30.446root 11241100x8000000000000000413308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:30.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f94303ae72c0cc2021-12-21 10:43:30.446root 11241100x8000000000000000413309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:30.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea4b722692de63c2021-12-21 10:43:30.446root 11241100x8000000000000000413310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:30.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a47b9c15390e2cb2021-12-21 10:43:30.446root 11241100x8000000000000000413311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62cf46736b9d1a4f2021-12-21 10:43:30.943root 11241100x8000000000000000413312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.842a1c75a1489b042021-12-21 10:43:30.943root 11241100x8000000000000000413313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33bbb0cbb225162e2021-12-21 10:43:30.944root 11241100x8000000000000000413314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4751038e7fc97062021-12-21 10:43:30.944root 11241100x8000000000000000413315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9926c4743369be42021-12-21 10:43:30.944root 11241100x8000000000000000413316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9944eade90afd30a2021-12-21 10:43:30.944root 11241100x8000000000000000413317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db017171603b6902021-12-21 10:43:30.944root 11241100x8000000000000000413318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a0b27fa6c4c5b722021-12-21 10:43:30.944root 11241100x8000000000000000413319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a62908b946734bd2021-12-21 10:43:30.944root 11241100x8000000000000000413320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5213eebc4def693f2021-12-21 10:43:30.944root 11241100x8000000000000000413321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb7be6f34729db82021-12-21 10:43:30.944root 11241100x8000000000000000413322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f88c6613673357f12021-12-21 10:43:30.944root 11241100x8000000000000000413323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e7790cb278ca582021-12-21 10:43:30.945root 11241100x8000000000000000413324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.702561e5d5ac4ded2021-12-21 10:43:30.945root 11241100x8000000000000000413325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84f8274374255f402021-12-21 10:43:30.945root 11241100x8000000000000000413326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84731c1c8d79cf7d2021-12-21 10:43:30.945root 11241100x8000000000000000413327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e92d82ac1f89acb2021-12-21 10:43:30.945root 11241100x8000000000000000413328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac6a8d83ab53e0382021-12-21 10:43:30.945root 11241100x8000000000000000413329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c9853c53ccf5f32021-12-21 10:43:30.945root 11241100x8000000000000000413330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ce0ab49386edacc2021-12-21 10:43:30.945root 11241100x8000000000000000413331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd208b59d319d18f2021-12-21 10:43:30.945root 11241100x8000000000000000413332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c885924b45cd75312021-12-21 10:43:30.945root 11241100x8000000000000000413333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81cf5be9946134b2021-12-21 10:43:30.945root 11241100x8000000000000000413334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e2cc90b21744dc02021-12-21 10:43:30.945root 11241100x8000000000000000413335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071b575e3c9635bd2021-12-21 10:43:30.945root 11241100x8000000000000000413336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8752ddf0d30cf0f02021-12-21 10:43:30.946root 11241100x8000000000000000413337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf3521b9a0f6ccc2021-12-21 10:43:30.946root 11241100x8000000000000000413338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76320e0a6ad4452d2021-12-21 10:43:30.946root 11241100x8000000000000000413339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc570ad91926152c2021-12-21 10:43:30.946root 11241100x8000000000000000413340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b532d8a807f3e2d22021-12-21 10:43:31.443root 11241100x8000000000000000413341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab2d9932ec12029f2021-12-21 10:43:31.444root 11241100x8000000000000000413342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddab10a64e51a5152021-12-21 10:43:31.444root 11241100x8000000000000000413343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fbf00da5b3514cd2021-12-21 10:43:31.444root 11241100x8000000000000000413344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b0033ef4e4b1edf2021-12-21 10:43:31.444root 11241100x8000000000000000413345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48be1e4592d5bbdd2021-12-21 10:43:31.444root 11241100x8000000000000000413346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ffc473a34c19bd02021-12-21 10:43:31.444root 11241100x8000000000000000413347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d67a6fe46a16cc42021-12-21 10:43:31.444root 11241100x8000000000000000413348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c17da1411f71322021-12-21 10:43:31.444root 11241100x8000000000000000413349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e9df4ef55987e42021-12-21 10:43:31.444root 11241100x8000000000000000413350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce9d1d46209425b12021-12-21 10:43:31.444root 11241100x8000000000000000413351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9607c86fe2aab2152021-12-21 10:43:31.445root 11241100x8000000000000000413352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c6b48468ca30172021-12-21 10:43:31.445root 11241100x8000000000000000413353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4395af0c3f73d34b2021-12-21 10:43:31.445root 11241100x8000000000000000413354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.218e1f327f4855542021-12-21 10:43:31.445root 11241100x8000000000000000413355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.647c7a8c9219fb112021-12-21 10:43:31.445root 11241100x8000000000000000413356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d19e1466c50792c62021-12-21 10:43:31.445root 11241100x8000000000000000413357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a6638a55a55cbb2021-12-21 10:43:31.445root 11241100x8000000000000000413358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b58fbbe622a17f6f2021-12-21 10:43:31.445root 11241100x8000000000000000413359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aafdc91c350bd6f2021-12-21 10:43:31.446root 11241100x8000000000000000413360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d2e2d252e0e0822021-12-21 10:43:31.446root 11241100x8000000000000000413361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e63c55ff2438b052021-12-21 10:43:31.446root 11241100x8000000000000000413362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72f6297a78513d52021-12-21 10:43:31.446root 11241100x8000000000000000413363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5edb259cbcb0e58c2021-12-21 10:43:31.446root 11241100x8000000000000000413364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c47b994d7ae72822021-12-21 10:43:31.446root 11241100x8000000000000000413365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.981f5748fba280c62021-12-21 10:43:31.447root 11241100x8000000000000000413366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065329885fecc2fa2021-12-21 10:43:31.447root 11241100x8000000000000000413367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcbb2acc519ebf6a2021-12-21 10:43:31.447root 11241100x8000000000000000413368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7450ad423bf08de22021-12-21 10:43:31.447root 11241100x8000000000000000413369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba3ff7e6828adb812021-12-21 10:43:31.943root 11241100x8000000000000000413370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a266b3f9ebf55e2c2021-12-21 10:43:31.943root 11241100x8000000000000000413371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e801bc766530bea92021-12-21 10:43:31.943root 11241100x8000000000000000413372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c74cc2c2ab226712021-12-21 10:43:31.943root 11241100x8000000000000000413373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be0071be346fa1a92021-12-21 10:43:31.944root 11241100x8000000000000000413374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ac43dbde15b6a942021-12-21 10:43:31.944root 11241100x8000000000000000413375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db133258e54839572021-12-21 10:43:31.944root 11241100x8000000000000000413376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e2ac2b0b1b422da2021-12-21 10:43:31.944root 11241100x8000000000000000413377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6528933d04d279be2021-12-21 10:43:31.945root 11241100x8000000000000000413378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ca3f20be5cad3862021-12-21 10:43:31.945root 11241100x8000000000000000413379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f725e132cb42fb32021-12-21 10:43:31.945root 11241100x8000000000000000413380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0812dc4df9a080a2021-12-21 10:43:31.945root 11241100x8000000000000000413381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f52793145611772021-12-21 10:43:31.946root 11241100x8000000000000000413382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.736475ec087871012021-12-21 10:43:31.946root 11241100x8000000000000000413383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7f71632f8c563ef2021-12-21 10:43:31.946root 11241100x8000000000000000413384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d86a5ef141f8c862021-12-21 10:43:31.946root 11241100x8000000000000000413385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7dce427bcfea02a2021-12-21 10:43:31.947root 11241100x8000000000000000413386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.162a517e7cbbda6d2021-12-21 10:43:31.947root 11241100x8000000000000000413387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60bec242ad4975e12021-12-21 10:43:31.947root 11241100x8000000000000000413388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff064f71025d25772021-12-21 10:43:31.947root 11241100x8000000000000000413389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d1e329aedd10b772021-12-21 10:43:31.947root 11241100x8000000000000000413390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ae1ef421013b6b2021-12-21 10:43:31.948root 11241100x8000000000000000413391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9711c97efd955752021-12-21 10:43:31.948root 11241100x8000000000000000413392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17bd058c431b4b252021-12-21 10:43:31.948root 11241100x8000000000000000413393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db145393ee7d41d32021-12-21 10:43:31.948root 11241100x8000000000000000413394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2245f99088b97c42021-12-21 10:43:31.948root 11241100x8000000000000000413395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fecc2c9747b34c3a2021-12-21 10:43:31.948root 11241100x8000000000000000413396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b51aac4b86f7f6392021-12-21 10:43:31.948root 11241100x8000000000000000413397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b35a83dc0cce5702021-12-21 10:43:31.948root 11241100x8000000000000000413398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c83e59b3c0c0059e2021-12-21 10:43:31.949root 11241100x8000000000000000413399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b429afa897e3a02021-12-21 10:43:31.949root 11241100x8000000000000000413400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4051fed00dae14bd2021-12-21 10:43:31.949root 11241100x8000000000000000413401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c4b487d929e11b2021-12-21 10:43:31.949root 11241100x8000000000000000413402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f813dff5f1dc33592021-12-21 10:43:31.949root 11241100x8000000000000000413403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a9a41440a00e3012021-12-21 10:43:31.949root 11241100x8000000000000000413404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4aac79416151152021-12-21 10:43:31.949root 11241100x8000000000000000413405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:31.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf1802c0fb348e52021-12-21 10:43:31.949root 154100x8000000000000000413406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.295{ec2b6afe-afd4-61c1-68f4-052f49560000}9764/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 11241100x8000000000000000413407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.298{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcea4ef47bc43b832021-12-21 10:43:32.298root 11241100x8000000000000000413408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.298{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f391fcd26c854c9d2021-12-21 10:43:32.298root 11241100x8000000000000000413409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.298{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce8c9522563b3ca22021-12-21 10:43:32.298root 11241100x8000000000000000413410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.298{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fe366e6428b6cd12021-12-21 10:43:32.298root 11241100x8000000000000000413411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.298{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b5f07ab419d7af2021-12-21 10:43:32.298root 11241100x8000000000000000413412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.298{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af8ba44ce81f99d2021-12-21 10:43:32.298root 11241100x8000000000000000413413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.298{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce1d95b1387c9602021-12-21 10:43:32.298root 11241100x8000000000000000413414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.298{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1535b0c388d0e8522021-12-21 10:43:32.298root 11241100x8000000000000000413415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.298{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d677cec4884d6d6a2021-12-21 10:43:32.298root 11241100x8000000000000000413416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.298{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2fe086b7ea3f5532021-12-21 10:43:32.298root 11241100x8000000000000000413417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.299{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d332768719a645862021-12-21 10:43:32.299root 11241100x8000000000000000413418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.299{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.360f6ab81baf55d12021-12-21 10:43:32.299root 11241100x8000000000000000413419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.299{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a7da16ad06673be2021-12-21 10:43:32.299root 11241100x8000000000000000413420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.299{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d689c3efe7d92c32021-12-21 10:43:32.299root 11241100x8000000000000000413421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.299{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89546e0a0ed19b672021-12-21 10:43:32.299root 11241100x8000000000000000413422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.299{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f69ed78875374d072021-12-21 10:43:32.299root 11241100x8000000000000000413423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.299{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43437eea55cf486a2021-12-21 10:43:32.299root 11241100x8000000000000000413424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.299{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f9022b5ebe37542021-12-21 10:43:32.299root 11241100x8000000000000000413425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.299{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ac47cfb83511012021-12-21 10:43:32.299root 11241100x8000000000000000413426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.845782e62e5c82852021-12-21 10:43:32.300root 11241100x8000000000000000413427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc157aa7ba1e9292021-12-21 10:43:32.300root 11241100x8000000000000000413428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.814e07c86a991e372021-12-21 10:43:32.300root 11241100x8000000000000000413429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d23954c3463e12502021-12-21 10:43:32.300root 11241100x8000000000000000413430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b955369ee7e5452021-12-21 10:43:32.300root 11241100x8000000000000000413431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe9adc98db0553e2021-12-21 10:43:32.300root 11241100x8000000000000000413432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2dba326a1ebed082021-12-21 10:43:32.300root 11241100x8000000000000000413433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09406d1e6da92f152021-12-21 10:43:32.300root 11241100x8000000000000000413434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b86fa1a156833ee2021-12-21 10:43:32.300root 11241100x8000000000000000413435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9c9e06fc9dabd62021-12-21 10:43:32.300root 11241100x8000000000000000413436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df5c3aca0fb59c6d2021-12-21 10:43:32.301root 11241100x8000000000000000413437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48671e5fb65088d32021-12-21 10:43:32.301root 11241100x8000000000000000413438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84723831956b401d2021-12-21 10:43:32.301root 11241100x8000000000000000413439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b894ce2927b7e6c2021-12-21 10:43:32.301root 11241100x8000000000000000413440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ed272318b54d862021-12-21 10:43:32.301root 11241100x8000000000000000413441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.521a9ffb161373412021-12-21 10:43:32.301root 11241100x8000000000000000413442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.302{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d48e1476321f622021-12-21 10:43:32.302root 11241100x8000000000000000413443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.302{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38b7d59eff80631e2021-12-21 10:43:32.302root 11241100x8000000000000000413444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.302{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d981d340bc9b6d892021-12-21 10:43:32.302root 11241100x8000000000000000413445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.302{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fca9586f7fe21b72021-12-21 10:43:32.302root 11241100x8000000000000000413446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.302{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3a9164333c6c6e2021-12-21 10:43:32.302root 11241100x8000000000000000413447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.302{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.796c5495d69062042021-12-21 10:43:32.302root 11241100x8000000000000000413448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.302{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c646a446c939b42021-12-21 10:43:32.302root 11241100x8000000000000000413449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.302{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75874ea91cc9f4312021-12-21 10:43:32.302root 11241100x8000000000000000413450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.302{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f76f3dae98bcd09e2021-12-21 10:43:32.302root 11241100x8000000000000000413451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.302{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efec6973f7aa92612021-12-21 10:43:32.302root 11241100x8000000000000000413452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.303{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b09cfbe5dbd18a12021-12-21 10:43:32.303root 11241100x8000000000000000413453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.303{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7113b63871e8778d2021-12-21 10:43:32.303root 11241100x8000000000000000413454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.303{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12911832d1aeecd92021-12-21 10:43:32.303root 11241100x8000000000000000413455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.303{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aabdcfe38e0163e2021-12-21 10:43:32.303root 11241100x8000000000000000413456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.303{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82f79945016b553b2021-12-21 10:43:32.303root 11241100x8000000000000000413457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.303{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85af521c24d3f1a92021-12-21 10:43:32.303root 11241100x8000000000000000413458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.303{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.039e64d2aba67fee2021-12-21 10:43:32.303root 11241100x8000000000000000413459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.304{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b45479b010acd02021-12-21 10:43:32.304root 11241100x8000000000000000413460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.304{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc4f69878107e9fe2021-12-21 10:43:32.304root 11241100x8000000000000000413461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.304{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1be7fc8534ba41072021-12-21 10:43:32.304root 11241100x8000000000000000413462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.306{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da9330af49b302fe2021-12-21 10:43:32.306root 11241100x8000000000000000413463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.306{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e1654e7b7379a22021-12-21 10:43:32.306root 534500x8000000000000000413464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.308{ec2b6afe-afd4-61c1-68f4-052f49560000}9764/bin/psroot 11241100x8000000000000000413465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef40aa3c3c54c43a2021-12-21 10:43:32.693root 11241100x8000000000000000413466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30b30e080aaabc142021-12-21 10:43:32.693root 11241100x8000000000000000413467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b19edbc8c134225e2021-12-21 10:43:32.693root 11241100x8000000000000000413468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1efc7b1c21b8f12021-12-21 10:43:32.693root 11241100x8000000000000000413469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09a384ceecaf9862021-12-21 10:43:32.693root 11241100x8000000000000000413470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2459aad4969a44e12021-12-21 10:43:32.693root 11241100x8000000000000000413471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828d093c8b0d82ca2021-12-21 10:43:32.693root 11241100x8000000000000000413472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a820691d6e551b82021-12-21 10:43:32.694root 11241100x8000000000000000413473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89e29da54a6a7cd12021-12-21 10:43:32.694root 11241100x8000000000000000413474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a720cf972459d52021-12-21 10:43:32.694root 11241100x8000000000000000413475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f69ca5aa5034341a2021-12-21 10:43:32.694root 11241100x8000000000000000413476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85aefcc5e22e40362021-12-21 10:43:32.694root 11241100x8000000000000000413477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a2c4ac75c9346942021-12-21 10:43:32.694root 11241100x8000000000000000413478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9446f6ba6150e8fa2021-12-21 10:43:32.694root 11241100x8000000000000000413479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b67034212c12f6d2021-12-21 10:43:32.694root 11241100x8000000000000000413480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48be16b4c41e9d0e2021-12-21 10:43:32.694root 11241100x8000000000000000413481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.568772efc7c849352021-12-21 10:43:32.694root 11241100x8000000000000000413482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d0619912fd01282021-12-21 10:43:32.695root 11241100x8000000000000000413483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c11758a7e6574ec82021-12-21 10:43:32.695root 11241100x8000000000000000413484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f2e01475c508522021-12-21 10:43:32.695root 11241100x8000000000000000413485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.019bd9a7991652f92021-12-21 10:43:32.695root 11241100x8000000000000000413486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.252c88ee6c99855a2021-12-21 10:43:32.695root 11241100x8000000000000000413487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b137d064aeb48a2021-12-21 10:43:32.695root 11241100x8000000000000000413488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.861b7a92d74fb4872021-12-21 10:43:32.695root 11241100x8000000000000000413489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bbf09a9d34e0b992021-12-21 10:43:32.695root 11241100x8000000000000000413490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6efcb15a2469a992021-12-21 10:43:32.695root 11241100x8000000000000000413491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f724158709f3162021-12-21 10:43:32.695root 11241100x8000000000000000413492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c93c4047880303c2021-12-21 10:43:32.695root 11241100x8000000000000000413493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.694a49e9c396dac62021-12-21 10:43:32.695root 11241100x8000000000000000413494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a1bfa86ed485102021-12-21 10:43:32.695root 11241100x8000000000000000413495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e0b6a85e58901d2021-12-21 10:43:32.695root 11241100x8000000000000000413496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0a3e143788581f2021-12-21 10:43:32.696root 11241100x8000000000000000413497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d566f5f246e77e192021-12-21 10:43:33.193root 11241100x8000000000000000413498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e62d72f5a353252021-12-21 10:43:33.193root 11241100x8000000000000000413499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37590141ccd309c12021-12-21 10:43:33.193root 11241100x8000000000000000413500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87672ae7527b91ea2021-12-21 10:43:33.193root 11241100x8000000000000000413501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6872821a03dce7812021-12-21 10:43:33.193root 11241100x8000000000000000413502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18160368e16a2b292021-12-21 10:43:33.193root 11241100x8000000000000000413503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.916e8218e68c111c2021-12-21 10:43:33.193root 11241100x8000000000000000413504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97288963e09870a92021-12-21 10:43:33.193root 11241100x8000000000000000413505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e78bc7728678ea132021-12-21 10:43:33.193root 11241100x8000000000000000413506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f85b2ec146a205452021-12-21 10:43:33.193root 11241100x8000000000000000413507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce085a7601b432092021-12-21 10:43:33.194root 11241100x8000000000000000413508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.717b79126a63774d2021-12-21 10:43:33.194root 11241100x8000000000000000413509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a363cd2f3ff1e26b2021-12-21 10:43:33.194root 11241100x8000000000000000413510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f15cf34dec9a2bf2021-12-21 10:43:33.194root 11241100x8000000000000000413511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fbf71e367db056f2021-12-21 10:43:33.194root 11241100x8000000000000000413512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f859b775e134b862021-12-21 10:43:33.194root 11241100x8000000000000000413513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d5fd5f23571580b2021-12-21 10:43:33.194root 11241100x8000000000000000413514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e2020cb274df94b2021-12-21 10:43:33.194root 11241100x8000000000000000413515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.563ed45221915d8d2021-12-21 10:43:33.194root 11241100x8000000000000000413516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6526896126d818ed2021-12-21 10:43:33.194root 11241100x8000000000000000413517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.288a9342a80eb9af2021-12-21 10:43:33.194root 11241100x8000000000000000413518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e276eb2ca6c667302021-12-21 10:43:33.194root 11241100x8000000000000000413519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec9573003f373692021-12-21 10:43:33.195root 11241100x8000000000000000413520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0bd66bdde3add142021-12-21 10:43:33.195root 11241100x8000000000000000413521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46d39cdf937318042021-12-21 10:43:33.195root 11241100x8000000000000000413522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa04011991640ce72021-12-21 10:43:33.195root 11241100x8000000000000000413523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e106e514d2e9002a2021-12-21 10:43:33.195root 11241100x8000000000000000413524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae4c26b683357482021-12-21 10:43:33.195root 11241100x8000000000000000413525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.180cd96e94b41c952021-12-21 10:43:33.195root 11241100x8000000000000000413526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2ba5c797b92789b2021-12-21 10:43:33.195root 11241100x8000000000000000413527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de67d070177b0652021-12-21 10:43:33.195root 11241100x8000000000000000413528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac64e6a0d2a96072021-12-21 10:43:33.195root 11241100x8000000000000000413529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b02aa14624ddaaa2021-12-21 10:43:33.196root 11241100x8000000000000000413530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.708a3532451f58382021-12-21 10:43:33.196root 11241100x8000000000000000413531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f7b8f041af34c122021-12-21 10:43:33.196root 11241100x8000000000000000413532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a0ecf63ad48d05f2021-12-21 10:43:33.196root 11241100x8000000000000000413533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21cf34345123fc452021-12-21 10:43:33.196root 11241100x8000000000000000413534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a437a48728cdd92c2021-12-21 10:43:33.692root 11241100x8000000000000000413535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40d578ea35b902562021-12-21 10:43:33.693root 11241100x8000000000000000413536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a49c18c03f08a62021-12-21 10:43:33.693root 11241100x8000000000000000413537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14cae676b593e292021-12-21 10:43:33.693root 11241100x8000000000000000413538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0f22eaecddf5f52021-12-21 10:43:33.693root 11241100x8000000000000000413539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608690d3a055f7352021-12-21 10:43:33.693root 11241100x8000000000000000413540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e2c96e0691492a2021-12-21 10:43:33.693root 11241100x8000000000000000413541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92fce10ffee9e9892021-12-21 10:43:33.693root 11241100x8000000000000000413542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31b436f16090d76b2021-12-21 10:43:33.693root 11241100x8000000000000000413543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccb02d9d341ec02c2021-12-21 10:43:33.694root 11241100x8000000000000000413544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f451738616e47c52021-12-21 10:43:33.694root 11241100x8000000000000000413545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a90c386377e634b52021-12-21 10:43:33.694root 11241100x8000000000000000413546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a83d097ef74f89c22021-12-21 10:43:33.694root 11241100x8000000000000000413547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a9b871bda605292021-12-21 10:43:33.694root 11241100x8000000000000000413548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d3d748187172df2021-12-21 10:43:33.694root 11241100x8000000000000000413549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c28f4fabf15300d2021-12-21 10:43:33.694root 11241100x8000000000000000413550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d499cdc792c82732021-12-21 10:43:33.694root 11241100x8000000000000000413551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e9fe3679c091e8a2021-12-21 10:43:33.694root 11241100x8000000000000000413552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcba89b04fae41412021-12-21 10:43:33.694root 11241100x8000000000000000413553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83bddcd8933855302021-12-21 10:43:33.694root 11241100x8000000000000000413554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e0e09115211655f2021-12-21 10:43:33.695root 11241100x8000000000000000413555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ec95ed858d832ab2021-12-21 10:43:33.695root 11241100x8000000000000000413556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab4d903d2d3b860e2021-12-21 10:43:33.695root 11241100x8000000000000000413557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c16a93d3895cfbe2021-12-21 10:43:33.695root 11241100x8000000000000000413558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81235a1dae4557d02021-12-21 10:43:33.695root 11241100x8000000000000000413559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48be37395892970a2021-12-21 10:43:33.695root 11241100x8000000000000000413560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4829d4503dda12112021-12-21 10:43:33.695root 11241100x8000000000000000413561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.033f2b85a560b7552021-12-21 10:43:33.695root 11241100x8000000000000000413562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1eb7e3f2e6e7bd12021-12-21 10:43:33.695root 11241100x8000000000000000413563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f33cc3f9cc193512021-12-21 10:43:33.696root 11241100x8000000000000000413564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09de305e9075d5fe2021-12-21 10:43:33.696root 11241100x8000000000000000413565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b2eb462553778552021-12-21 10:43:33.696root 11241100x8000000000000000413566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b764c27628dfe52021-12-21 10:43:33.696root 11241100x8000000000000000413567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c276f102ed7169702021-12-21 10:43:33.696root 11241100x8000000000000000413568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:33.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16307b060abeddb62021-12-21 10:43:33.696root 11241100x8000000000000000413569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2064a3bbed63ebae2021-12-21 10:43:34.193root 11241100x8000000000000000413570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.997ae3a9b4726a432021-12-21 10:43:34.193root 11241100x8000000000000000413571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b63b40ff488ae9622021-12-21 10:43:34.193root 11241100x8000000000000000413572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ba6e2b2c47bc0e2021-12-21 10:43:34.193root 11241100x8000000000000000413573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da2b9c996df258e92021-12-21 10:43:34.193root 11241100x8000000000000000413574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f058c97734a24d42021-12-21 10:43:34.194root 11241100x8000000000000000413575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16b2a9a1a05e3eaf2021-12-21 10:43:34.194root 11241100x8000000000000000413576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e083b23302ba50702021-12-21 10:43:34.194root 11241100x8000000000000000413577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.323dfdc711def41c2021-12-21 10:43:34.194root 11241100x8000000000000000413578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e293eadfaaa02402021-12-21 10:43:34.194root 11241100x8000000000000000413579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d27fc5c95ee5a32021-12-21 10:43:34.194root 11241100x8000000000000000413580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9984e343da32c01e2021-12-21 10:43:34.194root 11241100x8000000000000000413581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68b6d244097c3fb2021-12-21 10:43:34.194root 11241100x8000000000000000413582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc06e901cfe199d92021-12-21 10:43:34.194root 11241100x8000000000000000413583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad00acd6e7112e3f2021-12-21 10:43:34.194root 11241100x8000000000000000413584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc4fd5c38127796b2021-12-21 10:43:34.194root 11241100x8000000000000000413585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db2f3d7f1ddaa9512021-12-21 10:43:34.194root 11241100x8000000000000000413586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b61b5ab47fab62f22021-12-21 10:43:34.194root 11241100x8000000000000000413587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e41f319f8a48852021-12-21 10:43:34.195root 11241100x8000000000000000413588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e657f293a1a4f22021-12-21 10:43:34.195root 11241100x8000000000000000413589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc8ac5c7cf5bce82021-12-21 10:43:34.195root 11241100x8000000000000000413590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc26c7360aa77ac92021-12-21 10:43:34.195root 11241100x8000000000000000413591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.683f4986a63b0b9a2021-12-21 10:43:34.195root 11241100x8000000000000000413592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9898d5fe881176062021-12-21 10:43:34.195root 11241100x8000000000000000413593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc53e85b796f49f2021-12-21 10:43:34.195root 11241100x8000000000000000413594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd29943e3afcf0672021-12-21 10:43:34.195root 11241100x8000000000000000413595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ddf78b5ee67df62021-12-21 10:43:34.195root 11241100x8000000000000000413596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62fc33910f4ca4322021-12-21 10:43:34.195root 11241100x8000000000000000413597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.996411d07dad63982021-12-21 10:43:34.195root 11241100x8000000000000000413598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14de5d90430e3ab22021-12-21 10:43:34.195root 11241100x8000000000000000413599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c90f8983f6a74562021-12-21 10:43:34.195root 11241100x8000000000000000413600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160469fcb42dffa72021-12-21 10:43:34.195root 11241100x8000000000000000413601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b8470be9ea68b9f2021-12-21 10:43:34.195root 11241100x8000000000000000413602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e75744c0e081502021-12-21 10:43:34.196root 11241100x8000000000000000413603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18ec26db26e666f02021-12-21 10:43:34.196root 354300x8000000000000000413604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.235{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47512-false10.0.1.12-8000- 11241100x8000000000000000413605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56ba5cadff5e7c612021-12-21 10:43:34.693root 11241100x8000000000000000413606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99573fb8fdf734222021-12-21 10:43:34.693root 11241100x8000000000000000413607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1017f21099dd9ee92021-12-21 10:43:34.693root 11241100x8000000000000000413608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bcec1663c74967b2021-12-21 10:43:34.694root 11241100x8000000000000000413609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0c732733c27eaa2021-12-21 10:43:34.694root 11241100x8000000000000000413610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30d20e8fdb0d879d2021-12-21 10:43:34.694root 11241100x8000000000000000413611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9cc44c7ec5b98012021-12-21 10:43:34.694root 11241100x8000000000000000413612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.797744cffa1602632021-12-21 10:43:34.695root 11241100x8000000000000000413613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca1bc0414235bd582021-12-21 10:43:34.695root 11241100x8000000000000000413614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a556c7531a6067e82021-12-21 10:43:34.695root 11241100x8000000000000000413615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a4efea34eebd3e42021-12-21 10:43:34.695root 11241100x8000000000000000413616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c30ab14974c88c532021-12-21 10:43:34.695root 11241100x8000000000000000413617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38080632237d48e82021-12-21 10:43:34.695root 11241100x8000000000000000413618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713dfc93ebbd80a02021-12-21 10:43:34.695root 11241100x8000000000000000413619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5eabade2f6e9b32021-12-21 10:43:34.695root 11241100x8000000000000000413620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.593854d011ed1adc2021-12-21 10:43:34.695root 11241100x8000000000000000413621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba7779443e63c0702021-12-21 10:43:34.696root 11241100x8000000000000000413622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1367029efe22273d2021-12-21 10:43:34.696root 11241100x8000000000000000413623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24a82e8cfe7bd3b72021-12-21 10:43:34.696root 11241100x8000000000000000413624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cb7a508d01446082021-12-21 10:43:34.696root 11241100x8000000000000000413625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b10c31ab8d012d2021-12-21 10:43:34.696root 11241100x8000000000000000413626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6be1c4a362a66ef82021-12-21 10:43:34.696root 11241100x8000000000000000413627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2700728d7b58facc2021-12-21 10:43:34.696root 11241100x8000000000000000413628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a5b448a9f2217522021-12-21 10:43:34.696root 11241100x8000000000000000413629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0306a0ccdd46848d2021-12-21 10:43:34.697root 11241100x8000000000000000413630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b45e60bdeee4ab52021-12-21 10:43:34.697root 11241100x8000000000000000413631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69630fc91b10d6212021-12-21 10:43:34.697root 11241100x8000000000000000413632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7dd931f5cb2a8c2021-12-21 10:43:34.697root 11241100x8000000000000000413633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05bc55b1a6417b392021-12-21 10:43:34.698root 11241100x8000000000000000413634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f92fb83a619a3292021-12-21 10:43:34.698root 11241100x8000000000000000413635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c901abeebbbab812021-12-21 10:43:34.698root 11241100x8000000000000000413636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:34.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc74480207f78db12021-12-21 10:43:34.698root 11241100x8000000000000000413637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46c47d57c636a7de2021-12-21 10:43:35.193root 11241100x8000000000000000413638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40cdec46c8b34e5c2021-12-21 10:43:35.194root 11241100x8000000000000000413639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99bfc67e23335eb02021-12-21 10:43:35.194root 11241100x8000000000000000413640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27dacf0ccbf9bd3d2021-12-21 10:43:35.194root 11241100x8000000000000000413641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef49a37709639fcd2021-12-21 10:43:35.194root 11241100x8000000000000000413642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2326549acd87f2c02021-12-21 10:43:35.194root 11241100x8000000000000000413643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d3010e1af86bf922021-12-21 10:43:35.194root 11241100x8000000000000000413644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee8eae73372dcdef2021-12-21 10:43:35.194root 11241100x8000000000000000413645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d760109ac06be1b92021-12-21 10:43:35.194root 11241100x8000000000000000413646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b8ffb6165c8aab2021-12-21 10:43:35.194root 11241100x8000000000000000413647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d704141e15d6c50e2021-12-21 10:43:35.194root 11241100x8000000000000000413648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd07259f3346cb2a2021-12-21 10:43:35.194root 11241100x8000000000000000413649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dc30d59f3fc33532021-12-21 10:43:35.195root 11241100x8000000000000000413650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a78bbd4dbf8126d2021-12-21 10:43:35.195root 11241100x8000000000000000413651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5296247dc878cbb2021-12-21 10:43:35.195root 11241100x8000000000000000413652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb2b1e82cc0b038c2021-12-21 10:43:35.195root 11241100x8000000000000000413653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a6d7dd44a0bbc82021-12-21 10:43:35.195root 11241100x8000000000000000413654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.470748d79fee906d2021-12-21 10:43:35.195root 11241100x8000000000000000413655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed04fd1da61230bf2021-12-21 10:43:35.195root 11241100x8000000000000000413656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7619cd7e21a30ae2021-12-21 10:43:35.195root 11241100x8000000000000000413657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f74d93158b11c082021-12-21 10:43:35.195root 11241100x8000000000000000413658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb935ea5f153b0be2021-12-21 10:43:35.195root 11241100x8000000000000000413659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2277f66a2d92df322021-12-21 10:43:35.195root 11241100x8000000000000000413660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c56cd85df01bf02021-12-21 10:43:35.195root 11241100x8000000000000000413661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d76dd2207a6c9a1f2021-12-21 10:43:35.195root 11241100x8000000000000000413662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b27a170f3ab8e4d2021-12-21 10:43:35.195root 11241100x8000000000000000413663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2354af88c2c198e82021-12-21 10:43:35.195root 11241100x8000000000000000413664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e480b5ba8ced29042021-12-21 10:43:35.196root 11241100x8000000000000000413665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34cd35d3f84e10712021-12-21 10:43:35.196root 11241100x8000000000000000413666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.955e409fb1468cad2021-12-21 10:43:35.196root 11241100x8000000000000000413667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98d2298ccdc584b02021-12-21 10:43:35.196root 11241100x8000000000000000413668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4066c61c30c2cbbc2021-12-21 10:43:35.196root 11241100x8000000000000000413669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb491921b3a87dbf2021-12-21 10:43:35.693root 11241100x8000000000000000413670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22b8c0d298ab00862021-12-21 10:43:35.694root 11241100x8000000000000000413671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d26b45c4f45a8c732021-12-21 10:43:35.694root 11241100x8000000000000000413672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c73b8cecd1b4bceb2021-12-21 10:43:35.694root 11241100x8000000000000000413673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71e062c64fe76f512021-12-21 10:43:35.694root 11241100x8000000000000000413674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5558a6dceacd8baa2021-12-21 10:43:35.694root 11241100x8000000000000000413675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ba105b4317f4ae2021-12-21 10:43:35.694root 11241100x8000000000000000413676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2096152785850fc2021-12-21 10:43:35.694root 11241100x8000000000000000413677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4763eb8f32988dfe2021-12-21 10:43:35.694root 11241100x8000000000000000413678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7b41d72f877df2c2021-12-21 10:43:35.694root 11241100x8000000000000000413679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab100d9e4493dd12021-12-21 10:43:35.694root 11241100x8000000000000000413680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b96048778a3afea2021-12-21 10:43:35.694root 11241100x8000000000000000413681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4192b258d0cb517c2021-12-21 10:43:35.694root 11241100x8000000000000000413682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f49127411099e892021-12-21 10:43:35.694root 11241100x8000000000000000413683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ee0a16509dd7d112021-12-21 10:43:35.694root 11241100x8000000000000000413684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d577b667477049a2021-12-21 10:43:35.695root 11241100x8000000000000000413685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff3bcfb310c04a62021-12-21 10:43:35.695root 11241100x8000000000000000413686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f692ad4b744ba602021-12-21 10:43:35.695root 11241100x8000000000000000413687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cb49d4d800b3aa92021-12-21 10:43:35.695root 11241100x8000000000000000413688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bca86f95683f5712021-12-21 10:43:35.695root 11241100x8000000000000000413689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ca31079fadb6a52021-12-21 10:43:35.695root 11241100x8000000000000000413690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.145a895815f452b22021-12-21 10:43:35.695root 11241100x8000000000000000413691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e8dd78da45e78592021-12-21 10:43:35.695root 11241100x8000000000000000413692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c677e96cc49e122021-12-21 10:43:35.695root 11241100x8000000000000000413693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2471ba1952c281782021-12-21 10:43:35.695root 11241100x8000000000000000413694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb7a0cb0079fea72021-12-21 10:43:35.695root 11241100x8000000000000000413695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a5ec730fd518ad92021-12-21 10:43:35.695root 11241100x8000000000000000413696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1cec9a270b92f862021-12-21 10:43:35.696root 11241100x8000000000000000413697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8493dc9970bb61ae2021-12-21 10:43:35.696root 11241100x8000000000000000413698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd58a20beb9b5c8b2021-12-21 10:43:35.696root 11241100x8000000000000000413699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab5cbe36efc6b0c2021-12-21 10:43:35.696root 11241100x8000000000000000413700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.986932c09d8f99a82021-12-21 10:43:35.696root 11241100x8000000000000000413701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.183190d76a5048c82021-12-21 10:43:36.193root 11241100x8000000000000000413702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.070591c01b5d36b52021-12-21 10:43:36.193root 11241100x8000000000000000413703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec2ab5d7bc66eacc2021-12-21 10:43:36.193root 11241100x8000000000000000413704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e151a72baab94bb32021-12-21 10:43:36.193root 11241100x8000000000000000413705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8aea8d5ac7906862021-12-21 10:43:36.193root 11241100x8000000000000000413706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a875fada4ed607972021-12-21 10:43:36.193root 11241100x8000000000000000413707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c75000b047be5bc92021-12-21 10:43:36.193root 11241100x8000000000000000413708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.144854c43f5a57412021-12-21 10:43:36.193root 11241100x8000000000000000413709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7109345a6d2b9c6a2021-12-21 10:43:36.193root 11241100x8000000000000000413710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e7925aa720244d2021-12-21 10:43:36.194root 11241100x8000000000000000413711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85fafafe625fc2b52021-12-21 10:43:36.194root 11241100x8000000000000000413712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b3e26ea2465b3d92021-12-21 10:43:36.194root 11241100x8000000000000000413713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.561b7c9d1a1a2d2b2021-12-21 10:43:36.194root 11241100x8000000000000000413714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d7e1cebd18933772021-12-21 10:43:36.194root 11241100x8000000000000000413715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.187b20fe137c5aa12021-12-21 10:43:36.194root 11241100x8000000000000000413716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e2288e4145a4db2021-12-21 10:43:36.194root 11241100x8000000000000000413717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eab89fbb65ad0ab2021-12-21 10:43:36.194root 11241100x8000000000000000413718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.226265c93892ebac2021-12-21 10:43:36.194root 11241100x8000000000000000413719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdde75df4e030de32021-12-21 10:43:36.194root 11241100x8000000000000000413720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d63cb6fb5e9f4db62021-12-21 10:43:36.195root 11241100x8000000000000000413721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ff29d409306722b2021-12-21 10:43:36.195root 11241100x8000000000000000413722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8479bf1e7cfb5e52021-12-21 10:43:36.195root 11241100x8000000000000000413723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68302705cf1c4b872021-12-21 10:43:36.195root 11241100x8000000000000000413724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbdcf56096fab7b52021-12-21 10:43:36.195root 11241100x8000000000000000413725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de3310929d9c99622021-12-21 10:43:36.195root 11241100x8000000000000000413726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b58b5c496646d1bd2021-12-21 10:43:36.195root 11241100x8000000000000000413727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3027d05f1b00b512021-12-21 10:43:36.195root 11241100x8000000000000000413728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1135e4a8125474db2021-12-21 10:43:36.195root 11241100x8000000000000000413729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.365ddbc1d6fb65ee2021-12-21 10:43:36.195root 11241100x8000000000000000413730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40d3d3cf99316c3d2021-12-21 10:43:36.195root 11241100x8000000000000000413731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b54ec21d33dc672021-12-21 10:43:36.196root 11241100x8000000000000000413732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e33da625234c612021-12-21 10:43:36.196root 11241100x8000000000000000413733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.906473d20700ff542021-12-21 10:43:36.196root 11241100x8000000000000000413734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76e1cf47da1ae3fe2021-12-21 10:43:36.196root 11241100x8000000000000000413735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82af62745b54f21a2021-12-21 10:43:36.196root 11241100x8000000000000000413736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.265b4f5d106c01e12021-12-21 10:43:36.196root 11241100x8000000000000000413737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.641fecd3ec6f44332021-12-21 10:43:36.196root 11241100x8000000000000000413738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.343{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 10:43:36.343root 11241100x8000000000000000413739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a78cdf66d36fc7032021-12-21 10:43:36.693root 11241100x8000000000000000413740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad796da7fda9cac12021-12-21 10:43:36.693root 11241100x8000000000000000413741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f6e2216e29b641b2021-12-21 10:43:36.693root 11241100x8000000000000000413742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c51aef4166f8ab2c2021-12-21 10:43:36.693root 11241100x8000000000000000413743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7322e8ba680fa62021-12-21 10:43:36.694root 11241100x8000000000000000413744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.977dd1daf8f3ee6a2021-12-21 10:43:36.694root 11241100x8000000000000000413745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c142e6afe711192021-12-21 10:43:36.694root 11241100x8000000000000000413746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f148f4930abdcc442021-12-21 10:43:36.694root 11241100x8000000000000000413747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e731b91345f5ec522021-12-21 10:43:36.694root 11241100x8000000000000000413748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.757bfb139e4351aa2021-12-21 10:43:36.694root 11241100x8000000000000000413749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fae4e852e1f02d92021-12-21 10:43:36.694root 11241100x8000000000000000413750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10da9b1926ee94fe2021-12-21 10:43:36.694root 11241100x8000000000000000413751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef4028ab9f331ef62021-12-21 10:43:36.694root 11241100x8000000000000000413752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f5a80dff66a6e82021-12-21 10:43:36.694root 11241100x8000000000000000413753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3daddcfef7377cb42021-12-21 10:43:36.694root 11241100x8000000000000000413754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9720ed6485d40202021-12-21 10:43:36.695root 11241100x8000000000000000413755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a360b7dea98334362021-12-21 10:43:36.695root 11241100x8000000000000000413756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.742538cd8b6620822021-12-21 10:43:36.695root 11241100x8000000000000000413757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a30798f51f792b2021-12-21 10:43:36.695root 11241100x8000000000000000413758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90037ae6183f9c8e2021-12-21 10:43:36.695root 11241100x8000000000000000413759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27438a90012e4b5b2021-12-21 10:43:36.695root 11241100x8000000000000000413760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c8e3979eec19832021-12-21 10:43:36.695root 11241100x8000000000000000413761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2edb086be891952021-12-21 10:43:36.695root 11241100x8000000000000000413762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf9c5c10cf6959f52021-12-21 10:43:36.695root 11241100x8000000000000000413763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f80ff5ec2c0be72021-12-21 10:43:36.695root 11241100x8000000000000000413764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec9110928d7f78322021-12-21 10:43:36.695root 11241100x8000000000000000413765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3875e76a4ec8e9282021-12-21 10:43:36.695root 11241100x8000000000000000413766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaa55365fe3938f92021-12-21 10:43:36.696root 11241100x8000000000000000413767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c759622f64f1dd72021-12-21 10:43:36.696root 11241100x8000000000000000413768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be45babaeea735f82021-12-21 10:43:36.696root 11241100x8000000000000000413769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f573f3a9270e88a42021-12-21 10:43:36.696root 11241100x8000000000000000413770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31dce9cd5270bc952021-12-21 10:43:36.696root 11241100x8000000000000000413771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3bbaaa7238ba08b2021-12-21 10:43:36.696root 11241100x8000000000000000413772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e6235c13077a592021-12-21 10:43:36.696root 11241100x8000000000000000413773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c6149a240a347d82021-12-21 10:43:36.696root 11241100x8000000000000000413774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:36.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a9001ff6f068e772021-12-21 10:43:36.696root 11241100x8000000000000000413775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.326c336d2cbf401c2021-12-21 10:43:37.193root 11241100x8000000000000000413776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc12cfcf9c368e5f2021-12-21 10:43:37.193root 11241100x8000000000000000413777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb96409969df209c2021-12-21 10:43:37.194root 11241100x8000000000000000413778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb02ffdbfd4bd3ff2021-12-21 10:43:37.194root 11241100x8000000000000000413779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c00bed87976a7e2021-12-21 10:43:37.194root 11241100x8000000000000000413780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69acc2a2e74392e2021-12-21 10:43:37.194root 11241100x8000000000000000413781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d84dad612a3615072021-12-21 10:43:37.194root 11241100x8000000000000000413782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.620467ac68e1a80a2021-12-21 10:43:37.194root 11241100x8000000000000000413783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0b584dea8ef59b92021-12-21 10:43:37.194root 11241100x8000000000000000413784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541140ca546220fb2021-12-21 10:43:37.194root 11241100x8000000000000000413785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.760fbc2114f0b3a92021-12-21 10:43:37.194root 11241100x8000000000000000413786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a8e0d00e61aaac2021-12-21 10:43:37.194root 11241100x8000000000000000413787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19135e99658640b52021-12-21 10:43:37.194root 11241100x8000000000000000413788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65065aea2481a43b2021-12-21 10:43:37.194root 11241100x8000000000000000413789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c47047cd6e90732021-12-21 10:43:37.194root 11241100x8000000000000000413790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b46442f2e736e22021-12-21 10:43:37.194root 11241100x8000000000000000413791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20e7a10c41e4b6dc2021-12-21 10:43:37.195root 11241100x8000000000000000413792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b5c198145b2ae242021-12-21 10:43:37.195root 11241100x8000000000000000413793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab0642937b0c57482021-12-21 10:43:37.195root 11241100x8000000000000000413794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb2e94523e09b542021-12-21 10:43:37.195root 11241100x8000000000000000413795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e3cd0e303ae1a92021-12-21 10:43:37.195root 11241100x8000000000000000413796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f739d2beb835edc12021-12-21 10:43:37.195root 11241100x8000000000000000413797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e94c81d68c41a432021-12-21 10:43:37.195root 11241100x8000000000000000413798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a694c23c33a1405c2021-12-21 10:43:37.195root 11241100x8000000000000000413799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adda1309fdcdc17f2021-12-21 10:43:37.195root 11241100x8000000000000000413800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0217fdbe5296bdea2021-12-21 10:43:37.195root 11241100x8000000000000000413801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef45a589c838fd822021-12-21 10:43:37.195root 11241100x8000000000000000413802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa59141addf0af0d2021-12-21 10:43:37.195root 11241100x8000000000000000413803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c614a9238bb2052021-12-21 10:43:37.195root 11241100x8000000000000000413804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cfa8e7d6af023172021-12-21 10:43:37.195root 11241100x8000000000000000413805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36baf50f97d9ca612021-12-21 10:43:37.195root 11241100x8000000000000000413806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46e9cf341f3518442021-12-21 10:43:37.196root 11241100x8000000000000000413807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3412871b9b8408582021-12-21 10:43:37.196root 11241100x8000000000000000413808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e083f9b958ca442021-12-21 10:43:37.196root 11241100x8000000000000000413809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.663dcaaa10128abd2021-12-21 10:43:37.693root 11241100x8000000000000000413810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e317301950cce62021-12-21 10:43:37.693root 11241100x8000000000000000413811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f570eb93cc44cf0c2021-12-21 10:43:37.693root 11241100x8000000000000000413812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29ae136260acc6952021-12-21 10:43:37.693root 11241100x8000000000000000413813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82294c4efec225e32021-12-21 10:43:37.693root 11241100x8000000000000000413814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.719ee7ebafaca78f2021-12-21 10:43:37.694root 11241100x8000000000000000413815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9df4dcc0ce66ffa2021-12-21 10:43:37.694root 11241100x8000000000000000413816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b8dfc3b4cc1ef22021-12-21 10:43:37.694root 11241100x8000000000000000413817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d9d2e3d494074a2021-12-21 10:43:37.694root 11241100x8000000000000000413818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5484b883c63ecc7d2021-12-21 10:43:37.694root 11241100x8000000000000000413819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e161be0e70014e82021-12-21 10:43:37.694root 11241100x8000000000000000413820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13b861b6579338502021-12-21 10:43:37.694root 11241100x8000000000000000413821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ef3002cc1182872021-12-21 10:43:37.694root 11241100x8000000000000000413822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c7049c8eccb92972021-12-21 10:43:37.694root 11241100x8000000000000000413823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db9702909161dd92021-12-21 10:43:37.694root 11241100x8000000000000000413824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8235cd20850954af2021-12-21 10:43:37.694root 11241100x8000000000000000413825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440aa4553c572abf2021-12-21 10:43:37.694root 11241100x8000000000000000413826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608d3483cd89bfbe2021-12-21 10:43:37.694root 11241100x8000000000000000413827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e67a8b93959390f42021-12-21 10:43:37.694root 11241100x8000000000000000413828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.199311798ba596512021-12-21 10:43:37.694root 11241100x8000000000000000413829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e75a45f1540d11e12021-12-21 10:43:37.695root 11241100x8000000000000000413830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afeab936b94dab012021-12-21 10:43:37.695root 11241100x8000000000000000413831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11fbdc2335b0fc522021-12-21 10:43:37.695root 11241100x8000000000000000413832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c529a57dece8a82d2021-12-21 10:43:37.695root 11241100x8000000000000000413833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a102023cab358e2021-12-21 10:43:37.695root 11241100x8000000000000000413834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c185cc516a600a0c2021-12-21 10:43:37.695root 11241100x8000000000000000413835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82878191bef5862c2021-12-21 10:43:37.695root 11241100x8000000000000000413836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e54646d8c9235a2021-12-21 10:43:37.695root 11241100x8000000000000000413837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2391e286ce9851b92021-12-21 10:43:37.695root 11241100x8000000000000000413838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a68be0686929dbd12021-12-21 10:43:37.696root 11241100x8000000000000000413839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac2fb8df83405f52021-12-21 10:43:37.696root 11241100x8000000000000000413840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee35a386f638cc1c2021-12-21 10:43:37.696root 11241100x8000000000000000413841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7836bfb83b011f8f2021-12-21 10:43:37.696root 11241100x8000000000000000413842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d7ea767647b6ee82021-12-21 10:43:37.696root 11241100x8000000000000000413843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d547d40aebaf592021-12-21 10:43:37.696root 11241100x8000000000000000413844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e2a632a4c7b73222021-12-21 10:43:38.193root 11241100x8000000000000000413845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8690c98f77d50ab72021-12-21 10:43:38.193root 11241100x8000000000000000413846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61f527f5452443612021-12-21 10:43:38.193root 11241100x8000000000000000413847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d8b1c8d9e4a3242021-12-21 10:43:38.193root 11241100x8000000000000000413848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58bda7ee819ad17d2021-12-21 10:43:38.193root 11241100x8000000000000000413849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5531b5965a491ff12021-12-21 10:43:38.193root 11241100x8000000000000000413850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.596b2f252b2cf9372021-12-21 10:43:38.193root 11241100x8000000000000000413851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf5aa8c8e59ef9452021-12-21 10:43:38.193root 11241100x8000000000000000413852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec7ab5bf3e9596c2021-12-21 10:43:38.193root 11241100x8000000000000000413853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42bd8484561175602021-12-21 10:43:38.194root 11241100x8000000000000000413854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7503745a5b43618d2021-12-21 10:43:38.194root 11241100x8000000000000000413855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.127a1dbb35ddb71b2021-12-21 10:43:38.194root 11241100x8000000000000000413856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f83a7899415ee472021-12-21 10:43:38.194root 11241100x8000000000000000413857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6a856841ad951282021-12-21 10:43:38.194root 11241100x8000000000000000413858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a431464e20282072021-12-21 10:43:38.194root 11241100x8000000000000000413859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c49c0119e79899ba2021-12-21 10:43:38.194root 11241100x8000000000000000413860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e588112247be8ab62021-12-21 10:43:38.194root 11241100x8000000000000000413861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e32dd7c758f77e12021-12-21 10:43:38.194root 11241100x8000000000000000413862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e18fc36dd339bf2021-12-21 10:43:38.194root 11241100x8000000000000000413863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49e3ab20e090e3ac2021-12-21 10:43:38.194root 11241100x8000000000000000413864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f46d2c00389b6a82021-12-21 10:43:38.194root 11241100x8000000000000000413865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2d4efc637786722021-12-21 10:43:38.194root 11241100x8000000000000000413866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c30502086fb3db842021-12-21 10:43:38.194root 11241100x8000000000000000413867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53f43f0d9db280f12021-12-21 10:43:38.194root 11241100x8000000000000000413868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1be29fcb6935ffb2021-12-21 10:43:38.195root 11241100x8000000000000000413869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.274c0580451b5e742021-12-21 10:43:38.195root 11241100x8000000000000000413870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e5cdb1c9accbea92021-12-21 10:43:38.195root 11241100x8000000000000000413871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd6e45b424a2cdb52021-12-21 10:43:38.195root 11241100x8000000000000000413872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9f423946abf2542021-12-21 10:43:38.195root 11241100x8000000000000000413873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e5ea20b197b571b2021-12-21 10:43:38.195root 11241100x8000000000000000413874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a4c35f328544a452021-12-21 10:43:38.195root 11241100x8000000000000000413875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a107085bc36657042021-12-21 10:43:38.195root 11241100x8000000000000000413876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b0772f184483a0a2021-12-21 10:43:38.195root 11241100x8000000000000000413877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3bb394dd564fb802021-12-21 10:43:38.195root 11241100x8000000000000000413878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b22bbd1bce27d3502021-12-21 10:43:38.195root 11241100x8000000000000000413879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b22744c338daf1e42021-12-21 10:43:38.195root 11241100x8000000000000000413880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.711e52e2cb4cc8f32021-12-21 10:43:38.195root 11241100x8000000000000000413881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fe94b2103edb7b42021-12-21 10:43:38.693root 11241100x8000000000000000413882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce6d51c727990d9e2021-12-21 10:43:38.693root 11241100x8000000000000000413883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e986078122e5a9762021-12-21 10:43:38.693root 11241100x8000000000000000413884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba3377af951c1e622021-12-21 10:43:38.693root 11241100x8000000000000000413885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ee3d4327f1f6172021-12-21 10:43:38.693root 11241100x8000000000000000413886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63687369927de59b2021-12-21 10:43:38.693root 11241100x8000000000000000413887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f23700c8935f2a2021-12-21 10:43:38.693root 11241100x8000000000000000413888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ebcfaa62867e142021-12-21 10:43:38.694root 11241100x8000000000000000413889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58548413efec80812021-12-21 10:43:38.694root 11241100x8000000000000000413890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb1fd1bcff73f6b2021-12-21 10:43:38.694root 11241100x8000000000000000413891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c77da8e18669d0142021-12-21 10:43:38.694root 11241100x8000000000000000413892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e8227d86941e3c2021-12-21 10:43:38.694root 11241100x8000000000000000413893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b6bd20da65409642021-12-21 10:43:38.694root 11241100x8000000000000000413894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b9d9ff286c514752021-12-21 10:43:38.694root 11241100x8000000000000000413895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba1cba1eaf78de2c2021-12-21 10:43:38.694root 11241100x8000000000000000413896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3586b540a07c965d2021-12-21 10:43:38.694root 11241100x8000000000000000413897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.205dea6498acf8362021-12-21 10:43:38.694root 11241100x8000000000000000413898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.258a000a654e08cd2021-12-21 10:43:38.695root 11241100x8000000000000000413899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32190c110aa5b4932021-12-21 10:43:38.695root 11241100x8000000000000000413900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bdbe81dafe88c662021-12-21 10:43:38.695root 11241100x8000000000000000413901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e23e23df121587a82021-12-21 10:43:38.695root 11241100x8000000000000000413902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7425416315dd37cc2021-12-21 10:43:38.695root 11241100x8000000000000000413903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a47ac817f393662021-12-21 10:43:38.695root 11241100x8000000000000000413904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1461540d9a89a2002021-12-21 10:43:38.695root 11241100x8000000000000000413905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30abd1db01f0a4422021-12-21 10:43:38.695root 11241100x8000000000000000413906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6be079d6cf10b32021-12-21 10:43:38.695root 11241100x8000000000000000413907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0db943efb59f2b2021-12-21 10:43:38.696root 11241100x8000000000000000413908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9021458e128358e62021-12-21 10:43:38.696root 11241100x8000000000000000413909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c123eebb0e7d82d72021-12-21 10:43:38.696root 11241100x8000000000000000413910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd757a07f418f00f2021-12-21 10:43:38.696root 11241100x8000000000000000413911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ba7d1091562a7fa2021-12-21 10:43:38.696root 11241100x8000000000000000413912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f89a452bad8f0b502021-12-21 10:43:38.696root 11241100x8000000000000000413913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad0784def55845fb2021-12-21 10:43:38.696root 11241100x8000000000000000413914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae1b1e1fb88a9cd2021-12-21 10:43:38.696root 11241100x8000000000000000413915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:38.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af95c84514efd8b2021-12-21 10:43:38.696root 11241100x8000000000000000413916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a2eef02c4e5a86a2021-12-21 10:43:39.193root 11241100x8000000000000000413917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.224da32eea45ab262021-12-21 10:43:39.193root 11241100x8000000000000000413918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da59a5c402267df32021-12-21 10:43:39.193root 11241100x8000000000000000413919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d9ffe5eb53c5a0c2021-12-21 10:43:39.193root 11241100x8000000000000000413920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10e6f6b2965f4bea2021-12-21 10:43:39.193root 11241100x8000000000000000413921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b756108964c3f6c72021-12-21 10:43:39.193root 11241100x8000000000000000413922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e465704b6fd1fa72021-12-21 10:43:39.193root 11241100x8000000000000000413923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ac1d9b081ba90b22021-12-21 10:43:39.193root 11241100x8000000000000000413924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f54c2fbb29a786af2021-12-21 10:43:39.194root 11241100x8000000000000000413925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dbef1f2dc5f64b82021-12-21 10:43:39.194root 11241100x8000000000000000413926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ad2700957bcae522021-12-21 10:43:39.194root 11241100x8000000000000000413927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65885e55d36b6a92021-12-21 10:43:39.194root 11241100x8000000000000000413928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8efb695606b8e62b2021-12-21 10:43:39.194root 11241100x8000000000000000413929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.573361a1b14f815f2021-12-21 10:43:39.194root 11241100x8000000000000000413930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0953eb9f5064e8452021-12-21 10:43:39.194root 11241100x8000000000000000413931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee0ddd1355198222021-12-21 10:43:39.194root 11241100x8000000000000000413932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fbd9c09f7c2f7552021-12-21 10:43:39.194root 11241100x8000000000000000413933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac28f24aa411a52d2021-12-21 10:43:39.194root 11241100x8000000000000000413934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10198085db9a53712021-12-21 10:43:39.194root 11241100x8000000000000000413935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7df267816e2c2bc2021-12-21 10:43:39.195root 11241100x8000000000000000413936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6ee42930a2533fd2021-12-21 10:43:39.195root 11241100x8000000000000000413937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71889c7ad1a241af2021-12-21 10:43:39.195root 11241100x8000000000000000413938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94945d5449389fcb2021-12-21 10:43:39.195root 11241100x8000000000000000413939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c06b6e37480d24462021-12-21 10:43:39.195root 11241100x8000000000000000413940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51def9bf43bcc74a2021-12-21 10:43:39.195root 11241100x8000000000000000413941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acabf189bb7e1ce52021-12-21 10:43:39.195root 11241100x8000000000000000413942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73801146f12d18f22021-12-21 10:43:39.196root 11241100x8000000000000000413943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c196052a430aacc2021-12-21 10:43:39.196root 11241100x8000000000000000413944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61be7380d08aba732021-12-21 10:43:39.196root 11241100x8000000000000000413945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56be5e3a234d637f2021-12-21 10:43:39.196root 11241100x8000000000000000413946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.349f974bfb2cf73d2021-12-21 10:43:39.196root 11241100x8000000000000000413947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd68ff6ad6ac81d42021-12-21 10:43:39.197root 11241100x8000000000000000413948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d894b268319df62021-12-21 10:43:39.197root 11241100x8000000000000000413949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b960bf0d0ad5d1cb2021-12-21 10:43:39.197root 11241100x8000000000000000413950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4687024daaa4b2782021-12-21 10:43:39.197root 11241100x8000000000000000413951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2601571489430132021-12-21 10:43:39.197root 11241100x8000000000000000413952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49133da9ab4682852021-12-21 10:43:39.198root 11241100x8000000000000000413953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a772d0ba27c67a2021-12-21 10:43:39.198root 23542300x8000000000000000413954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.344{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000413955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c73c6404e3bdc182021-12-21 10:43:39.693root 11241100x8000000000000000413956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbdfd5c42766907c2021-12-21 10:43:39.693root 11241100x8000000000000000413957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2514936680eb57c22021-12-21 10:43:39.694root 11241100x8000000000000000413958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.395e58bf3a8f11592021-12-21 10:43:39.694root 11241100x8000000000000000413959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e315d3468105fc2021-12-21 10:43:39.694root 11241100x8000000000000000413960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b07c293cc2729f2021-12-21 10:43:39.695root 11241100x8000000000000000413961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35748c06f35dd10a2021-12-21 10:43:39.695root 11241100x8000000000000000413962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7a22db07b200e092021-12-21 10:43:39.695root 11241100x8000000000000000413963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108a552ffabcb4b12021-12-21 10:43:39.695root 11241100x8000000000000000413964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b437f1433585bff62021-12-21 10:43:39.695root 11241100x8000000000000000413965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf6cb77500d62b82021-12-21 10:43:39.696root 11241100x8000000000000000413966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b94d41707ae40e822021-12-21 10:43:39.696root 11241100x8000000000000000413967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e56960df7b1a8a2021-12-21 10:43:39.696root 11241100x8000000000000000413968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be4adaf31756242e2021-12-21 10:43:39.696root 11241100x8000000000000000413969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8127655708094da92021-12-21 10:43:39.696root 11241100x8000000000000000413970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.798b1134fd7fa6942021-12-21 10:43:39.697root 11241100x8000000000000000413971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e01b99b163bb2a2021-12-21 10:43:39.697root 11241100x8000000000000000413972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a3f1a92207a9de92021-12-21 10:43:39.697root 11241100x8000000000000000413973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2240357464dc548b2021-12-21 10:43:39.697root 11241100x8000000000000000413974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ebcdd46b2115e282021-12-21 10:43:39.698root 11241100x8000000000000000413975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1022daf9635fc0ed2021-12-21 10:43:39.698root 11241100x8000000000000000413976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75166558ac73eb9f2021-12-21 10:43:39.698root 11241100x8000000000000000413977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9770970b001fdaf22021-12-21 10:43:39.698root 11241100x8000000000000000413978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6b6b7ab8eb221532021-12-21 10:43:39.699root 11241100x8000000000000000413979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0994eb21d510386d2021-12-21 10:43:39.699root 11241100x8000000000000000413980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104a906c80d20eb82021-12-21 10:43:39.700root 11241100x8000000000000000413981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.840f6de56f269c272021-12-21 10:43:39.700root 11241100x8000000000000000413982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d16865957327a53a2021-12-21 10:43:39.701root 11241100x8000000000000000413983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d311b46a704646a2021-12-21 10:43:39.701root 11241100x8000000000000000413984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aaa281d5da172132021-12-21 10:43:39.701root 11241100x8000000000000000413985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8f4db4e97a516572021-12-21 10:43:39.702root 11241100x8000000000000000413986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69474ace1268acae2021-12-21 10:43:39.702root 11241100x8000000000000000413987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae5de1774a44bcb2021-12-21 10:43:39.702root 11241100x8000000000000000413988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da920349c9b5c3fe2021-12-21 10:43:39.702root 11241100x8000000000000000413989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476b5bbff64b7a022021-12-21 10:43:39.702root 11241100x8000000000000000413990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:39.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f896fa535fbb342021-12-21 10:43:39.702root 354300x8000000000000000413991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.014{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47514-false10.0.1.12-8000- 11241100x8000000000000000413992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.015{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a052fb80285033872021-12-21 10:43:40.015root 11241100x8000000000000000413993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.015{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c57432d1a02f9512021-12-21 10:43:40.015root 11241100x8000000000000000413994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.015{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d90609086110382b2021-12-21 10:43:40.015root 11241100x8000000000000000413995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.015{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6921b155215183b92021-12-21 10:43:40.015root 11241100x8000000000000000413996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.015{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2921c92e09b57f312021-12-21 10:43:40.015root 11241100x8000000000000000413997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.016{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b3b6c91c747f3582021-12-21 10:43:40.016root 11241100x8000000000000000413998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.016{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0319f54b6f0e1d9a2021-12-21 10:43:40.016root 11241100x8000000000000000413999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.016{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.012429c66dde11762021-12-21 10:43:40.016root 11241100x8000000000000000414000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.016{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b73ef579498b1c32021-12-21 10:43:40.016root 11241100x8000000000000000414001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.016{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc3ec4c05ad74f12021-12-21 10:43:40.016root 11241100x8000000000000000414002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.016{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d5329fd903c33012021-12-21 10:43:40.016root 11241100x8000000000000000414003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.016{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b4e1fd35d56abf2021-12-21 10:43:40.016root 11241100x8000000000000000414004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.016{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fb90d9faeb87fed2021-12-21 10:43:40.016root 11241100x8000000000000000414005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.016{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f85d429d16ef3be92021-12-21 10:43:40.016root 11241100x8000000000000000414006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.016{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07af3022b2060c22021-12-21 10:43:40.016root 11241100x8000000000000000414007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.016{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e1b2dd2dc7376a2021-12-21 10:43:40.016root 11241100x8000000000000000414008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.016{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba01b98f756b8a62021-12-21 10:43:40.016root 11241100x8000000000000000414009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.016{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.891c3ed6ab1240202021-12-21 10:43:40.016root 11241100x8000000000000000414010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.016{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82a2c8a2b1a26ee2021-12-21 10:43:40.016root 11241100x8000000000000000414011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.017{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19513dbb7f873fd72021-12-21 10:43:40.017root 11241100x8000000000000000414012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.017{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e754d8bb4fd8b32021-12-21 10:43:40.017root 11241100x8000000000000000414013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.017{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.804fd9b3d71f36142021-12-21 10:43:40.017root 11241100x8000000000000000414014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.017{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d26cb6641f32fd22021-12-21 10:43:40.017root 11241100x8000000000000000414015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.017{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df1f4e0eb8661d322021-12-21 10:43:40.017root 11241100x8000000000000000414016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.017{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3057461233aa1032021-12-21 10:43:40.017root 11241100x8000000000000000414017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.017{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d85419fce6b6f4522021-12-21 10:43:40.017root 11241100x8000000000000000414018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.017{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4614c138cc9f9df62021-12-21 10:43:40.017root 11241100x8000000000000000414019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.018{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dba68273058383692021-12-21 10:43:40.018root 11241100x8000000000000000414020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.018{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93da0568ecd22dd62021-12-21 10:43:40.018root 11241100x8000000000000000414021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.019{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd181f2b8c442e42021-12-21 10:43:40.019root 11241100x8000000000000000414022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.019{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7435c03195c4daec2021-12-21 10:43:40.019root 11241100x8000000000000000414023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.019{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c35bc188bdf560e2021-12-21 10:43:40.019root 11241100x8000000000000000414024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.020{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a38d32f5fe376162021-12-21 10:43:40.020root 11241100x8000000000000000414025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.020{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a29bc7ffc5551a042021-12-21 10:43:40.020root 11241100x8000000000000000414026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.020{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd9f05e7fd18cd8b2021-12-21 10:43:40.020root 11241100x8000000000000000414027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.021{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.570adda31071d7662021-12-21 10:43:40.021root 11241100x8000000000000000414028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.021{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc81c31291ccef0d2021-12-21 10:43:40.021root 11241100x8000000000000000414029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.021{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c800d4cbd46bc38c2021-12-21 10:43:40.021root 11241100x8000000000000000414030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.022{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69763a46457cfee82021-12-21 10:43:40.022root 11241100x8000000000000000414031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.022{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deec03f106ff6cb32021-12-21 10:43:40.022root 11241100x8000000000000000414032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.022{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6980ab597a6ef7982021-12-21 10:43:40.022root 11241100x8000000000000000414033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.022{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da7ae34a4edb22fa2021-12-21 10:43:40.022root 11241100x8000000000000000414034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.023{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fdf1f1c21109d5d2021-12-21 10:43:40.023root 11241100x8000000000000000414035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.023{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e34ad12aa520c92021-12-21 10:43:40.023root 11241100x8000000000000000414036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.023{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7030c16add5d3b0c2021-12-21 10:43:40.023root 11241100x8000000000000000414037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.024{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c26d537ec1d838e62021-12-21 10:43:40.024root 11241100x8000000000000000414038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.024{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.789e785018559aa62021-12-21 10:43:40.024root 11241100x8000000000000000414039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.024{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8639ffe4d47f8a5e2021-12-21 10:43:40.024root 11241100x8000000000000000414040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.024{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4765c4da9ee508972021-12-21 10:43:40.024root 11241100x8000000000000000414041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.024{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d42de200aec8c312021-12-21 10:43:40.024root 11241100x8000000000000000414042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.024{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb2b0723ced075d2021-12-21 10:43:40.024root 11241100x8000000000000000414043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.024{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8506b48b46ecf82f2021-12-21 10:43:40.024root 11241100x8000000000000000414044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.025{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e53a833075b460802021-12-21 10:43:40.025root 11241100x8000000000000000414045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.025{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40efdfaae671e51e2021-12-21 10:43:40.025root 11241100x8000000000000000414046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.025{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c018605dd4d3a82021-12-21 10:43:40.025root 11241100x8000000000000000414047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.025{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd912acedf33c8de2021-12-21 10:43:40.025root 11241100x8000000000000000414048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.026{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e96151fb138d17972021-12-21 10:43:40.026root 11241100x8000000000000000414049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.026{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d6265e5f27846292021-12-21 10:43:40.026root 11241100x8000000000000000414050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc61cc918be58fa2021-12-21 10:43:40.442root 11241100x8000000000000000414051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f34dcf638dab1f2021-12-21 10:43:40.443root 11241100x8000000000000000414052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcfe367e07df0a7d2021-12-21 10:43:40.443root 11241100x8000000000000000414053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3dcb22b89b967e2021-12-21 10:43:40.443root 11241100x8000000000000000414054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fb24bb9526eb9612021-12-21 10:43:40.443root 11241100x8000000000000000414055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f88c7674acf63b2021-12-21 10:43:40.443root 11241100x8000000000000000414056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b99a1cb963fcd972021-12-21 10:43:40.443root 11241100x8000000000000000414057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.938981d78bfc34592021-12-21 10:43:40.443root 11241100x8000000000000000414058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd46eb00d4bffcc12021-12-21 10:43:40.443root 11241100x8000000000000000414059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c64fe7e20cbb402021-12-21 10:43:40.443root 11241100x8000000000000000414060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f35534eaf9e7492021-12-21 10:43:40.443root 11241100x8000000000000000414061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eba43a8933d8d6cc2021-12-21 10:43:40.444root 11241100x8000000000000000414062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3082d5d07bb6186a2021-12-21 10:43:40.444root 11241100x8000000000000000414063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c026f2e497cf9802021-12-21 10:43:40.444root 11241100x8000000000000000414064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f86feb15cf8bd22021-12-21 10:43:40.444root 11241100x8000000000000000414065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b6b92d739dfd7002021-12-21 10:43:40.444root 11241100x8000000000000000414066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7209060a5567012021-12-21 10:43:40.444root 11241100x8000000000000000414067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.777932963c358e862021-12-21 10:43:40.444root 11241100x8000000000000000414068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10742d2388fae7892021-12-21 10:43:40.444root 11241100x8000000000000000414069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb270182fbd06a42021-12-21 10:43:40.445root 11241100x8000000000000000414070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2add592594d6e7c92021-12-21 10:43:40.445root 11241100x8000000000000000414071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327ce24639680d762021-12-21 10:43:40.445root 11241100x8000000000000000414072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9779e726106b3b342021-12-21 10:43:40.445root 11241100x8000000000000000414073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1366ef770d91edc2021-12-21 10:43:40.445root 11241100x8000000000000000414074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.433a8e4f3610bdbc2021-12-21 10:43:40.445root 11241100x8000000000000000414075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.835e67755db84bb92021-12-21 10:43:40.445root 11241100x8000000000000000414076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.584eaeda76e46e282021-12-21 10:43:40.446root 11241100x8000000000000000414077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb60b8c759d0465f2021-12-21 10:43:40.446root 11241100x8000000000000000414078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b5accaf5841f422021-12-21 10:43:40.446root 11241100x8000000000000000414079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bddb20aade61b3a2021-12-21 10:43:40.446root 11241100x8000000000000000414080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed9f6a5a1a87247c2021-12-21 10:43:40.446root 11241100x8000000000000000414081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0220a3d5893e30232021-12-21 10:43:40.447root 11241100x8000000000000000414082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.909b4d6d706dbae62021-12-21 10:43:40.447root 11241100x8000000000000000414083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea5651b4fa0837c2021-12-21 10:43:40.447root 11241100x8000000000000000414084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.171c124dcc1fea0f2021-12-21 10:43:40.447root 11241100x8000000000000000414085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25266ef72f16d6f2021-12-21 10:43:40.448root 11241100x8000000000000000414086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ac4764c5ea9b2002021-12-21 10:43:40.448root 11241100x8000000000000000414087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23827701267cf5942021-12-21 10:43:40.448root 11241100x8000000000000000414088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f75f52e5dba1b6852021-12-21 10:43:40.448root 11241100x8000000000000000414089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6664c8293bbb36322021-12-21 10:43:40.449root 11241100x8000000000000000414090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73da47cae7fcb22f2021-12-21 10:43:40.449root 11241100x8000000000000000414091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16b42b28478833112021-12-21 10:43:40.449root 11241100x8000000000000000414092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac8ea0b3d715f7f72021-12-21 10:43:40.449root 11241100x8000000000000000414093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64c1f7f7b0136ed22021-12-21 10:43:40.449root 11241100x8000000000000000414094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b909e3146616132021-12-21 10:43:40.449root 11241100x8000000000000000414095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f3636345d069f852021-12-21 10:43:40.450root 11241100x8000000000000000414096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6712e30507ff5ee72021-12-21 10:43:40.450root 11241100x8000000000000000414097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca607ada72edfcf52021-12-21 10:43:40.450root 11241100x8000000000000000414098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c54bd9b74875c2762021-12-21 10:43:40.450root 11241100x8000000000000000414099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2142df66d77f8532021-12-21 10:43:40.451root 11241100x8000000000000000414100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d3ad6d9d3e07522021-12-21 10:43:40.451root 11241100x8000000000000000414101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f01f678e4d97cf62021-12-21 10:43:40.943root 11241100x8000000000000000414102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6104f6601fb3a3542021-12-21 10:43:40.943root 11241100x8000000000000000414103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8882db3444927042021-12-21 10:43:40.943root 11241100x8000000000000000414104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.199015063c48d3012021-12-21 10:43:40.943root 11241100x8000000000000000414105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.747fe8e0ae0704b02021-12-21 10:43:40.943root 11241100x8000000000000000414106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718ccd8a741ae9072021-12-21 10:43:40.944root 11241100x8000000000000000414107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75fc216234b88b312021-12-21 10:43:40.944root 11241100x8000000000000000414108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3fb5d166250927d2021-12-21 10:43:40.944root 11241100x8000000000000000414109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e58332e48cce55c82021-12-21 10:43:40.944root 11241100x8000000000000000414110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b320d025afdcb42021-12-21 10:43:40.944root 11241100x8000000000000000414111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4eb393dc8d5ea002021-12-21 10:43:40.944root 11241100x8000000000000000414112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac1c0a2acdce38482021-12-21 10:43:40.944root 11241100x8000000000000000414113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d708aa14173fe7c82021-12-21 10:43:40.944root 11241100x8000000000000000414114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.442931d250c075742021-12-21 10:43:40.944root 11241100x8000000000000000414115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b343dd0b619983d62021-12-21 10:43:40.944root 11241100x8000000000000000414116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aecee4130ceefe2c2021-12-21 10:43:40.944root 11241100x8000000000000000414117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cef5aeba8e894532021-12-21 10:43:40.944root 11241100x8000000000000000414118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.584202d8720652e02021-12-21 10:43:40.945root 11241100x8000000000000000414119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fab09b08a07bffdf2021-12-21 10:43:40.945root 11241100x8000000000000000414120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5321f2195af4700b2021-12-21 10:43:40.945root 11241100x8000000000000000414121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.432b86533ab323902021-12-21 10:43:40.945root 11241100x8000000000000000414122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.405a4d60f2f664172021-12-21 10:43:40.946root 11241100x8000000000000000414123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.555e727744a1b7742021-12-21 10:43:40.946root 11241100x8000000000000000414124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a0b8b138e10f2b2021-12-21 10:43:40.946root 11241100x8000000000000000414125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae7567cf02a8d1b32021-12-21 10:43:40.946root 11241100x8000000000000000414126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf9355d16d999d292021-12-21 10:43:40.946root 11241100x8000000000000000414127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce08ae5d00b45ba2021-12-21 10:43:40.946root 11241100x8000000000000000414128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f53988bbc721a332021-12-21 10:43:40.946root 11241100x8000000000000000414129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd29357ae546fcdd2021-12-21 10:43:40.946root 11241100x8000000000000000414130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d328537623d5f002021-12-21 10:43:40.946root 11241100x8000000000000000414131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6150206f77271142021-12-21 10:43:40.946root 11241100x8000000000000000414132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d0a335a0c3100d2021-12-21 10:43:40.946root 11241100x8000000000000000414133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e035f7251b0c672021-12-21 10:43:40.946root 11241100x8000000000000000414134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcfb0cc70828c5ae2021-12-21 10:43:40.946root 11241100x8000000000000000414135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bbbe32071ffeaa02021-12-21 10:43:40.946root 11241100x8000000000000000414136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a122f842e805d9232021-12-21 10:43:40.946root 11241100x8000000000000000414137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.139f88ac2d18ceea2021-12-21 10:43:40.946root 11241100x8000000000000000414138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c058071ff0485c7d2021-12-21 10:43:40.946root 11241100x8000000000000000414139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e119190b27458ab32021-12-21 10:43:40.947root 11241100x8000000000000000414140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f5bbaa8d4c8dbb2021-12-21 10:43:40.947root 11241100x8000000000000000414141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ddef39df9bf74f22021-12-21 10:43:40.947root 11241100x8000000000000000414142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3050eb8ea97050be2021-12-21 10:43:40.947root 11241100x8000000000000000414143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb1464d2df4da302021-12-21 10:43:40.947root 11241100x8000000000000000414144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8525469f6c378132021-12-21 10:43:40.947root 11241100x8000000000000000414145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d95f7f8ce410d2052021-12-21 10:43:40.947root 11241100x8000000000000000414146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f88bbbe6998b6e2021-12-21 10:43:40.947root 11241100x8000000000000000414147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa4d80d5ed34cbd62021-12-21 10:43:40.948root 11241100x8000000000000000414148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:40.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73240a9ec259d21e2021-12-21 10:43:40.948root 11241100x8000000000000000414149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c1ba76bde853642021-12-21 10:43:41.443root 11241100x8000000000000000414150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d0b52e8f71d8b62021-12-21 10:43:41.443root 11241100x8000000000000000414151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.033241961f4f528c2021-12-21 10:43:41.444root 11241100x8000000000000000414152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8fd7f1cb5b4c7182021-12-21 10:43:41.444root 11241100x8000000000000000414153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68e8e6a2a92712b2021-12-21 10:43:41.444root 11241100x8000000000000000414154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b4428ef76a8c6632021-12-21 10:43:41.444root 11241100x8000000000000000414155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.447ed83bad10b3132021-12-21 10:43:41.444root 11241100x8000000000000000414156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90cf75c049ceefed2021-12-21 10:43:41.444root 11241100x8000000000000000414157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32884a82a7ce154f2021-12-21 10:43:41.445root 11241100x8000000000000000414158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.569ce7722c324ae22021-12-21 10:43:41.445root 11241100x8000000000000000414159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0128577b8b6c5f92021-12-21 10:43:41.445root 11241100x8000000000000000414160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db5c1c265908bff12021-12-21 10:43:41.445root 11241100x8000000000000000414161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b78e14c2be23f62021-12-21 10:43:41.446root 11241100x8000000000000000414162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f188aec7dcc194122021-12-21 10:43:41.446root 11241100x8000000000000000414163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f54f6abc25c2f4da2021-12-21 10:43:41.446root 11241100x8000000000000000414164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc81c68e7dd251192021-12-21 10:43:41.446root 11241100x8000000000000000414165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0481b23203acc4782021-12-21 10:43:41.446root 11241100x8000000000000000414166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bdf1d5013c7a2c72021-12-21 10:43:41.446root 11241100x8000000000000000414167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d0d6aca38f0ef22021-12-21 10:43:41.446root 11241100x8000000000000000414168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb5fd5fc613e15242021-12-21 10:43:41.446root 11241100x8000000000000000414169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e6be21d17242c52021-12-21 10:43:41.447root 11241100x8000000000000000414170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7781dd2b6bfa2872021-12-21 10:43:41.447root 11241100x8000000000000000414171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0977733f48c0f1d2021-12-21 10:43:41.447root 11241100x8000000000000000414172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e0516f75d5741062021-12-21 10:43:41.447root 11241100x8000000000000000414173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4acbef9901706c5d2021-12-21 10:43:41.447root 11241100x8000000000000000414174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bf9f1c5985671b62021-12-21 10:43:41.447root 11241100x8000000000000000414175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d3241c5a7cf10d2021-12-21 10:43:41.447root 11241100x8000000000000000414176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a9c02a96437c212021-12-21 10:43:41.448root 11241100x8000000000000000414177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bcb11b62c1db53c2021-12-21 10:43:41.448root 11241100x8000000000000000414178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea80024b6fcf8392021-12-21 10:43:41.448root 11241100x8000000000000000414179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8bc0cf825fcb7122021-12-21 10:43:41.448root 11241100x8000000000000000414180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6fa50bc42fd11002021-12-21 10:43:41.448root 11241100x8000000000000000414181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64fe772c5794e712021-12-21 10:43:41.448root 11241100x8000000000000000414182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e353c0e874d78f12021-12-21 10:43:41.448root 11241100x8000000000000000414183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.170fe1f47004252f2021-12-21 10:43:41.448root 11241100x8000000000000000414184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b3a9517f2891622021-12-21 10:43:41.448root 11241100x8000000000000000414185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4610726df3e294f2021-12-21 10:43:41.449root 11241100x8000000000000000414186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c8e7def215eed52021-12-21 10:43:41.449root 11241100x8000000000000000414187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc849aa98bd22ff2021-12-21 10:43:41.449root 11241100x8000000000000000414188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f38a0ae6b084ff2021-12-21 10:43:41.449root 11241100x8000000000000000414189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb7dcd09781c1482021-12-21 10:43:41.450root 11241100x8000000000000000414190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b94300563495bfb2021-12-21 10:43:41.943root 11241100x8000000000000000414191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e90e815142cdda2d2021-12-21 10:43:41.943root 11241100x8000000000000000414192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b58d610ebf2dc8502021-12-21 10:43:41.943root 11241100x8000000000000000414193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f923607a187b20932021-12-21 10:43:41.943root 11241100x8000000000000000414194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b901dcb3669457f2021-12-21 10:43:41.943root 11241100x8000000000000000414195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a31971d3437f4b2021-12-21 10:43:41.944root 11241100x8000000000000000414196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25f47beeb09d41152021-12-21 10:43:41.944root 11241100x8000000000000000414197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a8adda332039492021-12-21 10:43:41.944root 11241100x8000000000000000414198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf7cd6b3789786a2021-12-21 10:43:41.944root 11241100x8000000000000000414199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b3848420c5ad16e2021-12-21 10:43:41.944root 11241100x8000000000000000414200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e8677a65f39fe72021-12-21 10:43:41.944root 11241100x8000000000000000414201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3015308ba30cd472021-12-21 10:43:41.944root 11241100x8000000000000000414202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2c32a2c0744d7ec2021-12-21 10:43:41.944root 11241100x8000000000000000414203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f00dc8314ff1b5a52021-12-21 10:43:41.944root 11241100x8000000000000000414204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23413a83171624c52021-12-21 10:43:41.944root 11241100x8000000000000000414205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.642696fb2832ecb52021-12-21 10:43:41.945root 11241100x8000000000000000414206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.593d7dfae8becf392021-12-21 10:43:41.945root 11241100x8000000000000000414207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7765a290083e2e642021-12-21 10:43:41.945root 11241100x8000000000000000414208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0c170b291648e582021-12-21 10:43:41.945root 11241100x8000000000000000414209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a56008703d6e9972021-12-21 10:43:41.945root 11241100x8000000000000000414210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86600c38d6ebbe022021-12-21 10:43:41.945root 11241100x8000000000000000414211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a540e4bb19af87a42021-12-21 10:43:41.945root 11241100x8000000000000000414212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b0f7714812eab102021-12-21 10:43:41.946root 11241100x8000000000000000414213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.821605a949fa8abb2021-12-21 10:43:41.946root 11241100x8000000000000000414214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4795d92e12105ef42021-12-21 10:43:41.946root 11241100x8000000000000000414215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b2ceb9ce0526e02021-12-21 10:43:41.946root 11241100x8000000000000000414216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa97cfa3896265d42021-12-21 10:43:41.946root 11241100x8000000000000000414217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a69c8b8b132c13622021-12-21 10:43:41.946root 11241100x8000000000000000414218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31399037ebec16552021-12-21 10:43:41.946root 11241100x8000000000000000414219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94ae005638f6c262021-12-21 10:43:41.947root 11241100x8000000000000000414220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.927f07e7e268057b2021-12-21 10:43:41.947root 11241100x8000000000000000414221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff55ececcbf9c322021-12-21 10:43:41.947root 11241100x8000000000000000414222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d680fd9fad8598ce2021-12-21 10:43:41.947root 11241100x8000000000000000414223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc67e9cd19a09f6c2021-12-21 10:43:41.947root 11241100x8000000000000000414224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22548b9d46e1fc2c2021-12-21 10:43:41.947root 11241100x8000000000000000414225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6405670574d7fc672021-12-21 10:43:41.947root 11241100x8000000000000000414226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e28862440f1925e12021-12-21 10:43:41.947root 11241100x8000000000000000414227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:41.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115d0358eed533322021-12-21 10:43:41.948root 11241100x8000000000000000414228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c3e5d66ca4e2b4b2021-12-21 10:43:42.443root 11241100x8000000000000000414229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d973aa54fe67d13d2021-12-21 10:43:42.443root 11241100x8000000000000000414230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0838d1081e47c6132021-12-21 10:43:42.444root 11241100x8000000000000000414231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4adbf732bc0e51c12021-12-21 10:43:42.444root 11241100x8000000000000000414232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d370d44cc2a88a72021-12-21 10:43:42.444root 11241100x8000000000000000414233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5afbdd1ca49d508f2021-12-21 10:43:42.444root 11241100x8000000000000000414234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c946df6646a55f672021-12-21 10:43:42.444root 11241100x8000000000000000414235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb0d163e324a4a022021-12-21 10:43:42.444root 11241100x8000000000000000414236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6211bab296945ff52021-12-21 10:43:42.445root 11241100x8000000000000000414237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03bc198fadcba31b2021-12-21 10:43:42.445root 11241100x8000000000000000414238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c58af103a92fd7d2021-12-21 10:43:42.445root 11241100x8000000000000000414239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f13f19d4e49e44992021-12-21 10:43:42.445root 11241100x8000000000000000414240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68e971f0486a0daf2021-12-21 10:43:42.445root 11241100x8000000000000000414241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25eb0c74047639e42021-12-21 10:43:42.445root 11241100x8000000000000000414242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3863f47943430e202021-12-21 10:43:42.445root 11241100x8000000000000000414243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a40a8b69dbc318852021-12-21 10:43:42.446root 11241100x8000000000000000414244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dbecd90fc2257bb2021-12-21 10:43:42.446root 11241100x8000000000000000414245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.367cd033313246392021-12-21 10:43:42.446root 11241100x8000000000000000414246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ddf860a402dd0072021-12-21 10:43:42.446root 11241100x8000000000000000414247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d004b029f8dc8ca72021-12-21 10:43:42.446root 11241100x8000000000000000414248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bb28a55a1f4b1642021-12-21 10:43:42.446root 11241100x8000000000000000414249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d22c76b456e56dd2021-12-21 10:43:42.446root 11241100x8000000000000000414250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dbe7b57dd59e9692021-12-21 10:43:42.447root 11241100x8000000000000000414251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d7d114ca8dafa9c2021-12-21 10:43:42.448root 11241100x8000000000000000414252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.986cbdb8880c08992021-12-21 10:43:42.448root 11241100x8000000000000000414253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f8c31f9e12597b52021-12-21 10:43:42.448root 11241100x8000000000000000414254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f42d7adbd431d42021-12-21 10:43:42.448root 11241100x8000000000000000414255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35efa22523df7b4c2021-12-21 10:43:42.448root 11241100x8000000000000000414256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f0a8c483a156702021-12-21 10:43:42.449root 11241100x8000000000000000414257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a7eef6d715ba652021-12-21 10:43:42.449root 11241100x8000000000000000414258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c020d294e8b5ed2021-12-21 10:43:42.449root 11241100x8000000000000000414259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f5849d4d6b65f92021-12-21 10:43:42.449root 11241100x8000000000000000414260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe831e935014d262021-12-21 10:43:42.449root 11241100x8000000000000000414261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a53ec9b6b869f79e2021-12-21 10:43:42.449root 11241100x8000000000000000414262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a611c8439fc60b442021-12-21 10:43:42.449root 11241100x8000000000000000414263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce335aa447c93be62021-12-21 10:43:42.449root 11241100x8000000000000000414264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eff0b8a3c35248de2021-12-21 10:43:42.943root 11241100x8000000000000000414265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4e33abe3f9cd762021-12-21 10:43:42.943root 11241100x8000000000000000414266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea819740db5c6422021-12-21 10:43:42.943root 11241100x8000000000000000414267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4f25859a512d07f2021-12-21 10:43:42.944root 11241100x8000000000000000414268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bda2da27b04808ee2021-12-21 10:43:42.944root 11241100x8000000000000000414269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e5b87d9894f30e2021-12-21 10:43:42.944root 11241100x8000000000000000414270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.271d3050813ff9722021-12-21 10:43:42.944root 11241100x8000000000000000414271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e7c6775c2930b462021-12-21 10:43:42.944root 11241100x8000000000000000414272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.286d72d9dcdab72d2021-12-21 10:43:42.944root 11241100x8000000000000000414273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7b3f9d0dfb48db2021-12-21 10:43:42.944root 11241100x8000000000000000414274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad79c30ef4d61ba62021-12-21 10:43:42.944root 11241100x8000000000000000414275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b004de6205349a2021-12-21 10:43:42.945root 11241100x8000000000000000414276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f32c15697809953b2021-12-21 10:43:42.945root 11241100x8000000000000000414277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608874ba4425e9c02021-12-21 10:43:42.945root 11241100x8000000000000000414278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b265b78110414c342021-12-21 10:43:42.945root 11241100x8000000000000000414279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7a5c5401ecf2f502021-12-21 10:43:42.945root 11241100x8000000000000000414280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c189867f80869e2021-12-21 10:43:42.945root 11241100x8000000000000000414281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac03ecb548100e082021-12-21 10:43:42.945root 11241100x8000000000000000414282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f65e1707a77c4662021-12-21 10:43:42.945root 11241100x8000000000000000414283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ddf8ed91502e5892021-12-21 10:43:42.945root 11241100x8000000000000000414284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.740c17e5ba740a0f2021-12-21 10:43:42.945root 11241100x8000000000000000414285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4084e789dbc525be2021-12-21 10:43:42.945root 11241100x8000000000000000414286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df77329f339246b2021-12-21 10:43:42.946root 11241100x8000000000000000414287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71059631fe1a5c462021-12-21 10:43:42.946root 11241100x8000000000000000414288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ec232927a266c232021-12-21 10:43:42.946root 11241100x8000000000000000414289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc3962d8a19d570b2021-12-21 10:43:42.946root 11241100x8000000000000000414290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a310f623326b852021-12-21 10:43:42.946root 11241100x8000000000000000414291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb6a36dab1904a442021-12-21 10:43:42.946root 11241100x8000000000000000414292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feedec01934ecfae2021-12-21 10:43:42.946root 11241100x8000000000000000414293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c3c6c5cd2279ca62021-12-21 10:43:42.946root 11241100x8000000000000000414294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfda2c7cdad507b92021-12-21 10:43:42.946root 11241100x8000000000000000414295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2676d4259d798532021-12-21 10:43:42.946root 11241100x8000000000000000414296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79c15eb81150109a2021-12-21 10:43:42.947root 11241100x8000000000000000414297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.721db57251939da72021-12-21 10:43:42.947root 11241100x8000000000000000414298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c39eaefb17fea40d2021-12-21 10:43:42.947root 11241100x8000000000000000414299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a7e0ca326d8d3bc2021-12-21 10:43:42.947root 11241100x8000000000000000414300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e72f2b7cc6ece83e2021-12-21 10:43:42.947root 11241100x8000000000000000414301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b2ca84c36c95fa62021-12-21 10:43:42.947root 11241100x8000000000000000414302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcda7c28c551b8912021-12-21 10:43:42.947root 11241100x8000000000000000414303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb154ed5dcafca02021-12-21 10:43:42.947root 11241100x8000000000000000414304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba474691a96867aa2021-12-21 10:43:42.947root 11241100x8000000000000000414305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d58bfccf2f9da9512021-12-21 10:43:42.947root 11241100x8000000000000000414306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b006a37913ac8252021-12-21 10:43:42.948root 11241100x8000000000000000414307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:42.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5adfe0277565a0b22021-12-21 10:43:42.948root 11241100x8000000000000000414308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f66e2bddc751892021-12-21 10:43:43.443root 11241100x8000000000000000414309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a277023a44c264fb2021-12-21 10:43:43.443root 11241100x8000000000000000414310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e7b2f82f52d9a6f2021-12-21 10:43:43.443root 11241100x8000000000000000414311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40150017d2bcbe532021-12-21 10:43:43.443root 11241100x8000000000000000414312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b8ada3df5c0d31e2021-12-21 10:43:43.443root 11241100x8000000000000000414313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527dd98e6c98b4fd2021-12-21 10:43:43.444root 11241100x8000000000000000414314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19551f329c00e94c2021-12-21 10:43:43.444root 11241100x8000000000000000414315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12df28c45e57a37d2021-12-21 10:43:43.444root 11241100x8000000000000000414316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fdfc8947f033a362021-12-21 10:43:43.444root 11241100x8000000000000000414317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2367529fa54cffed2021-12-21 10:43:43.444root 11241100x8000000000000000414318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c8f504394f55ffb2021-12-21 10:43:43.444root 11241100x8000000000000000414319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bd17a39ab55d5df2021-12-21 10:43:43.444root 11241100x8000000000000000414320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4c28070a2bd45d42021-12-21 10:43:43.445root 11241100x8000000000000000414321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b2874f3e13f2092021-12-21 10:43:43.445root 11241100x8000000000000000414322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a540009255286c82021-12-21 10:43:43.445root 11241100x8000000000000000414323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9890369de808efe82021-12-21 10:43:43.445root 11241100x8000000000000000414324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4430cc5ac2c78e332021-12-21 10:43:43.445root 11241100x8000000000000000414325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72d291b004034192021-12-21 10:43:43.446root 11241100x8000000000000000414326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b4ea43d7a84d2a12021-12-21 10:43:43.446root 11241100x8000000000000000414327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16adb4f6a2f2fb8f2021-12-21 10:43:43.446root 11241100x8000000000000000414328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f86e6b7e37afbda72021-12-21 10:43:43.446root 11241100x8000000000000000414329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9339e1e9b9da31fb2021-12-21 10:43:43.446root 11241100x8000000000000000414330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d06bec283c05e87f2021-12-21 10:43:43.446root 11241100x8000000000000000414331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd69018c0f8e51f32021-12-21 10:43:43.447root 11241100x8000000000000000414332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb68c59f555c76c2021-12-21 10:43:43.447root 11241100x8000000000000000414333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c364a8fc116777222021-12-21 10:43:43.447root 11241100x8000000000000000414334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f9a77ed1316d0832021-12-21 10:43:43.447root 11241100x8000000000000000414335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4d4b193e9e1c212021-12-21 10:43:43.447root 11241100x8000000000000000414336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.593eb0d823837edd2021-12-21 10:43:43.447root 11241100x8000000000000000414337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e849e833e1366112021-12-21 10:43:43.447root 11241100x8000000000000000414338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0273b73fafc32b272021-12-21 10:43:43.447root 11241100x8000000000000000414339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d2fcbd166f5b2052021-12-21 10:43:43.447root 11241100x8000000000000000414340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6ca042a73c0b2322021-12-21 10:43:43.447root 11241100x8000000000000000414341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecdc839eda5eedc72021-12-21 10:43:43.447root 11241100x8000000000000000414342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fab56fc6297685c82021-12-21 10:43:43.448root 11241100x8000000000000000414343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12be461abb0d2a0a2021-12-21 10:43:43.448root 11241100x8000000000000000414344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9665987bd43e2ada2021-12-21 10:43:43.448root 11241100x8000000000000000414345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de6355d1e91419732021-12-21 10:43:43.448root 11241100x8000000000000000414346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdcee5f7e5f63a9d2021-12-21 10:43:43.448root 11241100x8000000000000000414347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f36dfbd80408f8fc2021-12-21 10:43:43.448root 11241100x8000000000000000414348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515ac89dc76d8cd92021-12-21 10:43:43.448root 11241100x8000000000000000414349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f4636c40c1c74f22021-12-21 10:43:43.448root 11241100x8000000000000000414350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2707a58dd050660a2021-12-21 10:43:43.448root 11241100x8000000000000000414351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac8bea281e055b3e2021-12-21 10:43:43.448root 11241100x8000000000000000414352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d73dd17e94a42c72021-12-21 10:43:43.448root 11241100x8000000000000000414353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0909e745d7113982021-12-21 10:43:43.448root 11241100x8000000000000000414354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e5cf2d377dc0b1b2021-12-21 10:43:43.448root 11241100x8000000000000000414355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e2e12acf6e9623a2021-12-21 10:43:43.448root 11241100x8000000000000000414356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5170a500e1975b2021-12-21 10:43:43.449root 11241100x8000000000000000414357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4fd860807f7af732021-12-21 10:43:43.449root 11241100x8000000000000000414358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6692638fd73657ca2021-12-21 10:43:43.449root 11241100x8000000000000000414359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc49f880a6a22cb72021-12-21 10:43:43.943root 11241100x8000000000000000414360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e515e09aa05e9f2021-12-21 10:43:43.943root 11241100x8000000000000000414361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2884c8440971865d2021-12-21 10:43:43.943root 11241100x8000000000000000414362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d19fe4aecdf03d02021-12-21 10:43:43.943root 11241100x8000000000000000414363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0815e00cbe9c0992021-12-21 10:43:43.944root 11241100x8000000000000000414364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf82a43943206302021-12-21 10:43:43.944root 11241100x8000000000000000414365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f3a34adca7ec1e62021-12-21 10:43:43.944root 11241100x8000000000000000414366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bbef1e29bb8c9b32021-12-21 10:43:43.944root 11241100x8000000000000000414367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dda2563513f68c582021-12-21 10:43:43.944root 11241100x8000000000000000414368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1400575f9da772582021-12-21 10:43:43.944root 11241100x8000000000000000414369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4ea7edd38cf8ec32021-12-21 10:43:43.944root 11241100x8000000000000000414370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4336180d87fccad12021-12-21 10:43:43.944root 11241100x8000000000000000414371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7992f8e8e9b2dd2021-12-21 10:43:43.944root 11241100x8000000000000000414372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fece91158332963b2021-12-21 10:43:43.944root 11241100x8000000000000000414373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d770758d7fbe8f12021-12-21 10:43:43.944root 11241100x8000000000000000414374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f83459b486e97ea2021-12-21 10:43:43.944root 11241100x8000000000000000414375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af8567510aebabc02021-12-21 10:43:43.944root 11241100x8000000000000000414376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f0b1cb993893462021-12-21 10:43:43.944root 11241100x8000000000000000414377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1456507c72af8cbd2021-12-21 10:43:43.945root 11241100x8000000000000000414378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48051d11c7dcdea12021-12-21 10:43:43.945root 11241100x8000000000000000414379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1fb36e9897f1beb2021-12-21 10:43:43.945root 11241100x8000000000000000414380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7366b0583c484cde2021-12-21 10:43:43.945root 11241100x8000000000000000414381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9c73f1274130a62021-12-21 10:43:43.945root 11241100x8000000000000000414382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b4157ccc27d71ab2021-12-21 10:43:43.945root 11241100x8000000000000000414383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20e3722ba62aa5812021-12-21 10:43:43.945root 11241100x8000000000000000414384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c83cc2fbf6404b182021-12-21 10:43:43.945root 11241100x8000000000000000414385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95cad47b0000c50a2021-12-21 10:43:43.945root 11241100x8000000000000000414386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da7987c3862a44d2021-12-21 10:43:43.945root 11241100x8000000000000000414387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eefd6c7342f54a422021-12-21 10:43:43.945root 11241100x8000000000000000414388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac98346e78ac279d2021-12-21 10:43:43.945root 11241100x8000000000000000414389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af483b0e7428b052021-12-21 10:43:43.945root 11241100x8000000000000000414390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a00fabd1e0bcf9b2021-12-21 10:43:43.946root 11241100x8000000000000000414391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242af891e0c39a082021-12-21 10:43:43.946root 11241100x8000000000000000414392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a861ab337fbf2b2021-12-21 10:43:43.946root 11241100x8000000000000000414393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7f4ddc4c5b8f6e12021-12-21 10:43:43.946root 11241100x8000000000000000414394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc23fef3202ac932021-12-21 10:43:43.946root 11241100x8000000000000000414395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0e5f0bc672989e2021-12-21 10:43:43.946root 11241100x8000000000000000414396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26968d81ff0957622021-12-21 10:43:44.443root 11241100x8000000000000000414397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f877dcfbed9e41332021-12-21 10:43:44.443root 11241100x8000000000000000414398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.356cfae86efa94852021-12-21 10:43:44.444root 11241100x8000000000000000414399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac1760c7f7cd0962021-12-21 10:43:44.444root 11241100x8000000000000000414400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9b9357b23e527f2021-12-21 10:43:44.444root 11241100x8000000000000000414401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfa4916bdffabbc62021-12-21 10:43:44.444root 11241100x8000000000000000414402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ff37046e192efc2021-12-21 10:43:44.444root 11241100x8000000000000000414403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be89be85fba5eb652021-12-21 10:43:44.444root 11241100x8000000000000000414404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f05764f06d47acb52021-12-21 10:43:44.444root 11241100x8000000000000000414405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f91946dbfa65182021-12-21 10:43:44.444root 11241100x8000000000000000414406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b978bc42aa3389ed2021-12-21 10:43:44.444root 11241100x8000000000000000414407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3431ed9b1384e512021-12-21 10:43:44.444root 11241100x8000000000000000414408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6299c3e2702b3fd92021-12-21 10:43:44.444root 11241100x8000000000000000414409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd84a91a10ec6c402021-12-21 10:43:44.445root 11241100x8000000000000000414410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ded2966e4a228d022021-12-21 10:43:44.445root 11241100x8000000000000000414411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb213b934f49bb62021-12-21 10:43:44.445root 11241100x8000000000000000414412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0705815ef67d5a8f2021-12-21 10:43:44.445root 11241100x8000000000000000414413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b35d8ecc82d54632021-12-21 10:43:44.445root 11241100x8000000000000000414414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a35fddc54bc9152021-12-21 10:43:44.445root 11241100x8000000000000000414415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea2c79772986d4a2021-12-21 10:43:44.445root 11241100x8000000000000000414416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78669be85d81ab872021-12-21 10:43:44.445root 11241100x8000000000000000414417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce74d9738438e7482021-12-21 10:43:44.445root 11241100x8000000000000000414418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23fe128a06f38aa2021-12-21 10:43:44.445root 11241100x8000000000000000414419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab149c28db2373c2021-12-21 10:43:44.446root 11241100x8000000000000000414420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6176c62eee3d516f2021-12-21 10:43:44.446root 11241100x8000000000000000414421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.defd3fe5f57224fc2021-12-21 10:43:44.446root 11241100x8000000000000000414422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b406c8e6bec3a1dd2021-12-21 10:43:44.446root 11241100x8000000000000000414423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6cebbaa3f5a5ead2021-12-21 10:43:44.446root 11241100x8000000000000000414424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462bd90f8c6993452021-12-21 10:43:44.446root 11241100x8000000000000000414425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a435f7ff70f809bf2021-12-21 10:43:44.446root 11241100x8000000000000000414426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.152dd83dadb50e6d2021-12-21 10:43:44.446root 11241100x8000000000000000414427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e3f2acede063f7f2021-12-21 10:43:44.446root 11241100x8000000000000000414428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe5ae6edb7005f272021-12-21 10:43:44.447root 11241100x8000000000000000414429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec412be8821a14502021-12-21 10:43:44.447root 11241100x8000000000000000414430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c802e3270d7892b92021-12-21 10:43:44.447root 11241100x8000000000000000414431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd45b9a507ae68922021-12-21 10:43:44.447root 11241100x8000000000000000414432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.203348a7fe7d4c902021-12-21 10:43:44.447root 11241100x8000000000000000414433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4deb366cff5cc8942021-12-21 10:43:44.943root 11241100x8000000000000000414434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fa155e3c59e5aca2021-12-21 10:43:44.943root 11241100x8000000000000000414435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4d6f9931da64e52021-12-21 10:43:44.943root 11241100x8000000000000000414436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bfd5a1e0648ce642021-12-21 10:43:44.943root 11241100x8000000000000000414437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c57bd7240e641312021-12-21 10:43:44.943root 11241100x8000000000000000414438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be8a08c10e0f81eb2021-12-21 10:43:44.943root 11241100x8000000000000000414439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.493cccb6e6c7ac092021-12-21 10:43:44.943root 11241100x8000000000000000414440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc06e03b8d9cda1c2021-12-21 10:43:44.944root 11241100x8000000000000000414441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c77910742e6885d2021-12-21 10:43:44.944root 11241100x8000000000000000414442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c76b37ed411ebd332021-12-21 10:43:44.944root 11241100x8000000000000000414443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0508ac74db5c97732021-12-21 10:43:44.944root 11241100x8000000000000000414444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e615aad1a6a5c27b2021-12-21 10:43:44.944root 11241100x8000000000000000414445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8dfba5ec42678722021-12-21 10:43:44.944root 11241100x8000000000000000414446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b55edfcaa16c76d32021-12-21 10:43:44.944root 11241100x8000000000000000414447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1979b1f67fdfc5f2021-12-21 10:43:44.944root 11241100x8000000000000000414448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc4a6fb3bfd6618f2021-12-21 10:43:44.944root 11241100x8000000000000000414449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e160487dfe21df72021-12-21 10:43:44.944root 11241100x8000000000000000414450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38681b8b11a0b3022021-12-21 10:43:44.944root 11241100x8000000000000000414451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e662e0e6ce2a60a42021-12-21 10:43:44.945root 11241100x8000000000000000414452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e34e102e1d3c8402021-12-21 10:43:44.945root 11241100x8000000000000000414453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f5e86b447a9638f2021-12-21 10:43:44.945root 11241100x8000000000000000414454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1f1965dde2dce1f2021-12-21 10:43:44.945root 11241100x8000000000000000414455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.364897210f1ff6e52021-12-21 10:43:44.945root 11241100x8000000000000000414456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adfa713aeaf100882021-12-21 10:43:44.945root 11241100x8000000000000000414457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9a03865336918dd2021-12-21 10:43:44.945root 11241100x8000000000000000414458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16771258b55aae992021-12-21 10:43:44.945root 11241100x8000000000000000414459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d080ed2eb6734e92021-12-21 10:43:44.945root 11241100x8000000000000000414460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a387b0b956c4d32021-12-21 10:43:44.946root 11241100x8000000000000000414461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d35db326da761982021-12-21 10:43:44.946root 11241100x8000000000000000414462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa393b8eaae7f1f62021-12-21 10:43:44.946root 11241100x8000000000000000414463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa43856146f70182021-12-21 10:43:44.946root 11241100x8000000000000000414464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.318d932612d3dff22021-12-21 10:43:44.946root 11241100x8000000000000000414465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6755c98b4a9f7c9f2021-12-21 10:43:44.946root 11241100x8000000000000000414466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd11f09d6f3631a22021-12-21 10:43:44.946root 11241100x8000000000000000414467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11eccca60c4cd4532021-12-21 10:43:44.946root 11241100x8000000000000000414468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de2fc0e91c96814e2021-12-21 10:43:44.947root 11241100x8000000000000000414469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee1c8e40dfa38182021-12-21 10:43:44.947root 11241100x8000000000000000414470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:44.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35acc9dc98a615372021-12-21 10:43:44.947root 354300x8000000000000000414471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.125{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47516-false10.0.1.12-8000- 11241100x8000000000000000414472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2453987618269c282021-12-21 10:43:45.443root 11241100x8000000000000000414473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0438ab0fb0d116f62021-12-21 10:43:45.443root 11241100x8000000000000000414474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.660d265a4a8294d22021-12-21 10:43:45.444root 11241100x8000000000000000414475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ad164d9bc188b0a2021-12-21 10:43:45.444root 11241100x8000000000000000414476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a2006e7d76c9552021-12-21 10:43:45.444root 11241100x8000000000000000414477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f90781e1512c27cc2021-12-21 10:43:45.444root 11241100x8000000000000000414478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5f87d5f754af8882021-12-21 10:43:45.445root 11241100x8000000000000000414479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3644afc66779b022021-12-21 10:43:45.445root 11241100x8000000000000000414480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23c4045236c979a92021-12-21 10:43:45.445root 11241100x8000000000000000414481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bd878b1971b661c2021-12-21 10:43:45.445root 11241100x8000000000000000414482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd242532fc5b0342021-12-21 10:43:45.446root 11241100x8000000000000000414483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b558786cc868062021-12-21 10:43:45.446root 11241100x8000000000000000414484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14bfb947857977762021-12-21 10:43:45.446root 11241100x8000000000000000414485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04214153996584eb2021-12-21 10:43:45.446root 11241100x8000000000000000414486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074a75c2735c42392021-12-21 10:43:45.447root 11241100x8000000000000000414487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abe7d6d7b2c4cfb32021-12-21 10:43:45.447root 11241100x8000000000000000414488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efeb676ecdd39a182021-12-21 10:43:45.447root 11241100x8000000000000000414489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b3cbff5c0b3c2d2021-12-21 10:43:45.448root 11241100x8000000000000000414490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4772a7e2be866e0f2021-12-21 10:43:45.448root 11241100x8000000000000000414491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38448c1a12f297162021-12-21 10:43:45.448root 11241100x8000000000000000414492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.997a0b97841e55962021-12-21 10:43:45.449root 11241100x8000000000000000414493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95448bf8692371b62021-12-21 10:43:45.449root 11241100x8000000000000000414494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0717d1ab396747372021-12-21 10:43:45.449root 11241100x8000000000000000414495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd472b3859ea829f2021-12-21 10:43:45.449root 11241100x8000000000000000414496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0734437d18875cfd2021-12-21 10:43:45.450root 11241100x8000000000000000414497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09111819f08a61a82021-12-21 10:43:45.450root 11241100x8000000000000000414498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a45c59fffbe0e712021-12-21 10:43:45.450root 11241100x8000000000000000414499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ca806c0d4ca0ef2021-12-21 10:43:45.450root 11241100x8000000000000000414500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c8b7c7279968972021-12-21 10:43:45.450root 11241100x8000000000000000414501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b6e89011afcdd532021-12-21 10:43:45.450root 11241100x8000000000000000414502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a40f1e0a1e6d4b22021-12-21 10:43:45.451root 11241100x8000000000000000414503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e63f4f420b5ac02021-12-21 10:43:45.451root 11241100x8000000000000000414504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619f996ba28f2ecb2021-12-21 10:43:45.451root 11241100x8000000000000000414505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74515ee2b2296b4c2021-12-21 10:43:45.451root 11241100x8000000000000000414506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adfccc5009f7d71a2021-12-21 10:43:45.452root 11241100x8000000000000000414507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68e1fb6f6026d5f2021-12-21 10:43:45.452root 11241100x8000000000000000414508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.260316ad3d086c552021-12-21 10:43:45.452root 11241100x8000000000000000414509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.033b4fd332a1aded2021-12-21 10:43:45.452root 11241100x8000000000000000414510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3447aa2360a927372021-12-21 10:43:45.452root 11241100x8000000000000000414511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d732c321104b0be22021-12-21 10:43:45.453root 11241100x8000000000000000414512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcef733c2535131f2021-12-21 10:43:45.453root 11241100x8000000000000000414513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e03a8f420c81422021-12-21 10:43:45.453root 11241100x8000000000000000414514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1856ee1709efaf5a2021-12-21 10:43:45.453root 11241100x8000000000000000414515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b4071cb03813ae2021-12-21 10:43:45.943root 11241100x8000000000000000414516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ccb8d990a0bee52021-12-21 10:43:45.943root 11241100x8000000000000000414517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d9db5880e005bc2021-12-21 10:43:45.943root 11241100x8000000000000000414518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.960c62cbb5967af12021-12-21 10:43:45.943root 11241100x8000000000000000414519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9535eb5040c2b4442021-12-21 10:43:45.943root 11241100x8000000000000000414520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f20ec05babce7a192021-12-21 10:43:45.944root 11241100x8000000000000000414521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e0621d781ea9d942021-12-21 10:43:45.944root 11241100x8000000000000000414522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f96567b9c49d66d2021-12-21 10:43:45.944root 11241100x8000000000000000414523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c4db30429e587ab2021-12-21 10:43:45.944root 11241100x8000000000000000414524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f656d3bd5c368d8d2021-12-21 10:43:45.944root 11241100x8000000000000000414525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31ac0649d4f294112021-12-21 10:43:45.944root 11241100x8000000000000000414526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e7cece830557df62021-12-21 10:43:45.944root 11241100x8000000000000000414527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a47f7cbbbbd388642021-12-21 10:43:45.945root 11241100x8000000000000000414528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4abecd1c41063a2f2021-12-21 10:43:45.945root 11241100x8000000000000000414529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb6cf31650ad9372021-12-21 10:43:45.945root 11241100x8000000000000000414530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72fbe7fb74c64fb72021-12-21 10:43:45.945root 11241100x8000000000000000414531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.791145bd8014fed22021-12-21 10:43:45.945root 11241100x8000000000000000414532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0eb5de9f6312caf2021-12-21 10:43:45.945root 11241100x8000000000000000414533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fad81147fbacf722021-12-21 10:43:45.945root 11241100x8000000000000000414534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.753210d530ae88d92021-12-21 10:43:45.946root 11241100x8000000000000000414535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a4b979cd644c8b2021-12-21 10:43:45.946root 11241100x8000000000000000414536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa178c26d5cff0b2021-12-21 10:43:45.946root 11241100x8000000000000000414537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883a6a5ea608f7ba2021-12-21 10:43:45.946root 11241100x8000000000000000414538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8d134f1ad04d9b2021-12-21 10:43:45.946root 11241100x8000000000000000414539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82772e15495ff72c2021-12-21 10:43:45.946root 11241100x8000000000000000414540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f534c38984b1f932021-12-21 10:43:45.946root 11241100x8000000000000000414541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26bd652eec13bd3e2021-12-21 10:43:45.947root 11241100x8000000000000000414542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3252a21428557012021-12-21 10:43:45.947root 11241100x8000000000000000414543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b70158663cad8c6f2021-12-21 10:43:45.947root 11241100x8000000000000000414544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fce57f3ad4424bf2021-12-21 10:43:45.948root 11241100x8000000000000000414545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62069676bd3c64532021-12-21 10:43:45.948root 11241100x8000000000000000414546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dbf83eca8b090b92021-12-21 10:43:45.948root 11241100x8000000000000000414547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140fe0ec7220b26d2021-12-21 10:43:45.948root 11241100x8000000000000000414548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d5c6a01fb3e1a822021-12-21 10:43:45.948root 11241100x8000000000000000414549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2fe01121e82196d2021-12-21 10:43:45.948root 11241100x8000000000000000414550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba1d762a25e009f22021-12-21 10:43:45.948root 11241100x8000000000000000414551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.080e77ec950a87a82021-12-21 10:43:45.948root 11241100x8000000000000000414552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.981a8d335d8d2fa42021-12-21 10:43:45.949root 11241100x8000000000000000414553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dcfefd65ca4bb472021-12-21 10:43:45.949root 11241100x8000000000000000414554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5571dd9da6eea1802021-12-21 10:43:45.949root 11241100x8000000000000000414555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b531e5b286d4c19c2021-12-21 10:43:45.949root 11241100x8000000000000000414556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f9bb6c99d5fcf872021-12-21 10:43:45.949root 11241100x8000000000000000414557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de9a5900b7da8fe82021-12-21 10:43:45.949root 11241100x8000000000000000414558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d96c58ce1853bb42021-12-21 10:43:45.949root 11241100x8000000000000000414559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1cdd5279d4b97f32021-12-21 10:43:45.950root 11241100x8000000000000000414560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb359b87c9842ee12021-12-21 10:43:45.950root 11241100x8000000000000000414561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.719dc01d36c9ed772021-12-21 10:43:45.950root 11241100x8000000000000000414562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.913c1551194429762021-12-21 10:43:45.950root 11241100x8000000000000000414563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6be0f189454af9ec2021-12-21 10:43:45.950root 11241100x8000000000000000414564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36221df956c030692021-12-21 10:43:45.950root 11241100x8000000000000000414565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99588cd398c4ec462021-12-21 10:43:45.950root 11241100x8000000000000000414566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb268b3ddbfe3142021-12-21 10:43:45.950root 11241100x8000000000000000414567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.582540392e5ad0c62021-12-21 10:43:45.951root 11241100x8000000000000000414568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eaa3865666215752021-12-21 10:43:45.951root 11241100x8000000000000000414569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:45.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19c0190a9b8020952021-12-21 10:43:45.951root 11241100x8000000000000000414570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02b3964c38cca69a2021-12-21 10:43:46.443root 11241100x8000000000000000414571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.301743d18a0c8db52021-12-21 10:43:46.443root 11241100x8000000000000000414572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e38476a1fe69b4772021-12-21 10:43:46.444root 11241100x8000000000000000414573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970ddc5a161bd6db2021-12-21 10:43:46.444root 11241100x8000000000000000414574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deed767fbc02cf702021-12-21 10:43:46.444root 11241100x8000000000000000414575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bca71e9f0fc31a92021-12-21 10:43:46.444root 11241100x8000000000000000414576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.905fe242cb8e56962021-12-21 10:43:46.444root 11241100x8000000000000000414577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb6ae5996da9e7f2021-12-21 10:43:46.444root 11241100x8000000000000000414578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54657ac7c49525f52021-12-21 10:43:46.444root 11241100x8000000000000000414579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6032c72262e069f2021-12-21 10:43:46.445root 11241100x8000000000000000414580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78845d929c9cc2ad2021-12-21 10:43:46.445root 11241100x8000000000000000414581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3420ccd0949056372021-12-21 10:43:46.445root 11241100x8000000000000000414582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.687168d9afb887a92021-12-21 10:43:46.445root 11241100x8000000000000000414583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bb13102968056d32021-12-21 10:43:46.445root 11241100x8000000000000000414584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde6b93a00336fc92021-12-21 10:43:46.445root 11241100x8000000000000000414585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c607c2bbcf051d82021-12-21 10:43:46.445root 11241100x8000000000000000414586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b807c02f1020c882021-12-21 10:43:46.445root 11241100x8000000000000000414587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c05d11884d9e7ea2021-12-21 10:43:46.445root 11241100x8000000000000000414588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e6ea20201aaa942021-12-21 10:43:46.445root 11241100x8000000000000000414589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b35324d8d05f9c2021-12-21 10:43:46.446root 11241100x8000000000000000414590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.837c85fc0acd3f252021-12-21 10:43:46.446root 11241100x8000000000000000414591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4a9dd29fd98ca02021-12-21 10:43:46.446root 11241100x8000000000000000414592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0f4c51154adbb32021-12-21 10:43:46.446root 11241100x8000000000000000414593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82a7fb68379d8d872021-12-21 10:43:46.446root 11241100x8000000000000000414594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da90dcd6e88bc142021-12-21 10:43:46.446root 11241100x8000000000000000414595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4711ede62dcef8e52021-12-21 10:43:46.446root 11241100x8000000000000000414596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd82d7d8dbb731672021-12-21 10:43:46.446root 11241100x8000000000000000414597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06495590099267ad2021-12-21 10:43:46.447root 11241100x8000000000000000414598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa5b2946e32a0f22021-12-21 10:43:46.447root 11241100x8000000000000000414599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.876141386b5daab12021-12-21 10:43:46.447root 11241100x8000000000000000414600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc6008b1fc9d4602021-12-21 10:43:46.447root 11241100x8000000000000000414601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb1d81d19e7a45a52021-12-21 10:43:46.447root 11241100x8000000000000000414602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05090ff1e4c1d9f82021-12-21 10:43:46.447root 11241100x8000000000000000414603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f58dde3cb024cfc2021-12-21 10:43:46.447root 11241100x8000000000000000414604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eab0da4b571e0f1b2021-12-21 10:43:46.447root 11241100x8000000000000000414605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5212a724b8962b22021-12-21 10:43:46.448root 11241100x8000000000000000414606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffee47ad2ebf76b22021-12-21 10:43:46.448root 11241100x8000000000000000414607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292405b5c7bb9b822021-12-21 10:43:46.448root 11241100x8000000000000000414608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd10f1791ebc2b12021-12-21 10:43:46.448root 11241100x8000000000000000414609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c75e5faadbc5ea02021-12-21 10:43:46.448root 11241100x8000000000000000414610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d80136f186dce12021-12-21 10:43:46.448root 11241100x8000000000000000414611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3478ef87ee7f5e102021-12-21 10:43:46.449root 11241100x8000000000000000414612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dba45599ada2a752021-12-21 10:43:46.449root 11241100x8000000000000000414613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c11b346faa86192021-12-21 10:43:46.449root 11241100x8000000000000000414614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b085bb1d40bcbef2021-12-21 10:43:46.449root 11241100x8000000000000000414615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc9e0bbd92be9c72021-12-21 10:43:46.449root 11241100x8000000000000000414616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdac8e8e1eb019402021-12-21 10:43:46.449root 11241100x8000000000000000414617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0c29ed1835937172021-12-21 10:43:46.943root 11241100x8000000000000000414618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e56638a503b90b2021-12-21 10:43:46.943root 11241100x8000000000000000414619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b3d750fd622c092021-12-21 10:43:46.943root 11241100x8000000000000000414620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf7b942e7b39c4a2021-12-21 10:43:46.943root 11241100x8000000000000000414621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c727b1db1ce3a2352021-12-21 10:43:46.943root 11241100x8000000000000000414622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00fa0158181d6f3c2021-12-21 10:43:46.944root 11241100x8000000000000000414623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c55e71aacf6dfb92021-12-21 10:43:46.944root 11241100x8000000000000000414624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fabefb80e92a89082021-12-21 10:43:46.944root 11241100x8000000000000000414625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.938420bc7531b5b42021-12-21 10:43:46.944root 11241100x8000000000000000414626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.539154cc37b86e3d2021-12-21 10:43:46.944root 11241100x8000000000000000414627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bea8cfae216145c92021-12-21 10:43:46.944root 11241100x8000000000000000414628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.badbf48c35fdfbf42021-12-21 10:43:46.945root 11241100x8000000000000000414629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c655107e0c64b8332021-12-21 10:43:46.945root 11241100x8000000000000000414630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8057d6bb3c7236732021-12-21 10:43:46.945root 11241100x8000000000000000414631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21245937fd54094e2021-12-21 10:43:46.945root 11241100x8000000000000000414632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9927fed2b226b8d2021-12-21 10:43:46.945root 11241100x8000000000000000414633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb6715cad958c162021-12-21 10:43:46.945root 11241100x8000000000000000414634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d2f66d892878bd22021-12-21 10:43:46.946root 11241100x8000000000000000414635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d3807801d24ce292021-12-21 10:43:46.946root 11241100x8000000000000000414636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea5d737391a38dfb2021-12-21 10:43:46.946root 11241100x8000000000000000414637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f66f9f4bb3f4e9992021-12-21 10:43:46.946root 11241100x8000000000000000414638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f059a0687452ae792021-12-21 10:43:46.946root 11241100x8000000000000000414639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7415d458adc59b442021-12-21 10:43:46.946root 11241100x8000000000000000414640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56358568b7ef09ce2021-12-21 10:43:46.946root 11241100x8000000000000000414641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e0b6ee1502a4cec2021-12-21 10:43:46.946root 11241100x8000000000000000414642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ff6afa71ac53d182021-12-21 10:43:46.947root 11241100x8000000000000000414643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d31228cedd981e2021-12-21 10:43:46.947root 11241100x8000000000000000414644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c6a723a7a6a60af2021-12-21 10:43:46.947root 11241100x8000000000000000414645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e73cac4ce741f62021-12-21 10:43:46.947root 11241100x8000000000000000414646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f933640649be0d2021-12-21 10:43:46.947root 11241100x8000000000000000414647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467f479c3522fcf42021-12-21 10:43:46.947root 11241100x8000000000000000414648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839c8ef201525bd12021-12-21 10:43:46.947root 11241100x8000000000000000414649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac72969869c8b862021-12-21 10:43:46.947root 11241100x8000000000000000414650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a8366661889229a2021-12-21 10:43:46.947root 11241100x8000000000000000414651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f68de5ed3dfa4612021-12-21 10:43:46.948root 11241100x8000000000000000414652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3009c45998792a32021-12-21 10:43:46.948root 11241100x8000000000000000414653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b68fb50c77a9c8ec2021-12-21 10:43:46.948root 11241100x8000000000000000414654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d2a28643b3d70fc2021-12-21 10:43:46.948root 11241100x8000000000000000414655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a850f1e83d0155d2021-12-21 10:43:46.948root 11241100x8000000000000000414656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48af644a39fa133b2021-12-21 10:43:46.948root 11241100x8000000000000000414657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096eba2ce3fb79ab2021-12-21 10:43:46.948root 11241100x8000000000000000414658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7f68ffc262a98f2021-12-21 10:43:46.948root 11241100x8000000000000000414659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d419e42371951062021-12-21 10:43:46.948root 11241100x8000000000000000414660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.490538abf2faea532021-12-21 10:43:46.949root 11241100x8000000000000000414661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad2fa845e09f6322021-12-21 10:43:46.949root 11241100x8000000000000000414662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:46.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba78c97befc8b06e2021-12-21 10:43:46.949root 11241100x8000000000000000414663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34d293d18b582c452021-12-21 10:43:47.443root 11241100x8000000000000000414664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d926bdd2cf7de2d32021-12-21 10:43:47.443root 11241100x8000000000000000414665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0312aa039a91ba0e2021-12-21 10:43:47.443root 11241100x8000000000000000414666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.625fd683c8553a302021-12-21 10:43:47.444root 11241100x8000000000000000414667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a740c85f7f1ec62021-12-21 10:43:47.444root 11241100x8000000000000000414668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.011cd3c59b60c3a92021-12-21 10:43:47.444root 11241100x8000000000000000414669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adb376450b9f76e22021-12-21 10:43:47.444root 11241100x8000000000000000414670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7853f0270c872932021-12-21 10:43:47.444root 11241100x8000000000000000414671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f2b2dc4d8e998982021-12-21 10:43:47.444root 11241100x8000000000000000414672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c967fd2508c39beb2021-12-21 10:43:47.444root 11241100x8000000000000000414673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47440d5a57df94e72021-12-21 10:43:47.444root 11241100x8000000000000000414674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8f3073eb9b6306a2021-12-21 10:43:47.444root 11241100x8000000000000000414675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edcf410edb82fe042021-12-21 10:43:47.444root 11241100x8000000000000000414676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4b7443b5b893892021-12-21 10:43:47.444root 11241100x8000000000000000414677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4cb34b1fb29e512021-12-21 10:43:47.444root 11241100x8000000000000000414678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c8dbc115e19a892021-12-21 10:43:47.444root 11241100x8000000000000000414679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9bf79e3b2985f92021-12-21 10:43:47.445root 11241100x8000000000000000414680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fac91f7962bfc432021-12-21 10:43:47.445root 11241100x8000000000000000414681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.554c8bc9f5ffe1cc2021-12-21 10:43:47.445root 11241100x8000000000000000414682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e2d5a3f7a989302021-12-21 10:43:47.445root 11241100x8000000000000000414683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4352ef5c47841c2d2021-12-21 10:43:47.445root 11241100x8000000000000000414684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5103ef06ff7b49f12021-12-21 10:43:47.445root 11241100x8000000000000000414685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39be12c07772dac02021-12-21 10:43:47.445root 11241100x8000000000000000414686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f596cc684a62caee2021-12-21 10:43:47.445root 11241100x8000000000000000414687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0523e418d240fc642021-12-21 10:43:47.445root 11241100x8000000000000000414688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64bd862755d21fa42021-12-21 10:43:47.445root 11241100x8000000000000000414689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a5038757573d3c2021-12-21 10:43:47.445root 11241100x8000000000000000414690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ba6da339116b4d12021-12-21 10:43:47.446root 11241100x8000000000000000414691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ef27a08679c2c42021-12-21 10:43:47.446root 11241100x8000000000000000414692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5fa97bc819f72322021-12-21 10:43:47.446root 11241100x8000000000000000414693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c00221c439ba7792021-12-21 10:43:47.446root 11241100x8000000000000000414694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e12587e5511fb62021-12-21 10:43:47.446root 11241100x8000000000000000414695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e2eac7ebfefc052021-12-21 10:43:47.446root 11241100x8000000000000000414696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbf55dbc7e204a872021-12-21 10:43:47.446root 11241100x8000000000000000414697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1163be9f651248ff2021-12-21 10:43:47.446root 11241100x8000000000000000414698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf16ad7d2a0ff462021-12-21 10:43:47.446root 11241100x8000000000000000414699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.886d07f66a4f4b472021-12-21 10:43:47.943root 11241100x8000000000000000414700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.492e6829eca4a9da2021-12-21 10:43:47.943root 11241100x8000000000000000414701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e24021c3a7317712021-12-21 10:43:47.944root 11241100x8000000000000000414702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db3266389dbe9ea2021-12-21 10:43:47.944root 11241100x8000000000000000414703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75cfeb35801311ba2021-12-21 10:43:47.944root 11241100x8000000000000000414704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f967846f7529972021-12-21 10:43:47.944root 11241100x8000000000000000414705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.586f0617ea36fdae2021-12-21 10:43:47.944root 11241100x8000000000000000414706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0067cd5e1df19d602021-12-21 10:43:47.944root 11241100x8000000000000000414707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f9a6e3b464bb4262021-12-21 10:43:47.944root 11241100x8000000000000000414708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fae844d9cc0c583b2021-12-21 10:43:47.944root 11241100x8000000000000000414709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cab5edf9127adc12021-12-21 10:43:47.944root 11241100x8000000000000000414710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649494b8049b8b052021-12-21 10:43:47.944root 11241100x8000000000000000414711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4ac989b5b323e3f2021-12-21 10:43:47.944root 11241100x8000000000000000414712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c65c159f85149422021-12-21 10:43:47.944root 11241100x8000000000000000414713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c32785a9e05beaa2021-12-21 10:43:47.944root 11241100x8000000000000000414714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27a256064ba08c472021-12-21 10:43:47.944root 11241100x8000000000000000414715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7469ce4082d2fec62021-12-21 10:43:47.944root 11241100x8000000000000000414716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29dac58bf26d73322021-12-21 10:43:47.944root 11241100x8000000000000000414717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91946ea24a4efca72021-12-21 10:43:47.945root 11241100x8000000000000000414718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc00033470a23f232021-12-21 10:43:47.945root 11241100x8000000000000000414719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7346b27b45f24f72021-12-21 10:43:47.945root 11241100x8000000000000000414720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b40d6a2967b4d1812021-12-21 10:43:47.945root 11241100x8000000000000000414721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd882598ecb2e752021-12-21 10:43:47.945root 11241100x8000000000000000414722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e61d9b9a2075402021-12-21 10:43:47.945root 11241100x8000000000000000414723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec0815cc9edb21fb2021-12-21 10:43:47.945root 11241100x8000000000000000414724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c25be182f48ed02021-12-21 10:43:47.945root 11241100x8000000000000000414725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7159a280369e4a7f2021-12-21 10:43:47.945root 11241100x8000000000000000414726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.975745b2a83bc6e72021-12-21 10:43:47.945root 11241100x8000000000000000414727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c939f26fddd69c22021-12-21 10:43:47.945root 11241100x8000000000000000414728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff1014a44cb43e42021-12-21 10:43:47.945root 11241100x8000000000000000414729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf48a53d5d01e0ad2021-12-21 10:43:47.945root 11241100x8000000000000000414730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba7ec8dec6a087f02021-12-21 10:43:47.946root 11241100x8000000000000000414731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.972f909409e8884a2021-12-21 10:43:47.946root 11241100x8000000000000000414732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab9a140cf6d09ee12021-12-21 10:43:47.946root 11241100x8000000000000000414733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a61021fc3afa7b2021-12-21 10:43:47.946root 11241100x8000000000000000414734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fe17edcf3705b1f2021-12-21 10:43:47.946root 11241100x8000000000000000414735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.918ce0ae2a0574dc2021-12-21 10:43:47.946root 11241100x8000000000000000414736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.250c375072a1fc7e2021-12-21 10:43:47.946root 11241100x8000000000000000414737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.763cd5be6d46365b2021-12-21 10:43:47.946root 11241100x8000000000000000414738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a283d64cdbc8552021-12-21 10:43:47.946root 11241100x8000000000000000414739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eba2f1ec7404056f2021-12-21 10:43:47.946root 11241100x8000000000000000414740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c2e145aa1d499182021-12-21 10:43:47.946root 11241100x8000000000000000414741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b430e2ddbac302bb2021-12-21 10:43:47.947root 11241100x8000000000000000414742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c75f00dacd5872c62021-12-21 10:43:47.947root 11241100x8000000000000000414743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aff26bae58e011f2021-12-21 10:43:48.443root 11241100x8000000000000000414744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5066e6a955a836cb2021-12-21 10:43:48.443root 11241100x8000000000000000414745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7cb9d36eb59dcb62021-12-21 10:43:48.443root 11241100x8000000000000000414746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.183dac0181057b982021-12-21 10:43:48.443root 11241100x8000000000000000414747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c914f78048bc962021-12-21 10:43:48.444root 11241100x8000000000000000414748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03801ff40fbfab5e2021-12-21 10:43:48.444root 11241100x8000000000000000414749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9510ba3cab679dca2021-12-21 10:43:48.444root 11241100x8000000000000000414750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b48606143e177e192021-12-21 10:43:48.444root 11241100x8000000000000000414751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a15b7ede3d57f2a2021-12-21 10:43:48.444root 11241100x8000000000000000414752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e4f868a7a1369b82021-12-21 10:43:48.444root 11241100x8000000000000000414753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33f86d23db4db5632021-12-21 10:43:48.445root 11241100x8000000000000000414754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83339fff8d398ec72021-12-21 10:43:48.445root 11241100x8000000000000000414755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a86dcc8bdc9c1972021-12-21 10:43:48.445root 11241100x8000000000000000414756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c12d0b00ba2c89d2021-12-21 10:43:48.446root 11241100x8000000000000000414757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14b19e64900360cb2021-12-21 10:43:48.446root 11241100x8000000000000000414758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c179744d0071ebd2021-12-21 10:43:48.446root 11241100x8000000000000000414759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32b9de485e96641a2021-12-21 10:43:48.446root 11241100x8000000000000000414760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24a9da6c9af4956c2021-12-21 10:43:48.446root 11241100x8000000000000000414761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9f84125b06eb8c2021-12-21 10:43:48.446root 11241100x8000000000000000414762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6a400cae39e03972021-12-21 10:43:48.446root 11241100x8000000000000000414763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b75bbad376fd972021-12-21 10:43:48.447root 11241100x8000000000000000414764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f6fd7befce0fa82021-12-21 10:43:48.447root 11241100x8000000000000000414765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4345d9f12568bf62021-12-21 10:43:48.447root 11241100x8000000000000000414766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cacfe72f15e2a2f62021-12-21 10:43:48.447root 11241100x8000000000000000414767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6eb5149c7e9ef242021-12-21 10:43:48.448root 11241100x8000000000000000414768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e2082be72c752d2021-12-21 10:43:48.448root 11241100x8000000000000000414769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9f228cddabe5fd2021-12-21 10:43:48.448root 11241100x8000000000000000414770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a33e4af0fa32a82021-12-21 10:43:48.448root 11241100x8000000000000000414771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5646752a83be9682021-12-21 10:43:48.448root 11241100x8000000000000000414772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b60f60a06c7f7962021-12-21 10:43:48.449root 11241100x8000000000000000414773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c855e05ec15895c2021-12-21 10:43:48.449root 11241100x8000000000000000414774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b8c03e41f3396ca2021-12-21 10:43:48.449root 11241100x8000000000000000414775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e077342f62c0dc752021-12-21 10:43:48.449root 11241100x8000000000000000414776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37ebca47c3de90462021-12-21 10:43:48.450root 11241100x8000000000000000414777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8531d0913c8c7c422021-12-21 10:43:48.450root 11241100x8000000000000000414778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1e09e74f7746bc2021-12-21 10:43:48.450root 11241100x8000000000000000414779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6cdd77933755cfe2021-12-21 10:43:48.450root 11241100x8000000000000000414780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd2a69c4d27a51972021-12-21 10:43:48.450root 11241100x8000000000000000414781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d52a966ab573c0632021-12-21 10:43:48.451root 11241100x8000000000000000414782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49761bddb6f8c2242021-12-21 10:43:48.451root 11241100x8000000000000000414783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce5a6bf75c75b512021-12-21 10:43:48.451root 11241100x8000000000000000414784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.936aefef2946029e2021-12-21 10:43:48.451root 11241100x8000000000000000414785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6ee00408f50dc4c2021-12-21 10:43:48.452root 11241100x8000000000000000414786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b16ef84781dddc492021-12-21 10:43:48.452root 11241100x8000000000000000414787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2773d0066be3b5d2021-12-21 10:43:48.452root 11241100x8000000000000000414788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.436abb12478c1a9f2021-12-21 10:43:48.943root 11241100x8000000000000000414789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d14e049d0945dab2021-12-21 10:43:48.943root 11241100x8000000000000000414790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f89b4ca73b0bccb22021-12-21 10:43:48.943root 11241100x8000000000000000414791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da3510ba9b106ad32021-12-21 10:43:48.944root 11241100x8000000000000000414792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.803708d77a7fc35c2021-12-21 10:43:48.944root 11241100x8000000000000000414793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe44e6aa27e1e172021-12-21 10:43:48.944root 11241100x8000000000000000414794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38dac7857590c2722021-12-21 10:43:48.944root 11241100x8000000000000000414795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b68141dd398e892021-12-21 10:43:48.945root 11241100x8000000000000000414796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96cac60b7690ad712021-12-21 10:43:48.945root 11241100x8000000000000000414797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9a37d678ff3c942021-12-21 10:43:48.945root 11241100x8000000000000000414798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a2723a7b659e9882021-12-21 10:43:48.945root 11241100x8000000000000000414799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cd2056f8cfbec602021-12-21 10:43:48.945root 11241100x8000000000000000414800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26843e5c10534d7c2021-12-21 10:43:48.946root 11241100x8000000000000000414801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ba7a7c78ff9ce42021-12-21 10:43:48.946root 11241100x8000000000000000414802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86cf212c2ec40d3b2021-12-21 10:43:48.946root 11241100x8000000000000000414803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba7003833b3e9ace2021-12-21 10:43:48.946root 11241100x8000000000000000414804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8156f65a917c736f2021-12-21 10:43:48.947root 11241100x8000000000000000414805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ab4928b21d86a12021-12-21 10:43:48.947root 11241100x8000000000000000414806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9050d9ea4c1df6f2021-12-21 10:43:48.947root 11241100x8000000000000000414807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc99cc75483d73b2021-12-21 10:43:48.947root 11241100x8000000000000000414808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3943ebbabb2768d82021-12-21 10:43:48.947root 11241100x8000000000000000414809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.310203717a5b500d2021-12-21 10:43:48.947root 11241100x8000000000000000414810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5369765e2463a372021-12-21 10:43:48.948root 11241100x8000000000000000414811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ef857254ac33d2c2021-12-21 10:43:48.948root 11241100x8000000000000000414812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b8de0be1cb48e12021-12-21 10:43:48.948root 11241100x8000000000000000414813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6459979aaa9711382021-12-21 10:43:48.948root 11241100x8000000000000000414814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.743cff320f84fbfd2021-12-21 10:43:48.948root 11241100x8000000000000000414815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5e4c7c2c639ce8a2021-12-21 10:43:48.948root 11241100x8000000000000000414816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a764817d47f90f2021-12-21 10:43:48.949root 11241100x8000000000000000414817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a5f1f91366dbf02021-12-21 10:43:48.949root 11241100x8000000000000000414818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fbe421a2031b1db2021-12-21 10:43:48.949root 11241100x8000000000000000414819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d9feca27c19245c2021-12-21 10:43:48.949root 11241100x8000000000000000414820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc4be9288d4933b42021-12-21 10:43:48.949root 11241100x8000000000000000414821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.086bc109839e31c22021-12-21 10:43:48.949root 11241100x8000000000000000414822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99466ddfdefdaea32021-12-21 10:43:48.949root 11241100x8000000000000000414823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa164b2e24686912021-12-21 10:43:48.950root 11241100x8000000000000000414824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8c80acdbd247432021-12-21 10:43:48.950root 11241100x8000000000000000414825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c5dc487f60ed472021-12-21 10:43:48.950root 11241100x8000000000000000414826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b2b53f0e6dad0912021-12-21 10:43:48.950root 11241100x8000000000000000414827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.341739e94db333bc2021-12-21 10:43:48.950root 11241100x8000000000000000414828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc18fac89e8be232021-12-21 10:43:48.950root 11241100x8000000000000000414829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54314d6242d287c42021-12-21 10:43:48.951root 11241100x8000000000000000414830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae161c2b16cba1052021-12-21 10:43:48.951root 11241100x8000000000000000414831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:48.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e863bc0a0dba40b22021-12-21 10:43:48.951root 11241100x8000000000000000414832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbea19ccf5f8392e2021-12-21 10:43:49.443root 11241100x8000000000000000414833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c35675e9589c0a792021-12-21 10:43:49.443root 11241100x8000000000000000414834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fb462972b4a70dc2021-12-21 10:43:49.443root 11241100x8000000000000000414835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db439d4ffd8c38e2021-12-21 10:43:49.443root 11241100x8000000000000000414836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19d9e3e81faf28552021-12-21 10:43:49.443root 11241100x8000000000000000414837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f70e844f6488d9d2021-12-21 10:43:49.444root 11241100x8000000000000000414838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5837b03c931946f2021-12-21 10:43:49.444root 11241100x8000000000000000414839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a6ff09bb54b75962021-12-21 10:43:49.444root 11241100x8000000000000000414840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc68854e21a265a92021-12-21 10:43:49.444root 11241100x8000000000000000414841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3041c63abc6a4b2021-12-21 10:43:49.444root 11241100x8000000000000000414842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4debef537067a4a12021-12-21 10:43:49.444root 11241100x8000000000000000414843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc4a1d071908b012021-12-21 10:43:49.444root 11241100x8000000000000000414844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36619641763262202021-12-21 10:43:49.445root 11241100x8000000000000000414845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b55abe4c232057b2021-12-21 10:43:49.445root 11241100x8000000000000000414846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f84bead8c38ad6e62021-12-21 10:43:49.445root 11241100x8000000000000000414847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1fefdcce9b302912021-12-21 10:43:49.445root 11241100x8000000000000000414848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92deec6015cc48042021-12-21 10:43:49.445root 11241100x8000000000000000414849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d49196033f87392021-12-21 10:43:49.445root 11241100x8000000000000000414850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621cc808e03acb312021-12-21 10:43:49.446root 11241100x8000000000000000414851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a09e77eccee00e12021-12-21 10:43:49.446root 11241100x8000000000000000414852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d41a286536476a2021-12-21 10:43:49.446root 11241100x8000000000000000414853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93bf3c6f2cbcebce2021-12-21 10:43:49.446root 11241100x8000000000000000414854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec8ace1e0a810812021-12-21 10:43:49.446root 11241100x8000000000000000414855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b8ae869c4ea83f2021-12-21 10:43:49.446root 11241100x8000000000000000414856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7af4d792ce2bec2021-12-21 10:43:49.446root 11241100x8000000000000000414857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e9aab7f0544e84f2021-12-21 10:43:49.446root 11241100x8000000000000000414858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d42dfc6c5324bf142021-12-21 10:43:49.446root 11241100x8000000000000000414859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7024d0ec1c487e642021-12-21 10:43:49.447root 11241100x8000000000000000414860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b423c85c068ef9c32021-12-21 10:43:49.447root 11241100x8000000000000000414861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeeaff7c22f6da3e2021-12-21 10:43:49.447root 11241100x8000000000000000414862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e4c89e932db31a2021-12-21 10:43:49.447root 11241100x8000000000000000414863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4cca195c1fdeb542021-12-21 10:43:49.447root 11241100x8000000000000000414864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b40ce6fd2997903c2021-12-21 10:43:49.447root 11241100x8000000000000000414865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc6ffeeef45089da2021-12-21 10:43:49.447root 11241100x8000000000000000414866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99a96e9b26727bb2021-12-21 10:43:49.447root 11241100x8000000000000000414867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcbac68916783f1e2021-12-21 10:43:49.447root 11241100x8000000000000000414868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00ee2b3564fe9b982021-12-21 10:43:49.447root 11241100x8000000000000000414869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b532ab4d459c1182021-12-21 10:43:49.447root 11241100x8000000000000000414870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6208eaf51ad8b6512021-12-21 10:43:49.447root 11241100x8000000000000000414871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c98e69d6b6010172021-12-21 10:43:49.448root 11241100x8000000000000000414872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd3da428f63c48d2021-12-21 10:43:49.448root 11241100x8000000000000000414873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5749ac34b14751092021-12-21 10:43:49.448root 11241100x8000000000000000414874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2c9a982b3ed2b7a2021-12-21 10:43:49.448root 11241100x8000000000000000414875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32cfceb35b9a1a3e2021-12-21 10:43:49.448root 11241100x8000000000000000414876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.622a61d2b9ceedc42021-12-21 10:43:49.448root 11241100x8000000000000000414877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e75132f6830a6f2021-12-21 10:43:49.448root 11241100x8000000000000000414878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e9e28b1a4904a02021-12-21 10:43:49.448root 11241100x8000000000000000414879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5cb97d6b3cf52e2021-12-21 10:43:49.448root 11241100x8000000000000000414880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccfb1d7a4f1813782021-12-21 10:43:49.448root 11241100x8000000000000000414881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d895a0d1a530482021-12-21 10:43:49.448root 11241100x8000000000000000414882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32496eb819f0f89e2021-12-21 10:43:49.943root 11241100x8000000000000000414883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f16a593dae4d3b802021-12-21 10:43:49.944root 11241100x8000000000000000414884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c291c6027168072021-12-21 10:43:49.944root 11241100x8000000000000000414885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a9132279a58d4af2021-12-21 10:43:49.945root 11241100x8000000000000000414886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.526b5a74a085de712021-12-21 10:43:49.945root 11241100x8000000000000000414887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d7e02b44b0a4932021-12-21 10:43:49.945root 11241100x8000000000000000414888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b982425447eb958d2021-12-21 10:43:49.946root 11241100x8000000000000000414889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.662f99697b5985962021-12-21 10:43:49.946root 11241100x8000000000000000414890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdbfcba1ed6e6a1b2021-12-21 10:43:49.946root 11241100x8000000000000000414891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb12d7d6ec3d2322021-12-21 10:43:49.946root 11241100x8000000000000000414892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e612a3f444d2a82021-12-21 10:43:49.946root 11241100x8000000000000000414893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d205959d38b5be72021-12-21 10:43:49.948root 11241100x8000000000000000414894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d334e57eaa5e6ff2021-12-21 10:43:49.948root 11241100x8000000000000000414895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1292cad35832ffd2021-12-21 10:43:49.948root 11241100x8000000000000000414896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.399a19a66e39c7e22021-12-21 10:43:49.948root 11241100x8000000000000000414897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fea36cdb93886c02021-12-21 10:43:49.949root 11241100x8000000000000000414898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b6758a0a0abcf12021-12-21 10:43:49.949root 11241100x8000000000000000414899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03aa4fcea72311db2021-12-21 10:43:49.949root 11241100x8000000000000000414900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1362be1bb2065a092021-12-21 10:43:49.950root 11241100x8000000000000000414901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe35155f8f0e0e32021-12-21 10:43:49.950root 11241100x8000000000000000414902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d4340e7dac31d12021-12-21 10:43:49.951root 11241100x8000000000000000414903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.543d9db87d4291552021-12-21 10:43:49.952root 11241100x8000000000000000414904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d0b663a2638dcb2021-12-21 10:43:49.954root 11241100x8000000000000000414905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d02b20fad0fe20782021-12-21 10:43:49.954root 11241100x8000000000000000414906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b7bf308f3b3ff3f2021-12-21 10:43:49.955root 11241100x8000000000000000414907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f68de25f06f39aa82021-12-21 10:43:49.955root 11241100x8000000000000000414908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.492367a6e96df76e2021-12-21 10:43:49.955root 11241100x8000000000000000414909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb58569561ff2f8f2021-12-21 10:43:49.955root 11241100x8000000000000000414910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b53dc430e716c102021-12-21 10:43:49.955root 11241100x8000000000000000414911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3ad509b93bddda52021-12-21 10:43:49.956root 11241100x8000000000000000414912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9076d6265728150e2021-12-21 10:43:49.956root 11241100x8000000000000000414913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f0d35c28eadb152021-12-21 10:43:49.956root 11241100x8000000000000000414914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b3ec80c6e50c1d2021-12-21 10:43:49.956root 11241100x8000000000000000414915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.defcfa61d1d68e8e2021-12-21 10:43:49.957root 11241100x8000000000000000414916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.652d132d15280ca72021-12-21 10:43:49.957root 11241100x8000000000000000414917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62c412dbc45cb76f2021-12-21 10:43:49.957root 11241100x8000000000000000414918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb504ba070b662ca2021-12-21 10:43:49.957root 11241100x8000000000000000414919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:49.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d71d4b6d2c6acb42021-12-21 10:43:49.957root 354300x8000000000000000414920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.169{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47518-false10.0.1.12-8000- 11241100x8000000000000000414921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae133bf1aff8aaa2021-12-21 10:43:50.443root 11241100x8000000000000000414922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e2a7c787df14f9d2021-12-21 10:43:50.443root 11241100x8000000000000000414923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb27c7fb4a4ad1c72021-12-21 10:43:50.443root 11241100x8000000000000000414924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44112b44d50bff172021-12-21 10:43:50.443root 11241100x8000000000000000414925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.606c0591a191665a2021-12-21 10:43:50.443root 11241100x8000000000000000414926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20340d9d7e23685e2021-12-21 10:43:50.443root 11241100x8000000000000000414927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08174b35b3834bcd2021-12-21 10:43:50.443root 11241100x8000000000000000414928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a7b67dacc1430312021-12-21 10:43:50.443root 11241100x8000000000000000414929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55284f4a8d9cf62d2021-12-21 10:43:50.443root 11241100x8000000000000000414930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.584fc2ee756463df2021-12-21 10:43:50.444root 11241100x8000000000000000414931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82564c0bb3a85e992021-12-21 10:43:50.444root 11241100x8000000000000000414932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd7604d8f2c50e12021-12-21 10:43:50.444root 11241100x8000000000000000414933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc6409e8fd31f5b82021-12-21 10:43:50.444root 11241100x8000000000000000414934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b99a7d02aacb1742021-12-21 10:43:50.444root 11241100x8000000000000000414935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0626bd5fd1e5a5fb2021-12-21 10:43:50.444root 11241100x8000000000000000414936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2c82917b3a5c9d02021-12-21 10:43:50.444root 11241100x8000000000000000414937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c27bf9206d67c4ee2021-12-21 10:43:50.444root 11241100x8000000000000000414938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.313d193bfae76ccc2021-12-21 10:43:50.445root 11241100x8000000000000000414939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3905edf2559c9032021-12-21 10:43:50.445root 11241100x8000000000000000414940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2111af4d0f3448c82021-12-21 10:43:50.445root 11241100x8000000000000000414941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93bc9caf53b1d2212021-12-21 10:43:50.445root 11241100x8000000000000000414942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81c32e28987802e72021-12-21 10:43:50.445root 11241100x8000000000000000414943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b0c711978d54bfa2021-12-21 10:43:50.445root 11241100x8000000000000000414944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83518241e5bb28aa2021-12-21 10:43:50.446root 11241100x8000000000000000414945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d50cbff3c50e562021-12-21 10:43:50.446root 11241100x8000000000000000414946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f530ef0f4695b4d2021-12-21 10:43:50.446root 11241100x8000000000000000414947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4da8629438c1ef92021-12-21 10:43:50.446root 11241100x8000000000000000414948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bdea89e4efdffa02021-12-21 10:43:50.446root 11241100x8000000000000000414949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80755e08a29ed1722021-12-21 10:43:50.446root 11241100x8000000000000000414950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f6a47c40eb32e22021-12-21 10:43:50.446root 11241100x8000000000000000414951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cea04122ca6722b22021-12-21 10:43:50.447root 11241100x8000000000000000414952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a163757a7b4b30192021-12-21 10:43:50.447root 11241100x8000000000000000414953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d62040cb80d788932021-12-21 10:43:50.447root 11241100x8000000000000000414954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.895a4f2b1bfffad12021-12-21 10:43:50.448root 11241100x8000000000000000414955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a390aa4cd9953d2021-12-21 10:43:50.448root 11241100x8000000000000000414956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ecabb717141a3682021-12-21 10:43:50.448root 11241100x8000000000000000414957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2451a64812ce881b2021-12-21 10:43:50.448root 11241100x8000000000000000414958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb7cbcadde0f1b0d2021-12-21 10:43:50.448root 11241100x8000000000000000414959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b180bb5f216b9aa2021-12-21 10:43:50.448root 11241100x8000000000000000414960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f9070f39c25effc2021-12-21 10:43:50.448root 11241100x8000000000000000414961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3ef0e31e105a1072021-12-21 10:43:50.448root 11241100x8000000000000000414962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab2f7b30b93613f2021-12-21 10:43:50.943root 11241100x8000000000000000414963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d083a6012662a2d2021-12-21 10:43:50.943root 11241100x8000000000000000414964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f51e0658f56c5232021-12-21 10:43:50.943root 11241100x8000000000000000414965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e8f08a065a67f12021-12-21 10:43:50.943root 11241100x8000000000000000414966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3230e4cc93d790e22021-12-21 10:43:50.943root 11241100x8000000000000000414967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13b9d66ba4158d732021-12-21 10:43:50.944root 11241100x8000000000000000414968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79f151d077760afc2021-12-21 10:43:50.944root 11241100x8000000000000000414969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0869c00708a7cfc32021-12-21 10:43:50.944root 11241100x8000000000000000414970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db96b3a3697282ca2021-12-21 10:43:50.944root 11241100x8000000000000000414971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef87af8e301065f2021-12-21 10:43:50.944root 11241100x8000000000000000414972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f463336bcfd302142021-12-21 10:43:50.944root 11241100x8000000000000000414973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3348c732473f3e4d2021-12-21 10:43:50.944root 11241100x8000000000000000414974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a42748ca1a6d93c2021-12-21 10:43:50.944root 11241100x8000000000000000414975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c154533fc38794202021-12-21 10:43:50.944root 11241100x8000000000000000414976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b20f3e6455577582021-12-21 10:43:50.945root 11241100x8000000000000000414977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba964a402a45d4d2021-12-21 10:43:50.945root 11241100x8000000000000000414978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a2f0abacf48484a2021-12-21 10:43:50.945root 11241100x8000000000000000414979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.901f2e705a8b98d12021-12-21 10:43:50.945root 11241100x8000000000000000414980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7449e1375eefa6bf2021-12-21 10:43:50.945root 11241100x8000000000000000414981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a89321415d27ab192021-12-21 10:43:50.945root 11241100x8000000000000000414982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2961b63871d55e622021-12-21 10:43:50.945root 11241100x8000000000000000414983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea20e47f89fd3daf2021-12-21 10:43:50.945root 11241100x8000000000000000414984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b651d2f163a46b2021-12-21 10:43:50.945root 11241100x8000000000000000414985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a032067bb15c98672021-12-21 10:43:50.945root 11241100x8000000000000000414986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fafab1b872828902021-12-21 10:43:50.946root 11241100x8000000000000000414987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc53d8f743ac4762021-12-21 10:43:50.946root 11241100x8000000000000000414988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0ee38e77f429532021-12-21 10:43:50.946root 11241100x8000000000000000414989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a0d94846fe035772021-12-21 10:43:50.946root 11241100x8000000000000000414990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37fd1c107a5d1fcd2021-12-21 10:43:50.946root 11241100x8000000000000000414991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b80472992e52383b2021-12-21 10:43:50.946root 11241100x8000000000000000414992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e337940a6210e22021-12-21 10:43:50.946root 11241100x8000000000000000414993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a9d632e1469c682021-12-21 10:43:50.947root 11241100x8000000000000000414994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce3ba90fd7de8662021-12-21 10:43:50.947root 11241100x8000000000000000414995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.443ca651443ae7b02021-12-21 10:43:50.947root 11241100x8000000000000000414996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98d178760f1d8d342021-12-21 10:43:50.947root 11241100x8000000000000000414997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.229b242f5bdc84442021-12-21 10:43:50.947root 11241100x8000000000000000414998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d56210bfd3ffe7bb2021-12-21 10:43:50.947root 11241100x8000000000000000414999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da41478582e434472021-12-21 10:43:50.947root 11241100x8000000000000000415000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46fa6ae1b643ef8d2021-12-21 10:43:50.947root 11241100x8000000000000000415001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.049c7da6e6b6efb22021-12-21 10:43:50.947root 11241100x8000000000000000415002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd4c3aa58e1ca5492021-12-21 10:43:50.947root 11241100x8000000000000000415003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c78903db15775022021-12-21 10:43:50.947root 11241100x8000000000000000415004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:50.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c7280d53fb762d02021-12-21 10:43:50.948root 11241100x8000000000000000415005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7ffebc8b63ab5212021-12-21 10:43:51.443root 11241100x8000000000000000415006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b053b49cbee106ed2021-12-21 10:43:51.443root 11241100x8000000000000000415007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e0902e8ed7e41d2021-12-21 10:43:51.443root 11241100x8000000000000000415008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e4345f52ceb72d2021-12-21 10:43:51.443root 11241100x8000000000000000415009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67eb58fdcee9cdf72021-12-21 10:43:51.444root 11241100x8000000000000000415010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.234291aed55d5cc92021-12-21 10:43:51.444root 11241100x8000000000000000415011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f5262433841fbea2021-12-21 10:43:51.444root 11241100x8000000000000000415012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc9433426f74a9f92021-12-21 10:43:51.444root 11241100x8000000000000000415013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe4380158c4180102021-12-21 10:43:51.444root 11241100x8000000000000000415014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e52df8d13ca101402021-12-21 10:43:51.444root 11241100x8000000000000000415015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7148881fcf1787192021-12-21 10:43:51.444root 11241100x8000000000000000415016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a68c46fa62f61ca72021-12-21 10:43:51.444root 11241100x8000000000000000415017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c9af5662ed63ff2021-12-21 10:43:51.444root 11241100x8000000000000000415018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.432cf0eef8ed918e2021-12-21 10:43:51.444root 11241100x8000000000000000415019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c54aa5ca215256da2021-12-21 10:43:51.444root 11241100x8000000000000000415020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9d78410bf3debb92021-12-21 10:43:51.444root 11241100x8000000000000000415021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea811641750074a12021-12-21 10:43:51.444root 11241100x8000000000000000415022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f80486331460c12021-12-21 10:43:51.445root 11241100x8000000000000000415023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f2d8900e38ca2612021-12-21 10:43:51.445root 11241100x8000000000000000415024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2425e0a9b86f0dc22021-12-21 10:43:51.445root 11241100x8000000000000000415025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a259935e9d919dfb2021-12-21 10:43:51.445root 11241100x8000000000000000415026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b102cd88f7991b542021-12-21 10:43:51.445root 11241100x8000000000000000415027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8011c9953fb7b39b2021-12-21 10:43:51.445root 11241100x8000000000000000415028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7affdd571b6dc7e82021-12-21 10:43:51.445root 11241100x8000000000000000415029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca980a73e2dabcf2021-12-21 10:43:51.445root 11241100x8000000000000000415030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef09cb0d8ee0d952021-12-21 10:43:51.445root 11241100x8000000000000000415031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cd4b87b9cf77d662021-12-21 10:43:51.445root 11241100x8000000000000000415032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef8ecbb0fc760c512021-12-21 10:43:51.446root 11241100x8000000000000000415033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab85b4ce68cdea832021-12-21 10:43:51.446root 11241100x8000000000000000415034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f4d85518cdd4682021-12-21 10:43:51.446root 11241100x8000000000000000415035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200940ece043eec22021-12-21 10:43:51.446root 11241100x8000000000000000415036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b10771c6f3ca63b2021-12-21 10:43:51.446root 11241100x8000000000000000415037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.484f9f6ed068b4812021-12-21 10:43:51.446root 11241100x8000000000000000415038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebe6e86feb3d98eb2021-12-21 10:43:51.446root 11241100x8000000000000000415039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2356a592142000a2021-12-21 10:43:51.446root 11241100x8000000000000000415040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d1424a486fa83e32021-12-21 10:43:51.446root 11241100x8000000000000000415041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29d4e7b1e9f7f1a52021-12-21 10:43:51.446root 11241100x8000000000000000415042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d021d0f9c128312021-12-21 10:43:51.447root 11241100x8000000000000000415043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0917f69dc007c0062021-12-21 10:43:51.447root 11241100x8000000000000000415044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe16150dbba81f872021-12-21 10:43:51.447root 11241100x8000000000000000415045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30bdf25c795873ce2021-12-21 10:43:51.447root 11241100x8000000000000000415046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b70ee1ed9e384b622021-12-21 10:43:51.447root 11241100x8000000000000000415047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e4e42e3305e4aa2021-12-21 10:43:51.447root 11241100x8000000000000000415048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0299bf3d703ee9fb2021-12-21 10:43:51.447root 11241100x8000000000000000415049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e312e76c6941802021-12-21 10:43:51.943root 11241100x8000000000000000415050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0933c981bd02fe42021-12-21 10:43:51.943root 11241100x8000000000000000415051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a9a00876725fc212021-12-21 10:43:51.944root 11241100x8000000000000000415052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd2c2c3a17089022021-12-21 10:43:51.944root 11241100x8000000000000000415053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58272ba8dd988b1a2021-12-21 10:43:51.944root 11241100x8000000000000000415054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a000405a7b4d29752021-12-21 10:43:51.944root 11241100x8000000000000000415055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5078e02da9b1f752021-12-21 10:43:51.944root 11241100x8000000000000000415056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b8623d5b67e4e32021-12-21 10:43:51.944root 11241100x8000000000000000415057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d9d711180cbb32c2021-12-21 10:43:51.944root 11241100x8000000000000000415058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6b8dfb55b5d1e2d2021-12-21 10:43:51.944root 11241100x8000000000000000415059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a40305dd011eda2021-12-21 10:43:51.944root 11241100x8000000000000000415060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b89c8336bd125e82021-12-21 10:43:51.944root 11241100x8000000000000000415061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d9687aeb6532f22021-12-21 10:43:51.944root 11241100x8000000000000000415062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48a7d60fd54b4d492021-12-21 10:43:51.945root 11241100x8000000000000000415063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cac9746505e4a3b2021-12-21 10:43:51.945root 11241100x8000000000000000415064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.898f694cd81039252021-12-21 10:43:51.945root 11241100x8000000000000000415065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33215766c58187ef2021-12-21 10:43:51.945root 11241100x8000000000000000415066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5018f292fc4a55cf2021-12-21 10:43:51.946root 11241100x8000000000000000415067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.234e13f7106ed6952021-12-21 10:43:51.946root 11241100x8000000000000000415068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9cce737dcb1c8172021-12-21 10:43:51.946root 11241100x8000000000000000415069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd38b3c793cff1c32021-12-21 10:43:51.946root 11241100x8000000000000000415070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3a2d2fbc240f8082021-12-21 10:43:51.946root 11241100x8000000000000000415071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f29299ff3555dd2021-12-21 10:43:51.946root 11241100x8000000000000000415072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f5ff310c7491b9b2021-12-21 10:43:51.947root 11241100x8000000000000000415073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ffdbe2970c945eb2021-12-21 10:43:51.947root 11241100x8000000000000000415074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07b2a7056e1c59dc2021-12-21 10:43:51.947root 11241100x8000000000000000415075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb11062897c1b8b92021-12-21 10:43:51.947root 11241100x8000000000000000415076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.147723e123484e852021-12-21 10:43:51.947root 11241100x8000000000000000415077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ced66db9ab11a652021-12-21 10:43:51.947root 11241100x8000000000000000415078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9cf3d7fab7bc452021-12-21 10:43:51.947root 11241100x8000000000000000415079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa3caa61389d43df2021-12-21 10:43:51.947root 11241100x8000000000000000415080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.243459953b0fb7f82021-12-21 10:43:51.947root 11241100x8000000000000000415081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d35272e55b0123b2021-12-21 10:43:51.947root 11241100x8000000000000000415082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76cf0c40d303c6d92021-12-21 10:43:51.947root 11241100x8000000000000000415083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ad9f5324f5310ed2021-12-21 10:43:51.948root 11241100x8000000000000000415084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e204b9fa0d35ce9f2021-12-21 10:43:51.948root 11241100x8000000000000000415085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b83902dd9cadf83a2021-12-21 10:43:51.948root 11241100x8000000000000000415086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:51.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4861e3e7a96a59d42021-12-21 10:43:51.948root 11241100x8000000000000000415087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b466ac0cc9c8d4f2021-12-21 10:43:52.443root 11241100x8000000000000000415088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1683b8d5c4dd6ee32021-12-21 10:43:52.443root 11241100x8000000000000000415089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20596c81c58e4f112021-12-21 10:43:52.444root 11241100x8000000000000000415090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5278ffbdf73981942021-12-21 10:43:52.444root 11241100x8000000000000000415091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0c3cb871f585082021-12-21 10:43:52.444root 11241100x8000000000000000415092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7383377deb285942021-12-21 10:43:52.444root 11241100x8000000000000000415093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bce91f337a295652021-12-21 10:43:52.444root 11241100x8000000000000000415094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd8c7a6b40c0c842021-12-21 10:43:52.444root 11241100x8000000000000000415095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0cccedeefa7abca2021-12-21 10:43:52.444root 11241100x8000000000000000415096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db432d31531bd582021-12-21 10:43:52.444root 11241100x8000000000000000415097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b21c88237d09bd902021-12-21 10:43:52.445root 11241100x8000000000000000415098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b72d8ef4968b8dc32021-12-21 10:43:52.445root 11241100x8000000000000000415099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4322df9d5be9cff2021-12-21 10:43:52.445root 11241100x8000000000000000415100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee2f7b510196f1092021-12-21 10:43:52.445root 11241100x8000000000000000415101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65e383d8c33a97052021-12-21 10:43:52.445root 11241100x8000000000000000415102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e102aa772a18542021-12-21 10:43:52.445root 11241100x8000000000000000415103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f19c29f4a88969442021-12-21 10:43:52.445root 11241100x8000000000000000415104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b59115bf3e1005d52021-12-21 10:43:52.445root 11241100x8000000000000000415105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.383a31b487eeff262021-12-21 10:43:52.445root 11241100x8000000000000000415106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28d3a63d6cc4c4b2021-12-21 10:43:52.445root 11241100x8000000000000000415107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed3531642697c3bf2021-12-21 10:43:52.446root 11241100x8000000000000000415108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a6e8db62ca7c072021-12-21 10:43:52.446root 11241100x8000000000000000415109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.137a55597fd7aa722021-12-21 10:43:52.446root 11241100x8000000000000000415110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7508c075c412198c2021-12-21 10:43:52.446root 11241100x8000000000000000415111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600ab1071b1600702021-12-21 10:43:52.446root 11241100x8000000000000000415112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.761c4dd8debbaa4a2021-12-21 10:43:52.447root 11241100x8000000000000000415113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.385a8306a271752a2021-12-21 10:43:52.447root 11241100x8000000000000000415114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55edf8466058e9772021-12-21 10:43:52.447root 11241100x8000000000000000415115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77cd7570eb8af3dc2021-12-21 10:43:52.447root 11241100x8000000000000000415116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab6db0527645ea312021-12-21 10:43:52.447root 11241100x8000000000000000415117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd3c4ffd87cc19c2021-12-21 10:43:52.447root 11241100x8000000000000000415118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34292e992c3988592021-12-21 10:43:52.447root 11241100x8000000000000000415119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daae6c72a58840ec2021-12-21 10:43:52.448root 11241100x8000000000000000415120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a8c0486479099e92021-12-21 10:43:52.448root 11241100x8000000000000000415121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9a53738876a7b662021-12-21 10:43:52.448root 11241100x8000000000000000415122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0663785633a394cf2021-12-21 10:43:52.448root 11241100x8000000000000000415123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.174d13fbc35f865a2021-12-21 10:43:52.448root 11241100x8000000000000000415124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.309f3959401fb4db2021-12-21 10:43:52.448root 11241100x8000000000000000415125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626700e18da9c38f2021-12-21 10:43:52.449root 11241100x8000000000000000415126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.271e53d392d01f6e2021-12-21 10:43:52.449root 11241100x8000000000000000415127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c205a4a953e2142021-12-21 10:43:52.449root 11241100x8000000000000000415128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52fcf9327c6e73402021-12-21 10:43:52.449root 11241100x8000000000000000415129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6917e496630a28832021-12-21 10:43:52.449root 11241100x8000000000000000415130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.275ef1b60fde184d2021-12-21 10:43:52.450root 11241100x8000000000000000415131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.449956e2ceb4058a2021-12-21 10:43:52.943root 11241100x8000000000000000415132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf77fc1ecca7647a2021-12-21 10:43:52.943root 11241100x8000000000000000415133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031684ff4577d4f32021-12-21 10:43:52.943root 11241100x8000000000000000415134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.561e238a1759d1702021-12-21 10:43:52.943root 11241100x8000000000000000415135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e18b9f7e625d6d02021-12-21 10:43:52.943root 11241100x8000000000000000415136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c458a96c72a01a652021-12-21 10:43:52.944root 11241100x8000000000000000415137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c165b91ba0a5472021-12-21 10:43:52.944root 11241100x8000000000000000415138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.855711fb3f16c58a2021-12-21 10:43:52.944root 11241100x8000000000000000415139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1daa2abdf26b787b2021-12-21 10:43:52.944root 11241100x8000000000000000415140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b103aafd5540d8622021-12-21 10:43:52.944root 11241100x8000000000000000415141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba5f78e59cad75b92021-12-21 10:43:52.944root 11241100x8000000000000000415142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f696bcfa8f2218c2021-12-21 10:43:52.944root 11241100x8000000000000000415143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dcdfa42ba5ed7782021-12-21 10:43:52.944root 11241100x8000000000000000415144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb625412e4ecf2302021-12-21 10:43:52.944root 11241100x8000000000000000415145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1db5d6759cb670e2021-12-21 10:43:52.945root 11241100x8000000000000000415146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f21fdb1283269f2021-12-21 10:43:52.945root 11241100x8000000000000000415147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e1ad840467813a2021-12-21 10:43:52.945root 11241100x8000000000000000415148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02821ee8c4a2c8ca2021-12-21 10:43:52.945root 11241100x8000000000000000415149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33c48de8f833da282021-12-21 10:43:52.945root 11241100x8000000000000000415150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f489416cfce4b652021-12-21 10:43:52.945root 11241100x8000000000000000415151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0a6ce8cf2a7c812021-12-21 10:43:52.945root 11241100x8000000000000000415152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69eace7c81580bf62021-12-21 10:43:52.945root 11241100x8000000000000000415153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4b6dac24b4ed21b2021-12-21 10:43:52.945root 11241100x8000000000000000415154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aabcf8b79e83e7b32021-12-21 10:43:52.945root 11241100x8000000000000000415155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff7a06de367250f2021-12-21 10:43:52.946root 11241100x8000000000000000415156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ecf3ebb6bb7c6712021-12-21 10:43:52.946root 11241100x8000000000000000415157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c990c295f5291f2021-12-21 10:43:52.946root 11241100x8000000000000000415158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.174f021abe1e134a2021-12-21 10:43:52.946root 11241100x8000000000000000415159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f9a3b54bf517102021-12-21 10:43:52.946root 11241100x8000000000000000415160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b040e5374001202021-12-21 10:43:52.946root 11241100x8000000000000000415161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1a07e529e7e75d22021-12-21 10:43:52.946root 11241100x8000000000000000415162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fcad110fa5a59782021-12-21 10:43:52.946root 11241100x8000000000000000415163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f438fa98edb1d76c2021-12-21 10:43:52.946root 11241100x8000000000000000415164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3cb165dc5ca67072021-12-21 10:43:52.946root 11241100x8000000000000000415165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7463299ce62b5082021-12-21 10:43:52.947root 11241100x8000000000000000415166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d69a88b4c08fa3d2021-12-21 10:43:52.947root 11241100x8000000000000000415167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a60144d9a4fa16b62021-12-21 10:43:52.947root 11241100x8000000000000000415168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.920132bf79959b672021-12-21 10:43:52.948root 11241100x8000000000000000415169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c3c8f355beab47e2021-12-21 10:43:52.948root 11241100x8000000000000000415170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b485ed85f7e2f02021-12-21 10:43:52.948root 11241100x8000000000000000415171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f14e3c3ac7c1cb722021-12-21 10:43:52.948root 11241100x8000000000000000415172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b6dbecbf1ecf792021-12-21 10:43:52.948root 11241100x8000000000000000415173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.086c8a8a633a1e6a2021-12-21 10:43:52.948root 11241100x8000000000000000415174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b87922c985895af2021-12-21 10:43:52.948root 11241100x8000000000000000415175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd75652c69aaa512021-12-21 10:43:52.948root 11241100x8000000000000000415176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c54cdee0e260362021-12-21 10:43:52.948root 11241100x8000000000000000415177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32dedd26fff0a6862021-12-21 10:43:52.949root 11241100x8000000000000000415178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e77d8fc969f1492021-12-21 10:43:52.949root 11241100x8000000000000000415179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67646dd716bc55a82021-12-21 10:43:52.949root 11241100x8000000000000000415180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb7d648385bd6882021-12-21 10:43:52.949root 11241100x8000000000000000415181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.807d3fb0d478bb0a2021-12-21 10:43:52.949root 11241100x8000000000000000415182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e473040c81bbe2252021-12-21 10:43:52.949root 11241100x8000000000000000415183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf1418518a2278012021-12-21 10:43:52.949root 11241100x8000000000000000415184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6930a8e873185f52021-12-21 10:43:52.949root 11241100x8000000000000000415185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c715f0f9c3c13b2021-12-21 10:43:52.950root 11241100x8000000000000000415186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bad656f70729b87a2021-12-21 10:43:52.950root 11241100x8000000000000000415187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f71057279f886c2021-12-21 10:43:52.950root 11241100x8000000000000000415188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0123bfdc0908d7982021-12-21 10:43:52.950root 11241100x8000000000000000415189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05408360ac5105b42021-12-21 10:43:52.950root 11241100x8000000000000000415190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc767792b0e9b992021-12-21 10:43:52.950root 11241100x8000000000000000415191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1969b3e74b57bdf2021-12-21 10:43:52.950root 11241100x8000000000000000415192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38812017bb93f3a12021-12-21 10:43:52.950root 11241100x8000000000000000415193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d37ba732ed421112021-12-21 10:43:52.951root 11241100x8000000000000000415194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b851f9702fffb042021-12-21 10:43:52.951root 11241100x8000000000000000415195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c56ca08fa086ab2021-12-21 10:43:52.951root 11241100x8000000000000000415196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e87efaeb9ddc5182021-12-21 10:43:52.951root 11241100x8000000000000000415197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da8f3c4b61424a92021-12-21 10:43:52.951root 11241100x8000000000000000415198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71fa6d4acf1c7c392021-12-21 10:43:52.951root 11241100x8000000000000000415199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf73e302590ffc02021-12-21 10:43:52.951root 11241100x8000000000000000415200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91adacb49569c9362021-12-21 10:43:52.951root 11241100x8000000000000000415201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11362cf45a9a28d62021-12-21 10:43:52.951root 11241100x8000000000000000415202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.804b8a7b7962c3e82021-12-21 10:43:52.951root 11241100x8000000000000000415203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f0b4ef8ed8b2e4b2021-12-21 10:43:52.952root 11241100x8000000000000000415204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.234d98d30a2fb8532021-12-21 10:43:52.952root 11241100x8000000000000000415205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:52.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf14114748e136102021-12-21 10:43:52.952root 11241100x8000000000000000415206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd70345f9396117b2021-12-21 10:43:53.443root 11241100x8000000000000000415207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27fcf5923c3a224f2021-12-21 10:43:53.443root 11241100x8000000000000000415208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c3a14f3c85d79932021-12-21 10:43:53.443root 11241100x8000000000000000415209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.629ded112da5aebf2021-12-21 10:43:53.443root 11241100x8000000000000000415210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b384f9e3182114e2021-12-21 10:43:53.443root 11241100x8000000000000000415211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2210cddb80e4ad5c2021-12-21 10:43:53.444root 11241100x8000000000000000415212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b926ca588746bd2021-12-21 10:43:53.444root 11241100x8000000000000000415213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.640a958e0b4872a62021-12-21 10:43:53.444root 11241100x8000000000000000415214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f096ca3d67ce968c2021-12-21 10:43:53.444root 11241100x8000000000000000415215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ab85ee8740ab72b2021-12-21 10:43:53.444root 11241100x8000000000000000415216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5a22a64f19e3b82021-12-21 10:43:53.444root 11241100x8000000000000000415217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b3db3dbfcf81772021-12-21 10:43:53.444root 11241100x8000000000000000415218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a95326889b8e8db2021-12-21 10:43:53.444root 11241100x8000000000000000415219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81376d073eae308b2021-12-21 10:43:53.444root 11241100x8000000000000000415220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e49e761309a517ac2021-12-21 10:43:53.445root 11241100x8000000000000000415221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfcf464d84ecd2902021-12-21 10:43:53.445root 11241100x8000000000000000415222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e26ba82dc75e3c2021-12-21 10:43:53.445root 11241100x8000000000000000415223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d33980223dc7c42021-12-21 10:43:53.445root 11241100x8000000000000000415224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f08b68e884570b2021-12-21 10:43:53.445root 11241100x8000000000000000415225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc0f42f16a8840c2021-12-21 10:43:53.445root 11241100x8000000000000000415226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0af32938c2a09e32021-12-21 10:43:53.445root 11241100x8000000000000000415227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43ce79d120fd48a82021-12-21 10:43:53.445root 11241100x8000000000000000415228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e386dba2515120e2021-12-21 10:43:53.445root 11241100x8000000000000000415229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fb9c4c7183b1c452021-12-21 10:43:53.445root 11241100x8000000000000000415230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85a47e2c5500137b2021-12-21 10:43:53.445root 11241100x8000000000000000415231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.379b6026ae76130b2021-12-21 10:43:53.445root 11241100x8000000000000000415232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da9cc4a7ba8e83bf2021-12-21 10:43:53.446root 11241100x8000000000000000415233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128c844391a7fdb42021-12-21 10:43:53.446root 11241100x8000000000000000415234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a80f464f2f4883842021-12-21 10:43:53.446root 11241100x8000000000000000415235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd5008281ff5b4a2021-12-21 10:43:53.446root 11241100x8000000000000000415236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6b67e5de04706602021-12-21 10:43:53.446root 11241100x8000000000000000415237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78bbc00ba83264382021-12-21 10:43:53.446root 11241100x8000000000000000415238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5118b47952903f1b2021-12-21 10:43:53.446root 11241100x8000000000000000415239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc83337da8528fc32021-12-21 10:43:53.446root 11241100x8000000000000000415240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a57589a3b593c12021-12-21 10:43:53.446root 11241100x8000000000000000415241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c880d5ea8fe6cd2021-12-21 10:43:53.446root 11241100x8000000000000000415242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9964bb7799a85d2021-12-21 10:43:53.446root 11241100x8000000000000000415243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a749472f1d87062021-12-21 10:43:53.447root 11241100x8000000000000000415244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec1cf35f3f876d32021-12-21 10:43:53.447root 11241100x8000000000000000415245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d73f59e2e9d6152021-12-21 10:43:53.448root 11241100x8000000000000000415246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8f6f0769e1d994d2021-12-21 10:43:53.448root 11241100x8000000000000000415247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de7c92eca3af99f72021-12-21 10:43:53.448root 11241100x8000000000000000415248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f70f1f3af23ee0822021-12-21 10:43:53.448root 11241100x8000000000000000415249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8416df859fcaacb72021-12-21 10:43:53.448root 11241100x8000000000000000415250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.580bc55830d4bd622021-12-21 10:43:53.448root 11241100x8000000000000000415251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.397926225a182ddd2021-12-21 10:43:53.448root 11241100x8000000000000000415252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62be34ac02333ad82021-12-21 10:43:53.448root 11241100x8000000000000000415253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb5c8d54b5e26be62021-12-21 10:43:53.449root 11241100x8000000000000000415254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4b20bc78df3cc302021-12-21 10:43:53.449root 11241100x8000000000000000415255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.314a50dedcf6ce112021-12-21 10:43:53.449root 11241100x8000000000000000415256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22db9626f0543ce2021-12-21 10:43:53.449root 11241100x8000000000000000415257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8b765809ca5cd282021-12-21 10:43:53.449root 11241100x8000000000000000415258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ef325605edf945a2021-12-21 10:43:53.449root 11241100x8000000000000000415259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.792b5aa2c09a46cb2021-12-21 10:43:53.449root 11241100x8000000000000000415260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a69d610bd80f34362021-12-21 10:43:53.449root 11241100x8000000000000000415261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc36747b6a8f23302021-12-21 10:43:53.449root 11241100x8000000000000000415262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f8e5741e03c59e22021-12-21 10:43:53.449root 11241100x8000000000000000415263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1415dfed697b8af72021-12-21 10:43:53.449root 11241100x8000000000000000415264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c210d19bce549c612021-12-21 10:43:53.449root 11241100x8000000000000000415265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7822a3145ea0ecfa2021-12-21 10:43:53.449root 11241100x8000000000000000415266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c8723eef2390c882021-12-21 10:43:53.943root 11241100x8000000000000000415267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5bc4fbaba59d442021-12-21 10:43:53.943root 11241100x8000000000000000415268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.711b80aa0ec67f6b2021-12-21 10:43:53.943root 11241100x8000000000000000415269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a702045e1cea932021-12-21 10:43:53.943root 11241100x8000000000000000415270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e73a20989bc9f3ea2021-12-21 10:43:53.943root 11241100x8000000000000000415271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fbab3697c304cf82021-12-21 10:43:53.943root 11241100x8000000000000000415272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a788bd2b63a29782021-12-21 10:43:53.943root 11241100x8000000000000000415273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2debdaaae5993e9f2021-12-21 10:43:53.943root 11241100x8000000000000000415274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b50bbb4b5815072021-12-21 10:43:53.944root 11241100x8000000000000000415275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa98e93a43ad2d252021-12-21 10:43:53.944root 11241100x8000000000000000415276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65a84196696920872021-12-21 10:43:53.944root 11241100x8000000000000000415277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e2aca9bc0dfbce62021-12-21 10:43:53.944root 11241100x8000000000000000415278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b00e5d35b93f69d2021-12-21 10:43:53.944root 11241100x8000000000000000415279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf4f399f39a0bec2021-12-21 10:43:53.944root 11241100x8000000000000000415280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a2ed675240ce6142021-12-21 10:43:53.944root 11241100x8000000000000000415281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c92bc6de0bcf442021-12-21 10:43:53.944root 11241100x8000000000000000415282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f14e0655c53aa3a22021-12-21 10:43:53.945root 11241100x8000000000000000415283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca8c0ed29e590262021-12-21 10:43:53.945root 11241100x8000000000000000415284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76e9cc9bb5e7c41e2021-12-21 10:43:53.945root 11241100x8000000000000000415285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df1c94d1216fb7592021-12-21 10:43:53.945root 11241100x8000000000000000415286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e804feb614d20d2021-12-21 10:43:53.945root 11241100x8000000000000000415287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c4dd2eef5db8ff32021-12-21 10:43:53.945root 11241100x8000000000000000415288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab420f277fcea38d2021-12-21 10:43:53.945root 11241100x8000000000000000415289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04828883dcec731e2021-12-21 10:43:53.945root 11241100x8000000000000000415290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c24fcb9ceecaf12021-12-21 10:43:53.945root 11241100x8000000000000000415291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8dfc1b4331ec4362021-12-21 10:43:53.945root 11241100x8000000000000000415292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd7464b1b6efef92021-12-21 10:43:53.945root 11241100x8000000000000000415293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a073724e31b5c02021-12-21 10:43:53.946root 11241100x8000000000000000415294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfb006096dbbc5c42021-12-21 10:43:53.946root 11241100x8000000000000000415295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3c3dca354310f62021-12-21 10:43:53.946root 11241100x8000000000000000415296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3779e135431821b2021-12-21 10:43:53.946root 11241100x8000000000000000415297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e39d10c0fbd90ec72021-12-21 10:43:53.946root 11241100x8000000000000000415298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e9272cd33ec5dc52021-12-21 10:43:53.946root 11241100x8000000000000000415299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bee888d151b59962021-12-21 10:43:53.946root 11241100x8000000000000000415300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54cae62a8782c1a32021-12-21 10:43:53.946root 11241100x8000000000000000415301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aedc8d6bc45c91e2021-12-21 10:43:53.946root 11241100x8000000000000000415302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2969ff57ecf4d5a2021-12-21 10:43:53.946root 11241100x8000000000000000415303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3076d788b24fabd32021-12-21 10:43:53.946root 11241100x8000000000000000415304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d279da1c2290e80c2021-12-21 10:43:53.946root 11241100x8000000000000000415305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2237bc4508d59dd32021-12-21 10:43:53.947root 11241100x8000000000000000415306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a4d9ca85d3e12542021-12-21 10:43:53.947root 11241100x8000000000000000415307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b29111b877968b2021-12-21 10:43:53.947root 11241100x8000000000000000415308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d591fa402f9f1e72021-12-21 10:43:53.947root 11241100x8000000000000000415309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dfdfc748fb077a82021-12-21 10:43:53.947root 11241100x8000000000000000415310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.283edc7768a7933c2021-12-21 10:43:53.947root 11241100x8000000000000000415311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5334c6e6fc5da2992021-12-21 10:43:53.947root 11241100x8000000000000000415312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb005dcdfe0804e2021-12-21 10:43:53.949root 11241100x8000000000000000415313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0eb944d575570e12021-12-21 10:43:53.949root 11241100x8000000000000000415314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f00abfeab35f7162021-12-21 10:43:53.949root 11241100x8000000000000000415315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bda6ebde66aff11d2021-12-21 10:43:53.949root 11241100x8000000000000000415316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.763a6a5b75c891af2021-12-21 10:43:53.949root 11241100x8000000000000000415317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f2044dfa03748b32021-12-21 10:43:53.949root 11241100x8000000000000000415318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b71bb929a87800592021-12-21 10:43:53.949root 11241100x8000000000000000415319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd4c17c615e7c6f2021-12-21 10:43:53.949root 11241100x8000000000000000415320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf58e3c3b3872b2b2021-12-21 10:43:53.949root 11241100x8000000000000000415321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:53.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.281d3a6f64f22cba2021-12-21 10:43:53.950root 11241100x8000000000000000415322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.855a14c08df5b4d02021-12-21 10:43:54.443root 11241100x8000000000000000415323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b1c4738063bfe222021-12-21 10:43:54.443root 11241100x8000000000000000415324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f196537b27a850d62021-12-21 10:43:54.443root 11241100x8000000000000000415325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1bbae51e020686a2021-12-21 10:43:54.443root 11241100x8000000000000000415326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.262a279e54daf9082021-12-21 10:43:54.443root 11241100x8000000000000000415327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f22c90d7b21eb3982021-12-21 10:43:54.443root 11241100x8000000000000000415328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15facba9e696da5a2021-12-21 10:43:54.443root 11241100x8000000000000000415329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b350e77034e50af2021-12-21 10:43:54.444root 11241100x8000000000000000415330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a2b652c78f3bd12021-12-21 10:43:54.444root 11241100x8000000000000000415331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dcc99c1e7065dfb2021-12-21 10:43:54.444root 11241100x8000000000000000415332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.526bd36241deefd62021-12-21 10:43:54.444root 11241100x8000000000000000415333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07129c8746e97dd92021-12-21 10:43:54.444root 11241100x8000000000000000415334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fac3491a38c8252c2021-12-21 10:43:54.444root 11241100x8000000000000000415335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdfe743c474124032021-12-21 10:43:54.444root 11241100x8000000000000000415336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad428cb8cbec75552021-12-21 10:43:54.445root 11241100x8000000000000000415337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93fe3ba3616912fd2021-12-21 10:43:54.445root 11241100x8000000000000000415338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c657e44ec0aaffc2021-12-21 10:43:54.445root 11241100x8000000000000000415339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e5f2efe7854172d2021-12-21 10:43:54.445root 11241100x8000000000000000415340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5aa2c01e699f0e22021-12-21 10:43:54.445root 11241100x8000000000000000415341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f70610883085a0e52021-12-21 10:43:54.445root 11241100x8000000000000000415342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69650153f02d54232021-12-21 10:43:54.445root 11241100x8000000000000000415343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.119da32d716136862021-12-21 10:43:54.445root 11241100x8000000000000000415344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b7fccc045ddc4de2021-12-21 10:43:54.446root 11241100x8000000000000000415345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd9b86c71cb483d2021-12-21 10:43:54.446root 11241100x8000000000000000415346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0158b07c334f62b2021-12-21 10:43:54.446root 11241100x8000000000000000415347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1721065c13922a502021-12-21 10:43:54.447root 11241100x8000000000000000415348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02448c11dbdc3b902021-12-21 10:43:54.447root 11241100x8000000000000000415349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7a2bc8cc694a3e82021-12-21 10:43:54.447root 11241100x8000000000000000415350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.503d99a17612133c2021-12-21 10:43:54.447root 11241100x8000000000000000415351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400531fb32f9b6042021-12-21 10:43:54.447root 11241100x8000000000000000415352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.261529efb43557822021-12-21 10:43:54.447root 11241100x8000000000000000415353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.215c30fcdc001f002021-12-21 10:43:54.447root 11241100x8000000000000000415354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3111e808599fdead2021-12-21 10:43:54.447root 11241100x8000000000000000415355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6036b37037609e832021-12-21 10:43:54.447root 11241100x8000000000000000415356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1f620c620a66f7d2021-12-21 10:43:54.447root 11241100x8000000000000000415357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f43f3172fe3e0c2021-12-21 10:43:54.447root 11241100x8000000000000000415358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2c88caa859a2d762021-12-21 10:43:54.447root 11241100x8000000000000000415359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca29638e647c6f162021-12-21 10:43:54.448root 11241100x8000000000000000415360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41178038a90ff12e2021-12-21 10:43:54.448root 11241100x8000000000000000415361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a331a7940d82225f2021-12-21 10:43:54.448root 11241100x8000000000000000415362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f64016cfef3408b2021-12-21 10:43:54.448root 11241100x8000000000000000415363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.589f373b720d918c2021-12-21 10:43:54.448root 11241100x8000000000000000415364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.255300e3ab1ecb802021-12-21 10:43:54.449root 11241100x8000000000000000415365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e5ab6fd814da43e2021-12-21 10:43:54.449root 11241100x8000000000000000415366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4bb9ebc93085ae32021-12-21 10:43:54.449root 11241100x8000000000000000415367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fac5af8f40c1f57d2021-12-21 10:43:54.449root 11241100x8000000000000000415368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2210f141315a81792021-12-21 10:43:54.449root 11241100x8000000000000000415369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bfd24fe089a92e82021-12-21 10:43:54.449root 11241100x8000000000000000415370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ffc596db1387172021-12-21 10:43:54.449root 11241100x8000000000000000415371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5030306ad04068ca2021-12-21 10:43:54.449root 11241100x8000000000000000415372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4b7baead9cc76802021-12-21 10:43:54.449root 11241100x8000000000000000415373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41047f464fb511b82021-12-21 10:43:54.449root 11241100x8000000000000000415374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f75ccd4163362a2021-12-21 10:43:54.449root 11241100x8000000000000000415375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99e544c305ce17442021-12-21 10:43:54.943root 11241100x8000000000000000415376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98571ba5907829362021-12-21 10:43:54.943root 11241100x8000000000000000415377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbce19a3441838212021-12-21 10:43:54.944root 11241100x8000000000000000415378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec3b15b2abd1cbf02021-12-21 10:43:54.944root 11241100x8000000000000000415379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9071f6742c3dc4082021-12-21 10:43:54.944root 11241100x8000000000000000415380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e9db9bbb91b8072021-12-21 10:43:54.944root 11241100x8000000000000000415381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfbcb2c5856485912021-12-21 10:43:54.944root 11241100x8000000000000000415382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd2afb192b485a12021-12-21 10:43:54.944root 11241100x8000000000000000415383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c23d04e493298702021-12-21 10:43:54.945root 11241100x8000000000000000415384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8af18403820565a2021-12-21 10:43:54.945root 11241100x8000000000000000415385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16441ecef16107322021-12-21 10:43:54.945root 11241100x8000000000000000415386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.288ded3fd46676a72021-12-21 10:43:54.945root 11241100x8000000000000000415387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67dbe431d788d92c2021-12-21 10:43:54.945root 11241100x8000000000000000415388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c1bb7ff330b71242021-12-21 10:43:54.945root 11241100x8000000000000000415389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec3a70a7a02f97ec2021-12-21 10:43:54.945root 11241100x8000000000000000415390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17e81a757065bac2021-12-21 10:43:54.945root 11241100x8000000000000000415391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0bfc41bb15d2a662021-12-21 10:43:54.945root 11241100x8000000000000000415392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e6b1827c83a45812021-12-21 10:43:54.945root 11241100x8000000000000000415393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ccd6c2085dfc5c82021-12-21 10:43:54.945root 11241100x8000000000000000415394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7c5f20c01d24502021-12-21 10:43:54.945root 11241100x8000000000000000415395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1db98fc46cc8382021-12-21 10:43:54.946root 11241100x8000000000000000415396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b5a89557d6ffc42021-12-21 10:43:54.946root 11241100x8000000000000000415397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a50131ffbea0fc62021-12-21 10:43:54.946root 11241100x8000000000000000415398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68840e494f53926c2021-12-21 10:43:54.946root 11241100x8000000000000000415399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cddd31e1921f7712021-12-21 10:43:54.946root 11241100x8000000000000000415400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39db93653dd1439f2021-12-21 10:43:54.946root 11241100x8000000000000000415401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc19a407236a10b2021-12-21 10:43:54.946root 11241100x8000000000000000415402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f6cca2029ef62552021-12-21 10:43:54.946root 11241100x8000000000000000415403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327971a54dd0e4002021-12-21 10:43:54.946root 11241100x8000000000000000415404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4646e765157de912021-12-21 10:43:54.946root 11241100x8000000000000000415405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.669166781e1d68f82021-12-21 10:43:54.946root 11241100x8000000000000000415406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d232623b08c3bb2021-12-21 10:43:54.946root 11241100x8000000000000000415407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.949192be81fb90bc2021-12-21 10:43:54.946root 11241100x8000000000000000415408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ac4bc2e2d58802f2021-12-21 10:43:54.946root 11241100x8000000000000000415409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7db4d5265b70620f2021-12-21 10:43:54.946root 11241100x8000000000000000415410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ba0faadb7d45e92021-12-21 10:43:54.947root 11241100x8000000000000000415411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa4177b82c915b42021-12-21 10:43:54.947root 11241100x8000000000000000415412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbad1ceaddb2a6682021-12-21 10:43:54.947root 11241100x8000000000000000415413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfaf00cab416a8142021-12-21 10:43:54.947root 11241100x8000000000000000415414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9373823d4fa870512021-12-21 10:43:54.947root 11241100x8000000000000000415415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83c300c055baf2cd2021-12-21 10:43:54.947root 11241100x8000000000000000415416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d99831c543af142021-12-21 10:43:54.947root 11241100x8000000000000000415417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c9c64fbd47cb0f82021-12-21 10:43:54.947root 11241100x8000000000000000415418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:54.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d2d6a8f670103082021-12-21 10:43:54.947root 11241100x8000000000000000415419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d1193a03c638ad22021-12-21 10:43:55.443root 11241100x8000000000000000415420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d588774a8fab91db2021-12-21 10:43:55.443root 11241100x8000000000000000415421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d6ada868a13d342021-12-21 10:43:55.443root 11241100x8000000000000000415422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da07f6e44e9326682021-12-21 10:43:55.443root 11241100x8000000000000000415423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28bd2d9166ea8c0f2021-12-21 10:43:55.444root 11241100x8000000000000000415424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e8804eb88c2a1d2021-12-21 10:43:55.444root 11241100x8000000000000000415425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fc12993b7bb7d7f2021-12-21 10:43:55.444root 11241100x8000000000000000415426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada917ffa180b9722021-12-21 10:43:55.444root 11241100x8000000000000000415427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c75260830eb8d8b2021-12-21 10:43:55.444root 11241100x8000000000000000415428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99987a8cc710b702021-12-21 10:43:55.444root 11241100x8000000000000000415429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20b5b6c0df3f5a0b2021-12-21 10:43:55.444root 11241100x8000000000000000415430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4679c1d5bcd8e01c2021-12-21 10:43:55.445root 11241100x8000000000000000415431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0deddf2fb725a6cf2021-12-21 10:43:55.445root 11241100x8000000000000000415432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500dee426d4fd80c2021-12-21 10:43:55.445root 11241100x8000000000000000415433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a3b0310f5d26872021-12-21 10:43:55.445root 11241100x8000000000000000415434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71579ad5262e25f92021-12-21 10:43:55.445root 11241100x8000000000000000415435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e6b05b8889cf9d2021-12-21 10:43:55.445root 11241100x8000000000000000415436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.943b4cbc3bb35cc82021-12-21 10:43:55.445root 11241100x8000000000000000415437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.003589f60cf2059a2021-12-21 10:43:55.446root 11241100x8000000000000000415438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a45cf9aa20361c2021-12-21 10:43:55.446root 11241100x8000000000000000415439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e57d92986bb71bf2021-12-21 10:43:55.446root 11241100x8000000000000000415440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e805dac33bbc1fb62021-12-21 10:43:55.446root 11241100x8000000000000000415441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c792defefbe6a7032021-12-21 10:43:55.446root 11241100x8000000000000000415442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ea4ff859b8874d2021-12-21 10:43:55.446root 11241100x8000000000000000415443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b5397edd0813eb2021-12-21 10:43:55.446root 11241100x8000000000000000415444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331d6bdf3dde38712021-12-21 10:43:55.447root 11241100x8000000000000000415445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.935728caf3dd2ab32021-12-21 10:43:55.447root 11241100x8000000000000000415446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08ca2d758f7b1b32021-12-21 10:43:55.447root 11241100x8000000000000000415447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47706fb0c359604c2021-12-21 10:43:55.448root 11241100x8000000000000000415448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b99d49d886d85742021-12-21 10:43:55.448root 11241100x8000000000000000415449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df30fdc4b12170e42021-12-21 10:43:55.449root 11241100x8000000000000000415450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e5481df80b706722021-12-21 10:43:55.449root 11241100x8000000000000000415451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a5e3f5b3e10a1be2021-12-21 10:43:55.449root 11241100x8000000000000000415452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f800252eec4a62ff2021-12-21 10:43:55.449root 11241100x8000000000000000415453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4603c411456ebbc62021-12-21 10:43:55.449root 11241100x8000000000000000415454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c32dacb2f25074a2021-12-21 10:43:55.450root 11241100x8000000000000000415455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e277d03be3eb6e22021-12-21 10:43:55.450root 11241100x8000000000000000415456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4c53326e7d1caf2021-12-21 10:43:55.450root 11241100x8000000000000000415457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4716c3ecc43050f2021-12-21 10:43:55.450root 11241100x8000000000000000415458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04caa189f71810632021-12-21 10:43:55.451root 11241100x8000000000000000415459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c5c12994d8a4bb32021-12-21 10:43:55.451root 11241100x8000000000000000415460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f1e401d3cd4e2692021-12-21 10:43:55.451root 11241100x8000000000000000415461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.288b6b495140d1772021-12-21 10:43:55.451root 11241100x8000000000000000415462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad4d7ac626887a82021-12-21 10:43:55.451root 11241100x8000000000000000415463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06dbfc8b4564bb222021-12-21 10:43:55.452root 11241100x8000000000000000415464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f65ccc5f632780c72021-12-21 10:43:55.452root 11241100x8000000000000000415465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f26aff149f2174f2021-12-21 10:43:55.452root 11241100x8000000000000000415466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad2534c7c0f7c0c2021-12-21 10:43:55.452root 11241100x8000000000000000415467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91486ae324b95b4d2021-12-21 10:43:55.452root 11241100x8000000000000000415468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8682b5d5d60ba82021-12-21 10:43:55.452root 11241100x8000000000000000415469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b723cb7bccda2112021-12-21 10:43:55.452root 11241100x8000000000000000415470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa40eef1a76d0952021-12-21 10:43:55.452root 11241100x8000000000000000415471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f2f2592c44061482021-12-21 10:43:55.452root 11241100x8000000000000000415472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d695c01afcb5435c2021-12-21 10:43:55.453root 11241100x8000000000000000415473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db89464a17914452021-12-21 10:43:55.453root 11241100x8000000000000000415474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6851acf3d1b057b02021-12-21 10:43:55.453root 11241100x8000000000000000415475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5682cb86ef15f612021-12-21 10:43:55.943root 11241100x8000000000000000415476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf90f281e0bec9b2021-12-21 10:43:55.943root 11241100x8000000000000000415477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d43e0c33145a37b12021-12-21 10:43:55.943root 11241100x8000000000000000415478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df4ff851f789bd8f2021-12-21 10:43:55.943root 11241100x8000000000000000415479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c27760a5629f63402021-12-21 10:43:55.944root 11241100x8000000000000000415480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d3ab6f48a29b382021-12-21 10:43:55.944root 11241100x8000000000000000415481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ac30442295bd3c82021-12-21 10:43:55.944root 11241100x8000000000000000415482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dcc1736f3a6bd742021-12-21 10:43:55.944root 11241100x8000000000000000415483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.615d7214feefab542021-12-21 10:43:55.944root 11241100x8000000000000000415484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd291ede896f8be2021-12-21 10:43:55.944root 11241100x8000000000000000415485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.305f56c4d4c1b9ab2021-12-21 10:43:55.944root 11241100x8000000000000000415486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3bb92bc15059dd32021-12-21 10:43:55.945root 11241100x8000000000000000415487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15cf7d1cf0a9cf612021-12-21 10:43:55.945root 11241100x8000000000000000415488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c36a64e28c59b16a2021-12-21 10:43:55.945root 11241100x8000000000000000415489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bb7bd5a276d990d2021-12-21 10:43:55.945root 11241100x8000000000000000415490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398fe30273a543322021-12-21 10:43:55.945root 11241100x8000000000000000415491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c687c13783e81702021-12-21 10:43:55.945root 11241100x8000000000000000415492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ddc354d2857d74d2021-12-21 10:43:55.945root 11241100x8000000000000000415493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b371121dbc6fa8ed2021-12-21 10:43:55.945root 11241100x8000000000000000415494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd2b9fd3e869e1cb2021-12-21 10:43:55.945root 11241100x8000000000000000415495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aa047d9d1abc8892021-12-21 10:43:55.946root 11241100x8000000000000000415496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aa62bd830d5f55a2021-12-21 10:43:55.946root 11241100x8000000000000000415497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a48dc538fbc161f2021-12-21 10:43:55.946root 11241100x8000000000000000415498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f646516accbce1c32021-12-21 10:43:55.946root 11241100x8000000000000000415499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7511dcf6efdaf702021-12-21 10:43:55.946root 11241100x8000000000000000415500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bb792124a0d9d2d2021-12-21 10:43:55.946root 11241100x8000000000000000415501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fffbfec0a6eedb32021-12-21 10:43:55.946root 11241100x8000000000000000415502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e61cd358e61a04f2021-12-21 10:43:55.946root 11241100x8000000000000000415503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c654fdb0be8e1882021-12-21 10:43:55.946root 11241100x8000000000000000415504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.330becb3a429dc3b2021-12-21 10:43:55.946root 11241100x8000000000000000415505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c1bb59a3fe318b2021-12-21 10:43:55.946root 11241100x8000000000000000415506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c65a116da86aa7a02021-12-21 10:43:55.947root 11241100x8000000000000000415507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.113a1f9da53cf5f52021-12-21 10:43:55.947root 11241100x8000000000000000415508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f670ae6a698e7cd2021-12-21 10:43:55.947root 11241100x8000000000000000415509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb244ea5a1ac5f312021-12-21 10:43:55.947root 11241100x8000000000000000415510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d71daf2fdb2a1b22021-12-21 10:43:55.947root 11241100x8000000000000000415511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c396674e9fc36e2021-12-21 10:43:55.947root 11241100x8000000000000000415512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.300f3c2cbccd41f82021-12-21 10:43:55.947root 11241100x8000000000000000415513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80cb44d17a43204c2021-12-21 10:43:55.948root 11241100x8000000000000000415514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5736084c61cb899c2021-12-21 10:43:55.948root 11241100x8000000000000000415515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0902f0f7c8edd842021-12-21 10:43:55.948root 11241100x8000000000000000415516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.594d977efb006fa52021-12-21 10:43:55.948root 11241100x8000000000000000415517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b156bd1db4fd2e2021-12-21 10:43:55.948root 11241100x8000000000000000415518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d789940a3a430f902021-12-21 10:43:55.948root 11241100x8000000000000000415519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.774f3738dc8638f02021-12-21 10:43:55.948root 11241100x8000000000000000415520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f406ba1d8f12945d2021-12-21 10:43:55.948root 11241100x8000000000000000415521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05190980b63aa57d2021-12-21 10:43:55.948root 11241100x8000000000000000415522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d737d1a00a33092021-12-21 10:43:55.948root 11241100x8000000000000000415523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a38866209c6562432021-12-21 10:43:55.949root 11241100x8000000000000000415524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0806b9f12086c8c02021-12-21 10:43:55.949root 11241100x8000000000000000415525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d62fec61e6ea46eb2021-12-21 10:43:55.949root 11241100x8000000000000000415526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa6326c2c59e8fa42021-12-21 10:43:55.949root 11241100x8000000000000000415527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f02fcc99213ab32021-12-21 10:43:55.949root 11241100x8000000000000000415528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4566c442f2597d062021-12-21 10:43:55.949root 11241100x8000000000000000415529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:55.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8231c25db4652d192021-12-21 10:43:55.949root 354300x8000000000000000415530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.046{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47520-false10.0.1.12-8000- 11241100x8000000000000000415531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18cb423c4a8c9fe2021-12-21 10:43:56.443root 11241100x8000000000000000415532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.295562978a900c2f2021-12-21 10:43:56.443root 11241100x8000000000000000415533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e443eca32ef040df2021-12-21 10:43:56.443root 11241100x8000000000000000415534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.239228c73256e7e12021-12-21 10:43:56.443root 11241100x8000000000000000415535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c154753abd3ef7e12021-12-21 10:43:56.444root 11241100x8000000000000000415536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2aafde454649a52021-12-21 10:43:56.444root 11241100x8000000000000000415537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff22f731201f3bc2021-12-21 10:43:56.444root 11241100x8000000000000000415538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e97fa17449ecbecf2021-12-21 10:43:56.444root 11241100x8000000000000000415539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3646ce8d4a6a3b982021-12-21 10:43:56.444root 11241100x8000000000000000415540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf09c46696f6aa62021-12-21 10:43:56.444root 11241100x8000000000000000415541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29aa2bd8c329df952021-12-21 10:43:56.445root 11241100x8000000000000000415542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.451014504571dc262021-12-21 10:43:56.445root 11241100x8000000000000000415543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76df6bf22885a60a2021-12-21 10:43:56.445root 11241100x8000000000000000415544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd358a2a85ce4b6e2021-12-21 10:43:56.445root 11241100x8000000000000000415545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa1b2a798ac6d2a72021-12-21 10:43:56.447root 11241100x8000000000000000415546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e66bc5ef94e4da22021-12-21 10:43:56.448root 11241100x8000000000000000415547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.decd562b35bb408c2021-12-21 10:43:56.448root 11241100x8000000000000000415548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3301720fe5bbef2021-12-21 10:43:56.448root 11241100x8000000000000000415549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8264754ebd8eb1b02021-12-21 10:43:56.449root 11241100x8000000000000000415550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40656298966371ad2021-12-21 10:43:56.449root 11241100x8000000000000000415551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c105b769170ba032021-12-21 10:43:56.450root 11241100x8000000000000000415552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.612c35d357ef500b2021-12-21 10:43:56.450root 11241100x8000000000000000415553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41410d062aa0fe682021-12-21 10:43:56.450root 11241100x8000000000000000415554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f273e308fa5cc68f2021-12-21 10:43:56.450root 11241100x8000000000000000415555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ceb1bd5b4a9edca2021-12-21 10:43:56.450root 11241100x8000000000000000415556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f34e861d253f82d2021-12-21 10:43:56.451root 11241100x8000000000000000415557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea4702b3ced447842021-12-21 10:43:56.451root 11241100x8000000000000000415558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a49a80008b8c8c2021-12-21 10:43:56.451root 11241100x8000000000000000415559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92510035283e11982021-12-21 10:43:56.452root 11241100x8000000000000000415560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bada731eb66ab5432021-12-21 10:43:56.452root 11241100x8000000000000000415561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a73a5de234ca15a2021-12-21 10:43:56.453root 11241100x8000000000000000415562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c167ae46372658832021-12-21 10:43:56.453root 11241100x8000000000000000415563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c839f83cc63c19292021-12-21 10:43:56.453root 11241100x8000000000000000415564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e33d1bb41fceef82021-12-21 10:43:56.453root 11241100x8000000000000000415565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5882f077673a717a2021-12-21 10:43:56.454root 11241100x8000000000000000415566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94975f683e90ec802021-12-21 10:43:56.454root 11241100x8000000000000000415567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e93c73b7e8f49b2021-12-21 10:43:56.454root 11241100x8000000000000000415568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a54f8d06e1888382021-12-21 10:43:56.455root 11241100x8000000000000000415569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a7d65f9c7e5b7c2021-12-21 10:43:56.455root 11241100x8000000000000000415570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b5ee77b1dba646d2021-12-21 10:43:56.455root 11241100x8000000000000000415571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1b925000e31bee2021-12-21 10:43:56.456root 11241100x8000000000000000415572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cd7f3d09dd31fb62021-12-21 10:43:56.456root 11241100x8000000000000000415573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a360cb18c749762021-12-21 10:43:56.456root 11241100x8000000000000000415574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.533f8fa47d413ff22021-12-21 10:43:56.457root 11241100x8000000000000000415575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98652ffe9b957dea2021-12-21 10:43:56.457root 11241100x8000000000000000415576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab81a7da525cf2c2021-12-21 10:43:56.457root 11241100x8000000000000000415577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6df43024229e9e22021-12-21 10:43:56.458root 11241100x8000000000000000415578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79bc653f5d3f98f22021-12-21 10:43:56.943root 11241100x8000000000000000415579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3705ce5a0d985ca52021-12-21 10:43:56.943root 11241100x8000000000000000415580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.688be3bc70861acd2021-12-21 10:43:56.943root 11241100x8000000000000000415581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43605302833945f42021-12-21 10:43:56.943root 11241100x8000000000000000415582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d31966dee45c65a2021-12-21 10:43:56.944root 11241100x8000000000000000415583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e204e7dc333f4062021-12-21 10:43:56.944root 11241100x8000000000000000415584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf888430dcc9b3e2021-12-21 10:43:56.944root 11241100x8000000000000000415585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b667fb69b94d412021-12-21 10:43:56.944root 11241100x8000000000000000415586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e0adc8819a9d5e02021-12-21 10:43:56.944root 11241100x8000000000000000415587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd4573cad7230b172021-12-21 10:43:56.944root 11241100x8000000000000000415588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20b8bf3f751410432021-12-21 10:43:56.944root 11241100x8000000000000000415589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b7b873094c24bb52021-12-21 10:43:56.945root 11241100x8000000000000000415590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ea20b2fd5c905b2021-12-21 10:43:56.945root 11241100x8000000000000000415591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d9c6843b8c0ec4e2021-12-21 10:43:56.945root 11241100x8000000000000000415592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8598281c8424e852021-12-21 10:43:56.945root 11241100x8000000000000000415593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a0cfe7481b914d2021-12-21 10:43:56.945root 11241100x8000000000000000415594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965280b354942cc32021-12-21 10:43:56.946root 11241100x8000000000000000415595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1458d261cae58f2021-12-21 10:43:56.946root 11241100x8000000000000000415596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.000277a3986736992021-12-21 10:43:56.946root 11241100x8000000000000000415597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a48bcf60f6d7cffc2021-12-21 10:43:56.946root 11241100x8000000000000000415598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.077dcc69f6ba905e2021-12-21 10:43:56.946root 11241100x8000000000000000415599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa98bc3b9938ee5b2021-12-21 10:43:56.946root 11241100x8000000000000000415600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0ef6df8e64c4822021-12-21 10:43:56.946root 11241100x8000000000000000415601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.135e4341b7cb37d72021-12-21 10:43:56.946root 11241100x8000000000000000415602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46c8cdd3279a07ad2021-12-21 10:43:56.947root 11241100x8000000000000000415603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f0a5bbc1ddfed7b2021-12-21 10:43:56.947root 11241100x8000000000000000415604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c3691f38e01a5992021-12-21 10:43:56.947root 11241100x8000000000000000415605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c41555c5680b862021-12-21 10:43:56.947root 11241100x8000000000000000415606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f5885bbb0207ee12021-12-21 10:43:56.947root 11241100x8000000000000000415607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f15e492a843b67362021-12-21 10:43:56.947root 11241100x8000000000000000415608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a34169087148752021-12-21 10:43:56.947root 11241100x8000000000000000415609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a76e03a3f2ffb522021-12-21 10:43:56.947root 11241100x8000000000000000415610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf0ace8c50fd5d7b2021-12-21 10:43:56.947root 11241100x8000000000000000415611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3ff10b89f01b8e82021-12-21 10:43:56.948root 11241100x8000000000000000415612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e2c59775cd08fe2021-12-21 10:43:56.948root 11241100x8000000000000000415613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ace004ab644f4b2021-12-21 10:43:56.948root 11241100x8000000000000000415614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f54f6ff12f70bb82021-12-21 10:43:56.948root 11241100x8000000000000000415615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1592e3346bab08652021-12-21 10:43:56.948root 11241100x8000000000000000415616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.979de2165f690b712021-12-21 10:43:56.948root 11241100x8000000000000000415617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7799da29b2a66ce82021-12-21 10:43:56.948root 11241100x8000000000000000415618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d6486d21ee7da32021-12-21 10:43:56.949root 11241100x8000000000000000415619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.583be5eda90a06e32021-12-21 10:43:56.949root 11241100x8000000000000000415620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb6ddb900291e0a2021-12-21 10:43:56.949root 11241100x8000000000000000415621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f7b92bd970036262021-12-21 10:43:56.949root 11241100x8000000000000000415622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e81c8aea86a20bf2021-12-21 10:43:56.949root 11241100x8000000000000000415623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d69e9c53ce8f4e2021-12-21 10:43:56.950root 11241100x8000000000000000415624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e88ba5150a19ddfe2021-12-21 10:43:56.950root 11241100x8000000000000000415625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16fea2bf3604cf5c2021-12-21 10:43:56.950root 11241100x8000000000000000415626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c6a0e9e3c6f94dc2021-12-21 10:43:56.950root 11241100x8000000000000000415627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d825636518a61cc2021-12-21 10:43:56.950root 11241100x8000000000000000415628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d8776e39c061b262021-12-21 10:43:56.951root 11241100x8000000000000000415629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.205a860e13a1ad072021-12-21 10:43:56.951root 11241100x8000000000000000415630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:56.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ec7906e3de9a6a2021-12-21 10:43:56.951root 11241100x8000000000000000415631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9d10ab9fd455a12021-12-21 10:43:57.443root 11241100x8000000000000000415632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d446abcf9d5b9e2021-12-21 10:43:57.443root 11241100x8000000000000000415633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01eba74cfcffab3c2021-12-21 10:43:57.443root 11241100x8000000000000000415634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.173e1b7b490d0f922021-12-21 10:43:57.443root 11241100x8000000000000000415635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115194131bedc57c2021-12-21 10:43:57.443root 11241100x8000000000000000415636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.281c817fcaaa6df52021-12-21 10:43:57.443root 11241100x8000000000000000415637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dee37dc02256dc132021-12-21 10:43:57.443root 11241100x8000000000000000415638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d6f6ec67c2af1882021-12-21 10:43:57.443root 11241100x8000000000000000415639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1722e8f7a340a4f82021-12-21 10:43:57.443root 11241100x8000000000000000415640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.821b6527e8b4294f2021-12-21 10:43:57.443root 11241100x8000000000000000415641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34cb398fb658fdea2021-12-21 10:43:57.444root 11241100x8000000000000000415642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3b2dba4d4f30c52021-12-21 10:43:57.444root 11241100x8000000000000000415643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4861a765fd4f7bf92021-12-21 10:43:57.444root 11241100x8000000000000000415644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.501523d6c567e8982021-12-21 10:43:57.444root 11241100x8000000000000000415645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.255bce3723444ecc2021-12-21 10:43:57.444root 11241100x8000000000000000415646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.351c3bad29fb8e072021-12-21 10:43:57.444root 11241100x8000000000000000415647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7aa2df4820a06722021-12-21 10:43:57.444root 11241100x8000000000000000415648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825d5f0438ac7b3e2021-12-21 10:43:57.444root 11241100x8000000000000000415649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d376aa9b3fb73a2021-12-21 10:43:57.444root 11241100x8000000000000000415650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a7981e406a7d862021-12-21 10:43:57.444root 11241100x8000000000000000415651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb177256bf2c7a02021-12-21 10:43:57.444root 11241100x8000000000000000415652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4951544b11115be2021-12-21 10:43:57.444root 11241100x8000000000000000415653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26db302c702f3d792021-12-21 10:43:57.444root 11241100x8000000000000000415654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f44011074cf6662021-12-21 10:43:57.444root 11241100x8000000000000000415655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b8fa533129f4d22021-12-21 10:43:57.444root 11241100x8000000000000000415656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5b956de03972afb2021-12-21 10:43:57.445root 11241100x8000000000000000415657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c9fe5d249b3b1962021-12-21 10:43:57.445root 11241100x8000000000000000415658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5190952b9c399a7e2021-12-21 10:43:57.445root 11241100x8000000000000000415659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56061abf68bd48832021-12-21 10:43:57.445root 11241100x8000000000000000415660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.740e5ef6de8ff34a2021-12-21 10:43:57.445root 11241100x8000000000000000415661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e5196af30beae12021-12-21 10:43:57.445root 11241100x8000000000000000415662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7ead5d922bdf9df2021-12-21 10:43:57.445root 11241100x8000000000000000415663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ed7578939dc62082021-12-21 10:43:57.445root 11241100x8000000000000000415664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7511c104912b54562021-12-21 10:43:57.445root 11241100x8000000000000000415665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d83363d398e6e4412021-12-21 10:43:57.445root 11241100x8000000000000000415666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99cb01c78cdaa4442021-12-21 10:43:57.445root 11241100x8000000000000000415667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37fe625b28982b172021-12-21 10:43:57.445root 11241100x8000000000000000415668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0224e8abed48dbd2021-12-21 10:43:57.445root 11241100x8000000000000000415669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca13187518d78c432021-12-21 10:43:57.445root 11241100x8000000000000000415670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eebd52750cf98bd2021-12-21 10:43:57.446root 11241100x8000000000000000415671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c687a84e307e172021-12-21 10:43:57.446root 11241100x8000000000000000415672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af95197ddbc6110a2021-12-21 10:43:57.446root 11241100x8000000000000000415673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e5081cd7d81a8d2021-12-21 10:43:57.446root 11241100x8000000000000000415674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5bb8313e9ee2d322021-12-21 10:43:57.446root 11241100x8000000000000000415675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c76011193deaf7a2021-12-21 10:43:57.446root 11241100x8000000000000000415676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b454813e358062e12021-12-21 10:43:57.446root 11241100x8000000000000000415677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc5d4248162602932021-12-21 10:43:57.446root 11241100x8000000000000000415678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f50ab0496556b342021-12-21 10:43:57.446root 11241100x8000000000000000415679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5907f46c36c002b22021-12-21 10:43:57.446root 11241100x8000000000000000415680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d366ac0fb986b92021-12-21 10:43:57.446root 11241100x8000000000000000415681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d6e3ba14cee81052021-12-21 10:43:57.446root 11241100x8000000000000000415682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.782eecd253d859652021-12-21 10:43:57.446root 11241100x8000000000000000415683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac40d111c14d35da2021-12-21 10:43:57.446root 11241100x8000000000000000415684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f799f2a512e620d82021-12-21 10:43:57.446root 11241100x8000000000000000415685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70abd844819984972021-12-21 10:43:57.446root 11241100x8000000000000000415686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a11ef70e3a35342021-12-21 10:43:57.447root 11241100x8000000000000000415687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.824390d6071a63b92021-12-21 10:43:57.447root 11241100x8000000000000000415688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f17a15139808aba2021-12-21 10:43:57.447root 11241100x8000000000000000415689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6ccc068eb55c83e2021-12-21 10:43:57.447root 11241100x8000000000000000415690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71bf0265b18af8562021-12-21 10:43:57.447root 11241100x8000000000000000415691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f531e475ebec42bc2021-12-21 10:43:57.447root 11241100x8000000000000000415692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.111b3c4ef3dcec1e2021-12-21 10:43:57.448root 11241100x8000000000000000415693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86e740464dd926a92021-12-21 10:43:57.448root 11241100x8000000000000000415694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81fa4039847efcd22021-12-21 10:43:57.448root 11241100x8000000000000000415695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f4dd81040f38f382021-12-21 10:43:57.448root 11241100x8000000000000000415696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93fdcf8b32367d582021-12-21 10:43:57.448root 11241100x8000000000000000415697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda3076380796e702021-12-21 10:43:57.448root 11241100x8000000000000000415698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9234da83ff28f1b32021-12-21 10:43:57.448root 11241100x8000000000000000415699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d67a4fe5532f9e1c2021-12-21 10:43:57.449root 11241100x8000000000000000415700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2046bcb45da07cec2021-12-21 10:43:57.449root 11241100x8000000000000000415701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.967f2785331050632021-12-21 10:43:57.449root 11241100x8000000000000000415702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf6da06ee3832e52021-12-21 10:43:57.449root 11241100x8000000000000000415703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.154b78cf1f4c1d012021-12-21 10:43:57.449root 11241100x8000000000000000415704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adc0535ce27541c52021-12-21 10:43:57.449root 11241100x8000000000000000415705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf6faf262691586b2021-12-21 10:43:57.449root 11241100x8000000000000000415706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af5137e63f592b122021-12-21 10:43:57.449root 11241100x8000000000000000415707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6b0914cf13f80322021-12-21 10:43:57.449root 11241100x8000000000000000415708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e77652cbdc6229bd2021-12-21 10:43:57.449root 11241100x8000000000000000415709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e09f168bd4313672021-12-21 10:43:57.450root 11241100x8000000000000000415710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe58f615309a45622021-12-21 10:43:57.450root 11241100x8000000000000000415711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507e24abe061e0792021-12-21 10:43:57.450root 11241100x8000000000000000415712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f3701bcae0652312021-12-21 10:43:57.450root 11241100x8000000000000000415713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd599cffaaa5d2122021-12-21 10:43:57.450root 11241100x8000000000000000415714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e75af32df47dfe0c2021-12-21 10:43:57.450root 11241100x8000000000000000415715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6feb18813da8d2882021-12-21 10:43:57.450root 11241100x8000000000000000415716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aaf25a9464575802021-12-21 10:43:57.450root 11241100x8000000000000000415717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b8b63c14da730b52021-12-21 10:43:57.450root 11241100x8000000000000000415718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98236188c945539f2021-12-21 10:43:57.451root 11241100x8000000000000000415719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074be5da9f4490442021-12-21 10:43:57.451root 11241100x8000000000000000415720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec7e11cbd24fc4c2021-12-21 10:43:57.451root 11241100x8000000000000000415721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8961e344cde5ddd82021-12-21 10:43:57.451root 11241100x8000000000000000415722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.361b82c63d2172ab2021-12-21 10:43:57.451root 11241100x8000000000000000415723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a323d7e8496fd792021-12-21 10:43:57.451root 11241100x8000000000000000415724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e286e09e79c05c92021-12-21 10:43:57.943root 11241100x8000000000000000415725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83905cac1687469b2021-12-21 10:43:57.943root 11241100x8000000000000000415726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcfdcda6c17952c22021-12-21 10:43:57.943root 11241100x8000000000000000415727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8433fd4914e01ca22021-12-21 10:43:57.943root 11241100x8000000000000000415728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd39d86638f8f2ca2021-12-21 10:43:57.943root 11241100x8000000000000000415729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.969d58ed6e2feac82021-12-21 10:43:57.943root 11241100x8000000000000000415730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db37056ba6337602021-12-21 10:43:57.943root 11241100x8000000000000000415731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da2622726573ce9c2021-12-21 10:43:57.943root 11241100x8000000000000000415732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4131ad3ec9231c2021-12-21 10:43:57.944root 11241100x8000000000000000415733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd4c0497c1fe3602021-12-21 10:43:57.944root 11241100x8000000000000000415734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72f387bd0bfd0cb22021-12-21 10:43:57.944root 11241100x8000000000000000415735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a53069bb1a0087f22021-12-21 10:43:57.944root 11241100x8000000000000000415736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4df079fa07edf7ef2021-12-21 10:43:57.944root 11241100x8000000000000000415737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be7e2572db989722021-12-21 10:43:57.944root 11241100x8000000000000000415738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91986dc2d211ad342021-12-21 10:43:57.944root 11241100x8000000000000000415739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ebb001918e3d782021-12-21 10:43:57.944root 11241100x8000000000000000415740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbd9d2148d0574602021-12-21 10:43:57.944root 11241100x8000000000000000415741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85203f8c279d74e52021-12-21 10:43:57.944root 11241100x8000000000000000415742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ed5e51a28c5d5b2021-12-21 10:43:57.945root 11241100x8000000000000000415743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f1fed744e6740642021-12-21 10:43:57.945root 11241100x8000000000000000415744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c12b673e212730eb2021-12-21 10:43:57.945root 11241100x8000000000000000415745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595b88f6c5045e532021-12-21 10:43:57.945root 11241100x8000000000000000415746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c0bf2e34102bec2021-12-21 10:43:57.945root 11241100x8000000000000000415747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27dd86377239ef1f2021-12-21 10:43:57.945root 11241100x8000000000000000415748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2cb8be0e98cba2a2021-12-21 10:43:57.945root 11241100x8000000000000000415749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0eb2ebfdd9cf4152021-12-21 10:43:57.945root 11241100x8000000000000000415750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5268fd9140e45ca2021-12-21 10:43:57.945root 11241100x8000000000000000415751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48ed9f69292baabd2021-12-21 10:43:57.946root 11241100x8000000000000000415752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2ccc8cff6236e1c2021-12-21 10:43:57.946root 11241100x8000000000000000415753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dbf240bd64493652021-12-21 10:43:57.946root 11241100x8000000000000000415754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bad8bad3f8b99ba92021-12-21 10:43:57.946root 11241100x8000000000000000415755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1adb78377f3099e2021-12-21 10:43:57.946root 11241100x8000000000000000415756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb87c919c549d0092021-12-21 10:43:57.946root 11241100x8000000000000000415757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad07e86531b7987a2021-12-21 10:43:57.946root 11241100x8000000000000000415758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceca3107dd92a7222021-12-21 10:43:57.946root 11241100x8000000000000000415759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.880e05a0e351dc512021-12-21 10:43:57.946root 11241100x8000000000000000415760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af051a477adc9ca2021-12-21 10:43:57.946root 11241100x8000000000000000415761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30b04fcfba6dd50d2021-12-21 10:43:57.947root 11241100x8000000000000000415762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c7959a635ecb9022021-12-21 10:43:57.947root 11241100x8000000000000000415763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caca19d866a60bce2021-12-21 10:43:57.947root 11241100x8000000000000000415764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a8bfbd08f62cf22021-12-21 10:43:57.947root 11241100x8000000000000000415765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a82544f1b574c262021-12-21 10:43:57.947root 11241100x8000000000000000415766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87de1c9c6bb90aae2021-12-21 10:43:57.947root 11241100x8000000000000000415767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5012c592170f77b12021-12-21 10:43:57.947root 11241100x8000000000000000415768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca49be62ade6c6c2021-12-21 10:43:57.947root 11241100x8000000000000000415769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d768a8287d4d5542021-12-21 10:43:57.947root 11241100x8000000000000000415770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb49675e2ab6d1042021-12-21 10:43:57.948root 11241100x8000000000000000415771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a36ac9055b719912021-12-21 10:43:57.948root 11241100x8000000000000000415772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dbb1f4316b0e4432021-12-21 10:43:57.948root 11241100x8000000000000000415773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe6c6687ea86c7362021-12-21 10:43:57.948root 11241100x8000000000000000415774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2729da941fcca8212021-12-21 10:43:57.948root 11241100x8000000000000000415775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dfbe5f49fef58672021-12-21 10:43:57.948root 11241100x8000000000000000415776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ded98a1460a9c732021-12-21 10:43:57.949root 11241100x8000000000000000415777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0572b29e08e125cb2021-12-21 10:43:57.949root 11241100x8000000000000000415778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55998352184109b92021-12-21 10:43:57.949root 11241100x8000000000000000415779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.682a30a6429b5c172021-12-21 10:43:57.949root 11241100x8000000000000000415780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c03becc877afecc2021-12-21 10:43:57.949root 11241100x8000000000000000415781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.641375ebdff67f332021-12-21 10:43:57.950root 11241100x8000000000000000415782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.425efcb3bbd507b92021-12-21 10:43:57.950root 11241100x8000000000000000415783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69797681c578ff32021-12-21 10:43:57.950root 11241100x8000000000000000415784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd9a5fcc22abb8612021-12-21 10:43:57.950root 11241100x8000000000000000415785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36dd2c16791a0dce2021-12-21 10:43:57.950root 11241100x8000000000000000415786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdfc31f71f75ae782021-12-21 10:43:57.950root 11241100x8000000000000000415787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf00ce6e2eca5402021-12-21 10:43:57.951root 11241100x8000000000000000415788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3fcdd20bf6cb772021-12-21 10:43:57.951root 11241100x8000000000000000415789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e3ec499a44f223b2021-12-21 10:43:57.951root 11241100x8000000000000000415790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f651542af5c88f2021-12-21 10:43:57.951root 11241100x8000000000000000415791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.655d1864c298b90d2021-12-21 10:43:57.952root 11241100x8000000000000000415792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f4d8c3579fda4aa2021-12-21 10:43:57.952root 11241100x8000000000000000415793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10e327c6ff9e73a82021-12-21 10:43:57.952root 11241100x8000000000000000415794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21d0d9cad5e3b4af2021-12-21 10:43:57.952root 11241100x8000000000000000415795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58cdb7c398f960962021-12-21 10:43:57.952root 11241100x8000000000000000415796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f78aadc68e517dd12021-12-21 10:43:57.953root 11241100x8000000000000000415797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba8ecf05833e94b02021-12-21 10:43:57.953root 11241100x8000000000000000415798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f1547a7a94d5402021-12-21 10:43:57.953root 11241100x8000000000000000415799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136d4197e6cffe672021-12-21 10:43:57.953root 11241100x8000000000000000415800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beb1ba4ddc2c4df32021-12-21 10:43:57.953root 11241100x8000000000000000415801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.635bbfaa0021afa32021-12-21 10:43:57.954root 11241100x8000000000000000415802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.311d241a0b9b3c482021-12-21 10:43:57.954root 11241100x8000000000000000415803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bdd0952334b3dd62021-12-21 10:43:57.955root 11241100x8000000000000000415804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.956619cd10554d2b2021-12-21 10:43:57.955root 11241100x8000000000000000415805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18a3cd13992839e2021-12-21 10:43:57.955root 11241100x8000000000000000415806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d374a4f83cd36be2021-12-21 10:43:57.955root 11241100x8000000000000000415807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa1a0f65c4ed5cb2021-12-21 10:43:57.955root 11241100x8000000000000000415808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf5d1872b149f0d2021-12-21 10:43:57.956root 11241100x8000000000000000415809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2bf110287873b832021-12-21 10:43:57.956root 11241100x8000000000000000415810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cff0e0cbb7403832021-12-21 10:43:57.956root 11241100x8000000000000000415811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.333e43231587b0812021-12-21 10:43:57.956root 11241100x8000000000000000415812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.664c5e0a1cfdc6902021-12-21 10:43:57.956root 11241100x8000000000000000415813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fe62cf96466fae72021-12-21 10:43:57.956root 11241100x8000000000000000415814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec7cc84131ec09e92021-12-21 10:43:57.956root 11241100x8000000000000000415815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0429b0091b561612021-12-21 10:43:57.957root 11241100x8000000000000000415816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02910392b33347222021-12-21 10:43:57.957root 11241100x8000000000000000415817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09838ddfa93dd45b2021-12-21 10:43:57.957root 11241100x8000000000000000415818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:57.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.341de3f9fdaf7eca2021-12-21 10:43:57.957root 11241100x8000000000000000415819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f91b23b7acb42992021-12-21 10:43:58.443root 11241100x8000000000000000415820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695d83b7d98c7f512021-12-21 10:43:58.443root 11241100x8000000000000000415821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a8e4e6d546eb652021-12-21 10:43:58.443root 11241100x8000000000000000415822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f24cc85857c5ed802021-12-21 10:43:58.443root 11241100x8000000000000000415823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38c509ed3ea8e2622021-12-21 10:43:58.443root 11241100x8000000000000000415824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3df0f429efaeb9e2021-12-21 10:43:58.443root 11241100x8000000000000000415825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a38e215438d30c2021-12-21 10:43:58.443root 11241100x8000000000000000415826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.512a771e6e2464c22021-12-21 10:43:58.444root 11241100x8000000000000000415827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1996b0ba9dc6b7682021-12-21 10:43:58.444root 11241100x8000000000000000415828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eef4b8c883d67c432021-12-21 10:43:58.444root 11241100x8000000000000000415829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e159ed27bde8f9662021-12-21 10:43:58.444root 11241100x8000000000000000415830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.273e22e5319bee602021-12-21 10:43:58.444root 11241100x8000000000000000415831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27c718dd143b0f3f2021-12-21 10:43:58.444root 11241100x8000000000000000415832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b77864060174292021-12-21 10:43:58.444root 11241100x8000000000000000415833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9abac2553ef61e3b2021-12-21 10:43:58.444root 11241100x8000000000000000415834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.847974ade1b397db2021-12-21 10:43:58.444root 11241100x8000000000000000415835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e60ef5b2b376aee2021-12-21 10:43:58.445root 11241100x8000000000000000415836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf956a503940f9112021-12-21 10:43:58.445root 11241100x8000000000000000415837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b5029586b9a33c72021-12-21 10:43:58.445root 11241100x8000000000000000415838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39269c13268862c62021-12-21 10:43:58.445root 11241100x8000000000000000415839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1813cc9834f2df82021-12-21 10:43:58.446root 11241100x8000000000000000415840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56d376abe67a9c532021-12-21 10:43:58.446root 11241100x8000000000000000415841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e439e6662c8224032021-12-21 10:43:58.446root 11241100x8000000000000000415842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44d717952285a00d2021-12-21 10:43:58.447root 11241100x8000000000000000415843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a19b61e6cb9cb1dc2021-12-21 10:43:58.447root 11241100x8000000000000000415844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbfeb36ffa6556fd2021-12-21 10:43:58.448root 11241100x8000000000000000415845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bbbdb7084e743fa2021-12-21 10:43:58.448root 11241100x8000000000000000415846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e07ccca87f314dc2021-12-21 10:43:58.448root 11241100x8000000000000000415847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de65ad9edc7b65b92021-12-21 10:43:58.448root 11241100x8000000000000000415848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.add908448a445dc52021-12-21 10:43:58.448root 11241100x8000000000000000415849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3679f315b2a6af22021-12-21 10:43:58.449root 11241100x8000000000000000415850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb3208eb61bbabf2021-12-21 10:43:58.449root 11241100x8000000000000000415851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6123eafd94117c482021-12-21 10:43:58.449root 11241100x8000000000000000415852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43fd1886817aaa422021-12-21 10:43:58.449root 11241100x8000000000000000415853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29776123ce76a1352021-12-21 10:43:58.449root 11241100x8000000000000000415854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e0741579426d3162021-12-21 10:43:58.449root 11241100x8000000000000000415855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.954ddb469929b1882021-12-21 10:43:58.449root 11241100x8000000000000000415856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cbe4fec191814572021-12-21 10:43:58.450root 11241100x8000000000000000415857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7418b21c6af1a5f42021-12-21 10:43:58.450root 11241100x8000000000000000415858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a84606f029704a72021-12-21 10:43:58.450root 11241100x8000000000000000415859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.466e5e55af8bd44c2021-12-21 10:43:58.450root 11241100x8000000000000000415860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c8dd3029294b6702021-12-21 10:43:58.450root 11241100x8000000000000000415861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4240040a518c54752021-12-21 10:43:58.450root 11241100x8000000000000000415862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b935ccb1496cb22021-12-21 10:43:58.450root 11241100x8000000000000000415863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b16483c7b6f71522021-12-21 10:43:58.450root 11241100x8000000000000000415864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd4549eaf6a3eee2021-12-21 10:43:58.450root 11241100x8000000000000000415865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b3dacb887b8a822021-12-21 10:43:58.451root 11241100x8000000000000000415866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f717689c3817151f2021-12-21 10:43:58.452root 11241100x8000000000000000415867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c738d773566ba42021-12-21 10:43:58.452root 11241100x8000000000000000415868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3514245df629a602021-12-21 10:43:58.943root 11241100x8000000000000000415869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02a5a5a93e8304712021-12-21 10:43:58.943root 11241100x8000000000000000415870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ed0634c70783de62021-12-21 10:43:58.943root 11241100x8000000000000000415871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db5ac24cc6349862021-12-21 10:43:58.943root 11241100x8000000000000000415872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15de9dfeb81a798a2021-12-21 10:43:58.943root 11241100x8000000000000000415873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ada13152a0674f2021-12-21 10:43:58.943root 11241100x8000000000000000415874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c65222b3628289f2021-12-21 10:43:58.943root 11241100x8000000000000000415875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f6d29eaebe8c5412021-12-21 10:43:58.944root 11241100x8000000000000000415876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c114da59094f2c462021-12-21 10:43:58.944root 11241100x8000000000000000415877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645be8c68f2c866a2021-12-21 10:43:58.944root 11241100x8000000000000000415878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc0236fe9833a5e02021-12-21 10:43:58.944root 11241100x8000000000000000415879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e5cadb285b12f12021-12-21 10:43:58.944root 11241100x8000000000000000415880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f702327150585a82021-12-21 10:43:58.944root 11241100x8000000000000000415881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534f3c3daaacf1eb2021-12-21 10:43:58.944root 11241100x8000000000000000415882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85988b802121889c2021-12-21 10:43:58.944root 11241100x8000000000000000415883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96703556ed338f7e2021-12-21 10:43:58.945root 11241100x8000000000000000415884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b56e4d5b21fb0d402021-12-21 10:43:58.945root 11241100x8000000000000000415885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba8f81728e202c412021-12-21 10:43:58.945root 11241100x8000000000000000415886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7331039802e4f05f2021-12-21 10:43:58.945root 11241100x8000000000000000415887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6267a95ac4a6f8b2021-12-21 10:43:58.945root 11241100x8000000000000000415888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b22ff1fb5acbaf2021-12-21 10:43:58.945root 11241100x8000000000000000415889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9239d5fc88957d552021-12-21 10:43:58.945root 11241100x8000000000000000415890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e8a3fe4ca402ef52021-12-21 10:43:58.945root 11241100x8000000000000000415891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe521c19b1815102021-12-21 10:43:58.945root 11241100x8000000000000000415892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccfb4f8eb483f6752021-12-21 10:43:58.945root 11241100x8000000000000000415893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e408c1d4394ab5612021-12-21 10:43:58.945root 11241100x8000000000000000415894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b713c28f0dff10652021-12-21 10:43:58.945root 11241100x8000000000000000415895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f4666d4b28b3df2021-12-21 10:43:58.945root 11241100x8000000000000000415896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c79547f472a788082021-12-21 10:43:58.945root 11241100x8000000000000000415897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff28fefced0aae212021-12-21 10:43:58.945root 11241100x8000000000000000415898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66165021f69a14e62021-12-21 10:43:58.946root 11241100x8000000000000000415899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e664518576744c02021-12-21 10:43:58.946root 11241100x8000000000000000415900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6589886a0b212992021-12-21 10:43:58.946root 11241100x8000000000000000415901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.512fb5b7e6fcd7962021-12-21 10:43:58.946root 11241100x8000000000000000415902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1921673e2eca52a2021-12-21 10:43:58.946root 11241100x8000000000000000415903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d3a632fa464c3a2021-12-21 10:43:58.946root 11241100x8000000000000000415904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a5050a4a09429d2021-12-21 10:43:58.946root 11241100x8000000000000000415905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.149277f69726d8492021-12-21 10:43:58.946root 11241100x8000000000000000415906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a31313e13ecdd4d12021-12-21 10:43:58.946root 11241100x8000000000000000415907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b2b4d1153ab2842021-12-21 10:43:58.947root 11241100x8000000000000000415908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c312b80522c400d42021-12-21 10:43:58.947root 11241100x8000000000000000415909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a083124276b1f72021-12-21 10:43:58.947root 11241100x8000000000000000415910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f738ad0b386e7f662021-12-21 10:43:58.947root 11241100x8000000000000000415911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fd7e455f546ffc32021-12-21 10:43:58.947root 11241100x8000000000000000415912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a804adddbba1e42021-12-21 10:43:58.947root 11241100x8000000000000000415913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b83ab68ba1d51262021-12-21 10:43:58.947root 11241100x8000000000000000415914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1abbbc5b1a7494222021-12-21 10:43:58.947root 11241100x8000000000000000415915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a83c4ad0e37b67d2021-12-21 10:43:58.947root 11241100x8000000000000000415916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7ee76898860aa72021-12-21 10:43:58.948root 11241100x8000000000000000415917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca79b56167836cff2021-12-21 10:43:58.948root 11241100x8000000000000000415918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dabcb1b9673016e2021-12-21 10:43:58.948root 11241100x8000000000000000415919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e6fbda77e1da9602021-12-21 10:43:58.948root 11241100x8000000000000000415920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.348a191274c393b62021-12-21 10:43:58.948root 11241100x8000000000000000415921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c92c80d2c4eea32021-12-21 10:43:58.948root 11241100x8000000000000000415922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac6077683ef036d52021-12-21 10:43:58.948root 11241100x8000000000000000415923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69bf53b597900e3a2021-12-21 10:43:58.948root 11241100x8000000000000000415924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.317a765c55f25d4f2021-12-21 10:43:58.949root 11241100x8000000000000000415925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5a7a439a5eb8b4e2021-12-21 10:43:58.949root 11241100x8000000000000000415926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01795491b6ddfcb12021-12-21 10:43:58.949root 11241100x8000000000000000415927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aa03da472e59edd2021-12-21 10:43:58.949root 11241100x8000000000000000415928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.855be912bb4d8d252021-12-21 10:43:58.949root 11241100x8000000000000000415929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8b34094f60fd6712021-12-21 10:43:58.949root 11241100x8000000000000000415930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e227dd163e1b6c6f2021-12-21 10:43:58.949root 11241100x8000000000000000415931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b181f0def4352b262021-12-21 10:43:58.949root 11241100x8000000000000000415932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:58.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.751960ecf148f54e2021-12-21 10:43:58.950root 11241100x8000000000000000415933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b60fbb675dc4aab2021-12-21 10:43:59.443root 11241100x8000000000000000415934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e47b97a5d23b7d2021-12-21 10:43:59.443root 11241100x8000000000000000415935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09aef5a261a3d49d2021-12-21 10:43:59.443root 11241100x8000000000000000415936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.863b41d57a67c8b92021-12-21 10:43:59.443root 11241100x8000000000000000415937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.819504d75ad1b8412021-12-21 10:43:59.443root 11241100x8000000000000000415938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.770ac77fde21479e2021-12-21 10:43:59.443root 11241100x8000000000000000415939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc28e47203a94432021-12-21 10:43:59.443root 11241100x8000000000000000415940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3190fdd01342a0812021-12-21 10:43:59.444root 11241100x8000000000000000415941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b54e1fa3b642f6702021-12-21 10:43:59.444root 11241100x8000000000000000415942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96f381cf40144222021-12-21 10:43:59.444root 11241100x8000000000000000415943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e99fc4d7b0fa0a2021-12-21 10:43:59.444root 11241100x8000000000000000415944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53283be36a4393b82021-12-21 10:43:59.444root 11241100x8000000000000000415945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d29d70a2dafd962021-12-21 10:43:59.444root 11241100x8000000000000000415946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da94a3aa9697a672021-12-21 10:43:59.444root 11241100x8000000000000000415947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d88c850d3ced99612021-12-21 10:43:59.444root 11241100x8000000000000000415948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb0e2d31355ff872021-12-21 10:43:59.444root 11241100x8000000000000000415949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13047fa6b3dcdf572021-12-21 10:43:59.444root 11241100x8000000000000000415950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea2085780261c612021-12-21 10:43:59.444root 11241100x8000000000000000415951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.964b9c1073e15d5d2021-12-21 10:43:59.444root 11241100x8000000000000000415952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3af1ef752b5f552021-12-21 10:43:59.445root 11241100x8000000000000000415953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560158907f824bcf2021-12-21 10:43:59.445root 11241100x8000000000000000415954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8525b4da5a0b02282021-12-21 10:43:59.445root 11241100x8000000000000000415955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.072cf6bc68918f9b2021-12-21 10:43:59.445root 11241100x8000000000000000415956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9884971be5533112021-12-21 10:43:59.445root 11241100x8000000000000000415957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d43c8b8408d6169f2021-12-21 10:43:59.445root 11241100x8000000000000000415958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37d262bf74af6442021-12-21 10:43:59.445root 11241100x8000000000000000415959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.582b639cdcd6944f2021-12-21 10:43:59.445root 11241100x8000000000000000415960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e821b994c2f85dab2021-12-21 10:43:59.445root 11241100x8000000000000000415961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.393001078c16ffad2021-12-21 10:43:59.445root 11241100x8000000000000000415962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.687ca4d0316f8c252021-12-21 10:43:59.446root 11241100x8000000000000000415963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c2580941cbffd42021-12-21 10:43:59.446root 11241100x8000000000000000415964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3809c1f099d86cb2021-12-21 10:43:59.446root 11241100x8000000000000000415965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d076542afaffcfcc2021-12-21 10:43:59.446root 11241100x8000000000000000415966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af45f4027f4ba732021-12-21 10:43:59.446root 11241100x8000000000000000415967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4325631dd603ed2021-12-21 10:43:59.446root 11241100x8000000000000000415968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670ef5793100ac8f2021-12-21 10:43:59.446root 11241100x8000000000000000415969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0a571a6e4b1197d2021-12-21 10:43:59.446root 11241100x8000000000000000415970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04862becd32fb2e12021-12-21 10:43:59.446root 11241100x8000000000000000415971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87309005d87804012021-12-21 10:43:59.446root 11241100x8000000000000000415972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe13e8c6dfc12dd2021-12-21 10:43:59.447root 11241100x8000000000000000415973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d4e504e19924f02021-12-21 10:43:59.447root 11241100x8000000000000000415974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7680c41e90734c072021-12-21 10:43:59.447root 11241100x8000000000000000415975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d06d24ec27fdc372021-12-21 10:43:59.447root 11241100x8000000000000000415976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.895a751bb5f294e32021-12-21 10:43:59.447root 11241100x8000000000000000415977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfcacbf9971bb4362021-12-21 10:43:59.447root 11241100x8000000000000000415978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a91b35f8f312f9332021-12-21 10:43:59.447root 11241100x8000000000000000415979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97335080cf12c94e2021-12-21 10:43:59.447root 11241100x8000000000000000415980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a4ca2291bf122f2021-12-21 10:43:59.447root 11241100x8000000000000000415981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.528ff015db95cee42021-12-21 10:43:59.448root 11241100x8000000000000000415982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071aa527947eeaf72021-12-21 10:43:59.448root 11241100x8000000000000000415983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0509f68e09e7e2a2021-12-21 10:43:59.448root 11241100x8000000000000000415984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14555e4e1382aaa32021-12-21 10:43:59.943root 11241100x8000000000000000415985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4500499017f4222021-12-21 10:43:59.943root 11241100x8000000000000000415986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e51311b52c313c1e2021-12-21 10:43:59.943root 11241100x8000000000000000415987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc44488b3a2128182021-12-21 10:43:59.943root 11241100x8000000000000000415988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a153cb0e3a9ad0602021-12-21 10:43:59.943root 11241100x8000000000000000415989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a9de8daa03ad37a2021-12-21 10:43:59.943root 11241100x8000000000000000415990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b70a27f2f938c7f2021-12-21 10:43:59.943root 11241100x8000000000000000415991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04340f31a95fceee2021-12-21 10:43:59.944root 11241100x8000000000000000415992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7dafacbe1bfd1742021-12-21 10:43:59.944root 11241100x8000000000000000415993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20f446b6082705582021-12-21 10:43:59.944root 11241100x8000000000000000415994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43ee9f75c3f4ddfa2021-12-21 10:43:59.944root 11241100x8000000000000000415995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e59fe3fb8e7e492021-12-21 10:43:59.944root 11241100x8000000000000000415996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8c53668104559bd2021-12-21 10:43:59.944root 11241100x8000000000000000415997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cacc862d446b68392021-12-21 10:43:59.944root 11241100x8000000000000000415998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2558a4fdd071b8092021-12-21 10:43:59.944root 11241100x8000000000000000415999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4168c65917e7fe82021-12-21 10:43:59.944root 11241100x8000000000000000416000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e72e8f8bcc8cc3e22021-12-21 10:43:59.944root 11241100x8000000000000000416001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75dd53317e422f9f2021-12-21 10:43:59.945root 11241100x8000000000000000416002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd088c29cc85ecb62021-12-21 10:43:59.945root 11241100x8000000000000000416003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b8386b6192a374a2021-12-21 10:43:59.945root 11241100x8000000000000000416004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8423d54919d743822021-12-21 10:43:59.945root 11241100x8000000000000000416005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6134ffe712c291d2021-12-21 10:43:59.945root 11241100x8000000000000000416006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f962c3b32f262e2021-12-21 10:43:59.945root 11241100x8000000000000000416007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0354fe0570d9c7ac2021-12-21 10:43:59.945root 11241100x8000000000000000416008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c01e311e48b77c052021-12-21 10:43:59.945root 11241100x8000000000000000416009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eae5bd6e14067462021-12-21 10:43:59.945root 11241100x8000000000000000416010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f1a75a12bb924612021-12-21 10:43:59.945root 11241100x8000000000000000416011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24cecaf438f47acb2021-12-21 10:43:59.945root 11241100x8000000000000000416012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f4be5318d595352021-12-21 10:43:59.945root 11241100x8000000000000000416013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb45759c9a97f292021-12-21 10:43:59.946root 11241100x8000000000000000416014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be07cef2484f63c2021-12-21 10:43:59.946root 11241100x8000000000000000416015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.842b0b2129c0c2702021-12-21 10:43:59.946root 11241100x8000000000000000416016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d5cc15ff9e8afb2021-12-21 10:43:59.946root 11241100x8000000000000000416017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3832769b41ee58f92021-12-21 10:43:59.946root 11241100x8000000000000000416018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.390b71024ba668e32021-12-21 10:43:59.947root 11241100x8000000000000000416019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a911805f380d0842021-12-21 10:43:59.947root 11241100x8000000000000000416020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b307698d1ad9dde2021-12-21 10:43:59.947root 11241100x8000000000000000416021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a369967cd085945e2021-12-21 10:43:59.947root 11241100x8000000000000000416022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9326f1e3528d02b92021-12-21 10:43:59.947root 11241100x8000000000000000416023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ef67db29758b412021-12-21 10:43:59.947root 11241100x8000000000000000416024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e031b59458b2932021-12-21 10:43:59.947root 11241100x8000000000000000416025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c419b7830dddea2021-12-21 10:43:59.947root 11241100x8000000000000000416026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf49680a12be90e62021-12-21 10:43:59.947root 11241100x8000000000000000416027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b08b6832276deae2021-12-21 10:43:59.948root 11241100x8000000000000000416028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9907d2070343b5d12021-12-21 10:43:59.948root 11241100x8000000000000000416029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13aec6a48968e9ce2021-12-21 10:43:59.948root 11241100x8000000000000000416030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9df9cc93cb66ec62021-12-21 10:43:59.948root 11241100x8000000000000000416031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.501398c0873022c32021-12-21 10:43:59.949root 11241100x8000000000000000416032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3275002d120456a2021-12-21 10:43:59.949root 11241100x8000000000000000416033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee319d4e88fbf4c92021-12-21 10:43:59.949root 11241100x8000000000000000416034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d4e2e9c7b224eb2021-12-21 10:43:59.949root 11241100x8000000000000000416035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a75a017108ed1e2021-12-21 10:43:59.949root 11241100x8000000000000000416036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6fe9d9ee4f8a5832021-12-21 10:43:59.949root 11241100x8000000000000000416037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1589352aaf9502e2021-12-21 10:43:59.949root 11241100x8000000000000000416038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b03d690f18551d2021-12-21 10:43:59.949root 11241100x8000000000000000416039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf6fc7e50a76a5f2021-12-21 10:43:59.949root 11241100x8000000000000000416040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f119a33717bccd02021-12-21 10:43:59.950root 11241100x8000000000000000416041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c24e4021517bf4d92021-12-21 10:43:59.950root 11241100x8000000000000000416042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e732d323be54e272021-12-21 10:43:59.950root 11241100x8000000000000000416043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba984bac7ea33d5d2021-12-21 10:43:59.950root 11241100x8000000000000000416044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.083793673ef060ae2021-12-21 10:43:59.950root 11241100x8000000000000000416045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebe1f53c0b39f8c62021-12-21 10:43:59.950root 11241100x8000000000000000416046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee9534e40662d9e2021-12-21 10:43:59.950root 11241100x8000000000000000416047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:43:59.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db108faaad14fb0f2021-12-21 10:43:59.950root 11241100x8000000000000000416048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c2d9e8a51776c82021-12-21 10:44:00.443root 11241100x8000000000000000416049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48cc1752323add472021-12-21 10:44:00.443root 11241100x8000000000000000416050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e8f507c5162ecff2021-12-21 10:44:00.443root 11241100x8000000000000000416051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aeee6b25d67c3042021-12-21 10:44:00.444root 11241100x8000000000000000416052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e00937ba960870212021-12-21 10:44:00.444root 11241100x8000000000000000416053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85154541de6368232021-12-21 10:44:00.444root 11241100x8000000000000000416054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d74d7bf16915572021-12-21 10:44:00.444root 11241100x8000000000000000416055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d84888a3fbbc0b2021-12-21 10:44:00.444root 11241100x8000000000000000416056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c7724a9e1bc6e252021-12-21 10:44:00.444root 11241100x8000000000000000416057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7784d628ec7e0552021-12-21 10:44:00.444root 11241100x8000000000000000416058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a86ccd0c0a8c65ae2021-12-21 10:44:00.444root 11241100x8000000000000000416059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e9d0ddfbc0ea5d02021-12-21 10:44:00.444root 11241100x8000000000000000416060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b67965f5b4664af92021-12-21 10:44:00.444root 354300x8000000000000000416099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:01.142{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47522-false10.0.1.12-8000- 11241100x8000000000000000416100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:01.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e184281a763d93ee2021-12-21 10:44:01.442root 11241100x8000000000000000416101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:01.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.246f7ac23b0a58f22021-12-21 10:44:01.942root 11241100x8000000000000000416102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:02.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.234045d1e61c4a952021-12-21 10:44:02.442root 11241100x8000000000000000416103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:02.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2287124f2141182c2021-12-21 10:44:02.942root 11241100x8000000000000000416104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:03.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0834da187c8153fb2021-12-21 10:44:03.442root 11241100x8000000000000000416105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:03.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb0aaf7a9fdd45ca2021-12-21 10:44:03.942root 11241100x8000000000000000416106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:04.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be767c19609ee4a42021-12-21 10:44:04.442root 11241100x8000000000000000416107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:04.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b32505aacbf0d1b2021-12-21 10:44:04.942root 11241100x8000000000000000416108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:05.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c04bfc76167261c2021-12-21 10:44:05.442root 11241100x8000000000000000416109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:05.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e0051a14834b5142021-12-21 10:44:05.942root 11241100x8000000000000000416110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:06.342{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 10:44:06.342root 11241100x8000000000000000416111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:06.343{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3943c59eeb1fcd4e2021-12-21 10:44:06.343root 11241100x8000000000000000416112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:06.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd3332c971c80ef62021-12-21 10:44:06.692root 11241100x8000000000000000416113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.220a773cc1338c662021-12-21 10:44:06.693root 354300x8000000000000000416114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:07.101{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47524-false10.0.1.12-8000- 11241100x8000000000000000416115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:07.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dce3c446605df0f2021-12-21 10:44:07.101root 11241100x8000000000000000416116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:07.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fcd9aa6f27baa462021-12-21 10:44:07.101root 11241100x8000000000000000416117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:07.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc712b1bf3a94232021-12-21 10:44:07.442root 11241100x8000000000000000416118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.288625022af607f72021-12-21 10:44:07.443root 11241100x8000000000000000416119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44e22c02d227c2432021-12-21 10:44:07.443root 11241100x8000000000000000416120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8284a710006f6c42021-12-21 10:44:07.943root 11241100x8000000000000000416121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb3156ec0a593c842021-12-21 10:44:07.943root 11241100x8000000000000000416122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140f35d6280bc1ec2021-12-21 10:44:07.943root 11241100x8000000000000000416123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:08.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c81a3f05aa5d8c2021-12-21 10:44:08.442root 11241100x8000000000000000416124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da8b6f2c24a236d2021-12-21 10:44:08.443root 11241100x8000000000000000416125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b394eb0e6d631612021-12-21 10:44:08.443root 11241100x8000000000000000416126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:08.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee803cfeb1fae1c2021-12-21 10:44:08.942root 11241100x8000000000000000416127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2439ae2c88fd35b42021-12-21 10:44:08.943root 11241100x8000000000000000416128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e76393020c4354ca2021-12-21 10:44:08.943root 23542300x8000000000000000416129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:09.220{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000416130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:09.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fd57fbd4c40013a2021-12-21 10:44:09.221root 11241100x8000000000000000416131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:09.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0a18ce05131fa12021-12-21 10:44:09.221root 11241100x8000000000000000416132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:09.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7377e074c81df0f72021-12-21 10:44:09.221root 11241100x8000000000000000416133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:09.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f350e4736c2298472021-12-21 10:44:09.221root 11241100x8000000000000000416134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600f1dc59e628e3a2021-12-21 10:44:09.693root 11241100x8000000000000000416135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e52682967667572021-12-21 10:44:09.693root 11241100x8000000000000000416136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c1506363b02e75f2021-12-21 10:44:09.693root 11241100x8000000000000000416137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab9384019b9df5de2021-12-21 10:44:09.693root 11241100x8000000000000000416138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:10.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9267d61e584bf7f52021-12-21 10:44:10.192root 11241100x8000000000000000416139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b7986b70adf6ce82021-12-21 10:44:10.193root 11241100x8000000000000000416140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d27ed7fb43bd9a92021-12-21 10:44:10.193root 11241100x8000000000000000416141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae72ddac39bee622021-12-21 10:44:10.193root 11241100x8000000000000000416142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:10.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd934da2ab75fb42021-12-21 10:44:10.692root 11241100x8000000000000000416143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19c00d8b387bf7832021-12-21 10:44:10.693root 11241100x8000000000000000416144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08ac12613e047782021-12-21 10:44:10.693root 11241100x8000000000000000416145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b3552add041b0f2021-12-21 10:44:10.693root 11241100x8000000000000000416146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:11.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32e0ad4aadb46acf2021-12-21 10:44:11.192root 11241100x8000000000000000416147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e0d7d992793f73f2021-12-21 10:44:11.193root 11241100x8000000000000000416148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da6fcdabec3e5cc2021-12-21 10:44:11.193root 11241100x8000000000000000416149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd58d5584803413d2021-12-21 10:44:11.193root 11241100x8000000000000000416150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:11.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39721acca80f5c3f2021-12-21 10:44:11.692root 11241100x8000000000000000416151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4163e5f640414cfd2021-12-21 10:44:11.693root 11241100x8000000000000000416152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071be77da2dddb702021-12-21 10:44:11.693root 11241100x8000000000000000416153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc03165c27be8232021-12-21 10:44:11.693root 354300x8000000000000000416154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:12.144{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47526-false10.0.1.12-8000- 11241100x8000000000000000416155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:12.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a181cc6cdaa0d7b12021-12-21 10:44:12.145root 11241100x8000000000000000416156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:12.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45950ad92274c15c2021-12-21 10:44:12.145root 11241100x8000000000000000416157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:12.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c8f32d952b07b6e2021-12-21 10:44:12.145root 11241100x8000000000000000416158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:12.146{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37ba62ca3d34460a2021-12-21 10:44:12.146root 11241100x8000000000000000416159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:12.146{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c16f556ff7034b002021-12-21 10:44:12.146root 11241100x8000000000000000416160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:12.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed1db31066a8cb52021-12-21 10:44:12.442root 11241100x8000000000000000416161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f82c2d89faeb362021-12-21 10:44:12.443root 11241100x8000000000000000416162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82782abf594a17282021-12-21 10:44:12.443root 11241100x8000000000000000416163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c211483baf1ca12021-12-21 10:44:12.443root 11241100x8000000000000000416164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6863082a130815e2021-12-21 10:44:12.443root 11241100x8000000000000000416165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def50a3343b5a3a02021-12-21 10:44:12.943root 11241100x8000000000000000416166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dbc979eda24b5d42021-12-21 10:44:12.943root 11241100x8000000000000000416167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195d4fe8f2f989102021-12-21 10:44:12.943root 11241100x8000000000000000416168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e3a73c4103208802021-12-21 10:44:12.943root 11241100x8000000000000000416169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c3c44bb25f4ba582021-12-21 10:44:12.943root 11241100x8000000000000000416170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:13.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a75791faf012a872021-12-21 10:44:13.442root 11241100x8000000000000000416171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c161b3efc31b146c2021-12-21 10:44:13.443root 11241100x8000000000000000416172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f0c4f08d9ff9182021-12-21 10:44:13.443root 11241100x8000000000000000416173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07ee43df0e8c02bc2021-12-21 10:44:13.443root 11241100x8000000000000000416174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c26c77fb8971a652021-12-21 10:44:13.443root 11241100x8000000000000000416175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13868acaeb158aae2021-12-21 10:44:13.943root 11241100x8000000000000000416176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.286f5515e3d3ef202021-12-21 10:44:13.943root 11241100x8000000000000000416177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd706c3b830107192021-12-21 10:44:13.943root 11241100x8000000000000000416178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653d48e97f1fb9582021-12-21 10:44:13.943root 11241100x8000000000000000416179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.776601dc1083f66d2021-12-21 10:44:13.943root 11241100x8000000000000000416180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:14.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d7a8248eb4443a2021-12-21 10:44:14.442root 11241100x8000000000000000416181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c0fd6c3fa3492a2021-12-21 10:44:14.443root 11241100x8000000000000000416182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7600ed37b542502a2021-12-21 10:44:14.443root 11241100x8000000000000000416183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56028090e6e17c612021-12-21 10:44:14.443root 11241100x8000000000000000416184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc282017c98b1ea62021-12-21 10:44:14.443root 11241100x8000000000000000416185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91cc859f6a710212021-12-21 10:44:14.943root 11241100x8000000000000000416186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc3c2f1059722802021-12-21 10:44:14.943root 11241100x8000000000000000416187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.615f3b59be6371e62021-12-21 10:44:14.943root 11241100x8000000000000000416188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f45cd0c3ac416eb2021-12-21 10:44:14.943root 11241100x8000000000000000416189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ccce54887a15b592021-12-21 10:44:14.943root 11241100x8000000000000000416190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:15.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b95f89983356a562021-12-21 10:44:15.442root 11241100x8000000000000000416191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f177ee254726508f2021-12-21 10:44:15.443root 11241100x8000000000000000416192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d171e5401655a2eb2021-12-21 10:44:15.443root 11241100x8000000000000000416193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d60c332fdad80942021-12-21 10:44:15.443root 11241100x8000000000000000416194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a00dfa843ef60cb82021-12-21 10:44:15.443root 11241100x8000000000000000416195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69a133aae75130212021-12-21 10:44:15.943root 11241100x8000000000000000416196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33f3cd0892f717a32021-12-21 10:44:15.943root 11241100x8000000000000000416197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff393e745521bc692021-12-21 10:44:15.943root 11241100x8000000000000000416198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e6911221f9692de2021-12-21 10:44:15.943root 11241100x8000000000000000416199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3ca4b7430ebf2972021-12-21 10:44:15.943root 11241100x8000000000000000416200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1de6616ebf221bdd2021-12-21 10:44:16.443root 11241100x8000000000000000416201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db7c8c581ecf6ba2021-12-21 10:44:16.443root 11241100x8000000000000000416202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8967b67b0ead6af92021-12-21 10:44:16.443root 11241100x8000000000000000416203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463d0e3e2b73294e2021-12-21 10:44:16.443root 11241100x8000000000000000416204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926b7330a3c883ed2021-12-21 10:44:16.443root 11241100x8000000000000000416205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa887d319d75c4412021-12-21 10:44:16.943root 11241100x8000000000000000416206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e46106ee2398152021-12-21 10:44:16.943root 11241100x8000000000000000416207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.726823c85ee321fe2021-12-21 10:44:16.943root 11241100x8000000000000000416208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d82c387f7c808a862021-12-21 10:44:16.943root 11241100x8000000000000000416209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c4362176327c73b2021-12-21 10:44:16.943root 11241100x8000000000000000416210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a973ecd0a141c52021-12-21 10:44:17.443root 11241100x8000000000000000416211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acc238e5e4b6a59c2021-12-21 10:44:17.443root 11241100x8000000000000000416212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b33089ea1d8d792021-12-21 10:44:17.443root 11241100x8000000000000000416213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fff730f43992f562021-12-21 10:44:17.443root 11241100x8000000000000000416214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97585bc460c02b4f2021-12-21 10:44:17.443root 11241100x8000000000000000416215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3bb17d0633a522e2021-12-21 10:44:17.943root 11241100x8000000000000000416216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acdb00e3fdaa05cd2021-12-21 10:44:17.943root 11241100x8000000000000000416217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3555f62b21bc1a462021-12-21 10:44:17.943root 11241100x8000000000000000416218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac9e549cdb258a22021-12-21 10:44:17.943root 11241100x8000000000000000416219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5210245bb6f3f38f2021-12-21 10:44:17.943root 354300x8000000000000000416220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:18.040{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47528-false10.0.1.12-8000- 11241100x8000000000000000416221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.069433d75c4ed1de2021-12-21 10:44:18.443root 11241100x8000000000000000416222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d77bd4df40d46ead2021-12-21 10:44:18.443root 11241100x8000000000000000416223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a958065d18c391a2021-12-21 10:44:18.443root 11241100x8000000000000000416224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a31d89efccfccb4c2021-12-21 10:44:18.443root 11241100x8000000000000000416225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fed48a12a2d712322021-12-21 10:44:18.443root 11241100x8000000000000000416226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62874b440eabecb52021-12-21 10:44:18.443root 11241100x8000000000000000416227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87c956d97d608622021-12-21 10:44:18.943root 11241100x8000000000000000416228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e63656531827df092021-12-21 10:44:18.943root 11241100x8000000000000000416229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50533d5d0229bc6b2021-12-21 10:44:18.943root 11241100x8000000000000000416230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ccb762c38993502021-12-21 10:44:18.943root 11241100x8000000000000000416231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c2d2c166498dd52021-12-21 10:44:18.943root 11241100x8000000000000000416232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95899cf4cafb8fc52021-12-21 10:44:18.943root 11241100x8000000000000000416233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a25bdba81ccfddcd2021-12-21 10:44:19.443root 11241100x8000000000000000416234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a25aa037f7ea63062021-12-21 10:44:19.443root 11241100x8000000000000000416235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9258f81589c8e2322021-12-21 10:44:19.443root 11241100x8000000000000000416236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.473b8959cbfa938a2021-12-21 10:44:19.443root 11241100x8000000000000000416237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.528e0126eca688ca2021-12-21 10:44:19.443root 11241100x8000000000000000416238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df09cb3eac3efab2021-12-21 10:44:19.443root 11241100x8000000000000000416239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ece47d343b62abd32021-12-21 10:44:19.943root 11241100x8000000000000000416240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0175d39c7524ae092021-12-21 10:44:19.943root 11241100x8000000000000000416241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d327724a984f26f62021-12-21 10:44:19.943root 11241100x8000000000000000416242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83b4d33c427b61382021-12-21 10:44:19.943root 11241100x8000000000000000416243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c6c9a1dc4252bd62021-12-21 10:44:19.943root 11241100x8000000000000000416244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.216a410185d899b02021-12-21 10:44:19.943root 11241100x8000000000000000416245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:20.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf3fc14103b12d9a2021-12-21 10:44:20.442root 11241100x8000000000000000416246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff4d0c356b08cde2021-12-21 10:44:20.443root 11241100x8000000000000000416247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bfc5ee6f98835ca2021-12-21 10:44:20.443root 11241100x8000000000000000416248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fea5f3b5c39b88f2021-12-21 10:44:20.443root 11241100x8000000000000000416249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d71a20b157ff0cf2021-12-21 10:44:20.443root 11241100x8000000000000000416250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8a58e0b033c40c72021-12-21 10:44:20.443root 11241100x8000000000000000416251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:20.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d39ad607b0d51b8a2021-12-21 10:44:20.942root 11241100x8000000000000000416252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0efe89917066c5352021-12-21 10:44:20.943root 11241100x8000000000000000416253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c0cbdbd663de592021-12-21 10:44:20.943root 11241100x8000000000000000416254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f78a89bffa0570d2021-12-21 10:44:20.943root 11241100x8000000000000000416255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e520a8d61bb25c02021-12-21 10:44:20.943root 11241100x8000000000000000416256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c90dd0cca6a3c15c2021-12-21 10:44:20.943root 11241100x8000000000000000416257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3355afee4e76bf212021-12-21 10:44:21.443root 11241100x8000000000000000416258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d8d4d03aa63593d2021-12-21 10:44:21.443root 11241100x8000000000000000416259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49949383b4ad9f552021-12-21 10:44:21.443root 11241100x8000000000000000416260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19b51837ec9ca7d42021-12-21 10:44:21.443root 11241100x8000000000000000416261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b10415c473e2a3f12021-12-21 10:44:21.443root 11241100x8000000000000000416262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd1bd77fa5e53f862021-12-21 10:44:21.443root 11241100x8000000000000000416263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d1414b1d0a2fa12021-12-21 10:44:21.943root 11241100x8000000000000000416264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8985144163043982021-12-21 10:44:21.943root 11241100x8000000000000000416265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c12cb09e84d9ce2021-12-21 10:44:21.943root 11241100x8000000000000000416266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c9ddd1c8f4d4712021-12-21 10:44:21.943root 11241100x8000000000000000416267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f6358bee6d5cf02021-12-21 10:44:21.943root 11241100x8000000000000000416268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.975a8b25de627fae2021-12-21 10:44:21.943root 11241100x8000000000000000416269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ca24f81b02813f12021-12-21 10:44:22.443root 11241100x8000000000000000416270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bef1a5c81fbd77602021-12-21 10:44:22.443root 11241100x8000000000000000416271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4324f448c2a5cfaa2021-12-21 10:44:22.443root 11241100x8000000000000000416272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52aaaa1ae81a74792021-12-21 10:44:22.443root 11241100x8000000000000000416273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6036f3ad5c9cdd62021-12-21 10:44:22.443root 11241100x8000000000000000416274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.891d98ffbf32fbd12021-12-21 10:44:22.443root 11241100x8000000000000000416275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:22.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.923a73a2d1c740602021-12-21 10:44:22.942root 11241100x8000000000000000416276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7321c7156f5de67e2021-12-21 10:44:22.943root 11241100x8000000000000000416277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ef3d811fc770522021-12-21 10:44:22.943root 11241100x8000000000000000416278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b5e61e1c9381db2021-12-21 10:44:22.943root 11241100x8000000000000000416279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b040786d60e6232021-12-21 10:44:22.943root 11241100x8000000000000000416280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c11c5ef062989ebe2021-12-21 10:44:22.943root 11241100x8000000000000000416281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e7f43ef16b319e2021-12-21 10:44:23.443root 11241100x8000000000000000416282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b97806b3ca59cb92021-12-21 10:44:23.443root 11241100x8000000000000000416283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09e1aa3683a7c8742021-12-21 10:44:23.443root 11241100x8000000000000000416284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a384e23c38edf62f2021-12-21 10:44:23.443root 11241100x8000000000000000416285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f15ade215bf17f42021-12-21 10:44:23.443root 11241100x8000000000000000416286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.089499a6784ce84d2021-12-21 10:44:23.443root 11241100x8000000000000000416287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5714dcd67615c1bf2021-12-21 10:44:23.943root 11241100x8000000000000000416288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e625926f7ce1732021-12-21 10:44:23.943root 11241100x8000000000000000416289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccf941ac5ffaeee82021-12-21 10:44:23.943root 11241100x8000000000000000416290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3dffe7feb8edcc82021-12-21 10:44:23.943root 11241100x8000000000000000416291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ccee85d71167552021-12-21 10:44:23.943root 11241100x8000000000000000416292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ec02134b6b2b0ba2021-12-21 10:44:23.943root 354300x8000000000000000416293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:24.025{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47530-false10.0.1.12-8000- 11241100x8000000000000000416294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc33e70211ff536f2021-12-21 10:44:24.443root 11241100x8000000000000000416295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da4c71aa751a96a02021-12-21 10:44:24.443root 11241100x8000000000000000416296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.025229b802e9d8d22021-12-21 10:44:24.443root 11241100x8000000000000000416297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4862cbc22932d132021-12-21 10:44:24.443root 11241100x8000000000000000416298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5815cce35709716a2021-12-21 10:44:24.444root 11241100x8000000000000000416299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb37bd5f70aaeeb52021-12-21 10:44:24.444root 11241100x8000000000000000416300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c1399f18f3855c62021-12-21 10:44:24.444root 11241100x8000000000000000416301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.665453ed1d7e1e382021-12-21 10:44:24.943root 11241100x8000000000000000416302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63c7ff316e6335ec2021-12-21 10:44:24.943root 11241100x8000000000000000416303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c887744cdb67825e2021-12-21 10:44:24.943root 11241100x8000000000000000416304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f00de54a75bcdc122021-12-21 10:44:24.943root 11241100x8000000000000000416305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.356718e3d466f2972021-12-21 10:44:24.943root 11241100x8000000000000000416306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5be8811da91a0a2021-12-21 10:44:24.943root 11241100x8000000000000000416307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e923b400200436f32021-12-21 10:44:24.943root 354300x8000000000000000416308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:25.217{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-34596-false10.0.1.12-8089- 11241100x8000000000000000416309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:25.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.befdcd9ced206b302021-12-21 10:44:25.217root 11241100x8000000000000000416310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:25.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.119f1e3e5e8f5a842021-12-21 10:44:25.217root 11241100x8000000000000000416311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:25.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8d7b6abc57b4da2021-12-21 10:44:25.217root 11241100x8000000000000000416312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:25.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a3953526f8ab8462021-12-21 10:44:25.218root 11241100x8000000000000000416313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:25.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c26c4af1e550c0702021-12-21 10:44:25.218root 11241100x8000000000000000416314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:25.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b149c39c93dd695e2021-12-21 10:44:25.218root 11241100x8000000000000000416315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:25.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42548e25ae607afd2021-12-21 10:44:25.218root 11241100x8000000000000000416316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:25.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a851c8ad0a3b3a62021-12-21 10:44:25.218root 11241100x8000000000000000416317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3951000a234059b2021-12-21 10:44:25.693root 11241100x8000000000000000416318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9298e623699582372021-12-21 10:44:25.693root 11241100x8000000000000000416319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd16cae1417670a82021-12-21 10:44:25.693root 11241100x8000000000000000416320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7069eaa255a24a252021-12-21 10:44:25.693root 11241100x8000000000000000416321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee452168558d4122021-12-21 10:44:25.693root 11241100x8000000000000000416322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7a3499c3c776d202021-12-21 10:44:25.693root 11241100x8000000000000000416323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b26f52d5f4f2a4ad2021-12-21 10:44:25.693root 11241100x8000000000000000416324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c9471af07d6d302021-12-21 10:44:25.693root 11241100x8000000000000000416325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:26.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37041f986b1c0d9d2021-12-21 10:44:26.193root 11241100x8000000000000000416326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:26.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb00b7ad86676032021-12-21 10:44:26.193root 11241100x8000000000000000416327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:26.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.148abfbf9a6c3a282021-12-21 10:44:26.193root 11241100x8000000000000000416328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:26.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a13a19c53ca15b2021-12-21 10:44:26.193root 11241100x8000000000000000416329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:26.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2063d406cfe8cb02021-12-21 10:44:26.193root 11241100x8000000000000000416330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:26.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.021f833ef6bb94ed2021-12-21 10:44:26.193root 11241100x8000000000000000416331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:26.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc75264cd9d4e3f92021-12-21 10:44:26.193root 11241100x8000000000000000416332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:26.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.550a205d8163b6452021-12-21 10:44:26.193root 11241100x8000000000000000416333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96106e05aaf36b9d2021-12-21 10:44:26.693root 11241100x8000000000000000416334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.026c92cb342b53192021-12-21 10:44:26.693root 11241100x8000000000000000416335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f5235fabd14e3f2021-12-21 10:44:26.693root 11241100x8000000000000000416336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a216204b2a7cf6a2021-12-21 10:44:26.693root 11241100x8000000000000000416337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bed871c07e39c012021-12-21 10:44:26.693root 11241100x8000000000000000416338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.827113b5602272252021-12-21 10:44:26.693root 11241100x8000000000000000416339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c24f443a7f10cea2021-12-21 10:44:26.693root 11241100x8000000000000000416340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de64f2f16d54d642021-12-21 10:44:26.693root 11241100x8000000000000000416341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6545c9783a22700b2021-12-21 10:44:27.193root 11241100x8000000000000000416342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fed2a7c26b5e7c512021-12-21 10:44:27.193root 11241100x8000000000000000416343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c94c8a48518b802021-12-21 10:44:27.193root 11241100x8000000000000000416344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a6c63243de0e5632021-12-21 10:44:27.193root 11241100x8000000000000000416345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbef61599e5162722021-12-21 10:44:27.193root 11241100x8000000000000000416346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.191204d171b5d5182021-12-21 10:44:27.193root 11241100x8000000000000000416347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.275046d113806bd72021-12-21 10:44:27.194root 11241100x8000000000000000416348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d8f442574668a762021-12-21 10:44:27.194root 11241100x8000000000000000416349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a92af749a16e2b82021-12-21 10:44:27.693root 11241100x8000000000000000416350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1798fb12ea901c0c2021-12-21 10:44:27.693root 11241100x8000000000000000416351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9559ce95972b5e302021-12-21 10:44:27.693root 11241100x8000000000000000416352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.912edae6c0f95e312021-12-21 10:44:27.693root 11241100x8000000000000000416353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8042087ee41d5fa82021-12-21 10:44:27.693root 11241100x8000000000000000416354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab1ce9f882b83c3d2021-12-21 10:44:27.693root 11241100x8000000000000000416355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4238e7976218b062021-12-21 10:44:27.693root 11241100x8000000000000000416356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9b0fdc367aaf9da2021-12-21 10:44:27.693root 11241100x8000000000000000416357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d08471a91dc669402021-12-21 10:44:28.193root 11241100x8000000000000000416358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf8f08d00dbdbff2021-12-21 10:44:28.193root 11241100x8000000000000000416359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10646eb4de8848d82021-12-21 10:44:28.193root 11241100x8000000000000000416360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1907fcd3894ad3272021-12-21 10:44:28.193root 11241100x8000000000000000416361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7b55f839050ee82021-12-21 10:44:28.193root 11241100x8000000000000000416362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25710d7af8a8262b2021-12-21 10:44:28.194root 11241100x8000000000000000416363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb07975e73632e32021-12-21 10:44:28.194root 11241100x8000000000000000416364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e787b42a19e366552021-12-21 10:44:28.194root 11241100x8000000000000000416365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d657bf8508680c762021-12-21 10:44:28.693root 11241100x8000000000000000416366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4cfb26f4de2c1452021-12-21 10:44:28.693root 11241100x8000000000000000416367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.105f888f537e439b2021-12-21 10:44:28.693root 11241100x8000000000000000416368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1764b9a905506c3e2021-12-21 10:44:28.693root 11241100x8000000000000000416369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f27a3e66c0f0a9e42021-12-21 10:44:28.693root 11241100x8000000000000000416370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de7dcd852dcc09b72021-12-21 10:44:28.693root 11241100x8000000000000000416371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0d4832d38875f02021-12-21 10:44:28.693root 11241100x8000000000000000416372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8462c0ceb50fd6722021-12-21 10:44:28.693root 354300x8000000000000000416373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:29.145{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47534-false10.0.1.12-8000- 11241100x8000000000000000416374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:29.146{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e98ec102b53aa0442021-12-21 10:44:29.146root 11241100x8000000000000000416375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:29.146{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe8bc1cc8bad0ef2021-12-21 10:44:29.146root 11241100x8000000000000000416376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:29.146{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0af6cb034614ea2021-12-21 10:44:29.146root 11241100x8000000000000000416377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:29.146{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d25029c05e7abc832021-12-21 10:44:29.146root 11241100x8000000000000000416378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:29.146{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e6c6c4d01da5262021-12-21 10:44:29.146root 11241100x8000000000000000416379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:29.147{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8b6c1864088e3ae2021-12-21 10:44:29.147root 11241100x8000000000000000416380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:29.147{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ddc29d500f48212021-12-21 10:44:29.147root 11241100x8000000000000000416381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:29.147{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f999c43c5a3ca232021-12-21 10:44:29.147root 11241100x8000000000000000416382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:29.147{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5773aea3e4187942021-12-21 10:44:29.147root 11241100x8000000000000000416383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:29.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f53e25f083bc27042021-12-21 10:44:29.442root 11241100x8000000000000000416384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ee77e6def5bbd4e2021-12-21 10:44:29.443root 11241100x8000000000000000416385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.176c97b9f92b0d502021-12-21 10:44:29.443root 11241100x8000000000000000416386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d8c4074794f4ce2021-12-21 10:44:29.443root 11241100x8000000000000000416387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e32e8767e5524e2021-12-21 10:44:29.443root 11241100x8000000000000000416388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb871f16fb0bf3f2021-12-21 10:44:29.443root 11241100x8000000000000000416389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29116121497b90202021-12-21 10:44:29.443root 11241100x8000000000000000416390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6881339caf009772021-12-21 10:44:29.443root 11241100x8000000000000000416391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e1b3f368381fb42021-12-21 10:44:29.443root 11241100x8000000000000000416392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3de81c86166e7cfd2021-12-21 10:44:29.943root 11241100x8000000000000000416393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27cc3943ca4f1cdb2021-12-21 10:44:29.943root 11241100x8000000000000000416394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.594694ce4f3805272021-12-21 10:44:29.943root 11241100x8000000000000000416395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.948210fef3e67cbe2021-12-21 10:44:29.943root 11241100x8000000000000000416396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5770e2c23f400d932021-12-21 10:44:29.943root 11241100x8000000000000000416397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbdcf856e72f82602021-12-21 10:44:29.943root 11241100x8000000000000000416398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4579203d4125bc692021-12-21 10:44:29.943root 11241100x8000000000000000416399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0069e4835c4478d82021-12-21 10:44:29.943root 11241100x8000000000000000416400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af7d914225425ede2021-12-21 10:44:29.943root 11241100x8000000000000000416401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b504e4379d3df52021-12-21 10:44:30.443root 11241100x8000000000000000416402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aace9ad170c61ad2021-12-21 10:44:30.443root 11241100x8000000000000000416403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e17b6c06f16098a2021-12-21 10:44:30.443root 11241100x8000000000000000416404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40a095a68a52ea782021-12-21 10:44:30.443root 11241100x8000000000000000416405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.416c2820b3a772d72021-12-21 10:44:30.443root 11241100x8000000000000000416406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5338a26b087d82c2021-12-21 10:44:30.443root 11241100x8000000000000000416407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.155d63905ecd55a12021-12-21 10:44:30.443root 11241100x8000000000000000416408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd427233c584b902021-12-21 10:44:30.443root 11241100x8000000000000000416409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ea4b4e391a4eca2021-12-21 10:44:30.443root 11241100x8000000000000000416410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0355167ccf5cbe1b2021-12-21 10:44:30.943root 11241100x8000000000000000416411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.191bb5c270a1ef642021-12-21 10:44:30.943root 11241100x8000000000000000416412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e553d20f243a85032021-12-21 10:44:30.943root 11241100x8000000000000000416413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.689f4aa9ce03a2b12021-12-21 10:44:30.943root 11241100x8000000000000000416414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6a31a2c38e3a8192021-12-21 10:44:30.943root 11241100x8000000000000000416415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb7265ae265132df2021-12-21 10:44:30.943root 11241100x8000000000000000416416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db53f666f2f4ea622021-12-21 10:44:30.943root 11241100x8000000000000000416417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d47c74223d6bb5d2021-12-21 10:44:30.944root 11241100x8000000000000000416418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d36eed2d55aaee2021-12-21 10:44:30.944root 11241100x8000000000000000416419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ec705af06389eb32021-12-21 10:44:31.443root 11241100x8000000000000000416420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d646d54bdce148942021-12-21 10:44:31.443root 11241100x8000000000000000416421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06a156f28fbdf3d52021-12-21 10:44:31.443root 11241100x8000000000000000416422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f7a16224aeb8272021-12-21 10:44:31.443root 11241100x8000000000000000416423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39efe6ec958927812021-12-21 10:44:31.443root 11241100x8000000000000000416424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d01c72e1fe5be342021-12-21 10:44:31.443root 11241100x8000000000000000416425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25af01c305faf88f2021-12-21 10:44:31.443root 11241100x8000000000000000416426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e9b6f9d2e066da2021-12-21 10:44:31.443root 11241100x8000000000000000416427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec8dc25aa4700dd72021-12-21 10:44:31.443root 11241100x8000000000000000416428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99871eea40545fb92021-12-21 10:44:31.943root 11241100x8000000000000000416429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d1f916f30f62fa2021-12-21 10:44:31.943root 11241100x8000000000000000416430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff5ce04e435942f2021-12-21 10:44:31.943root 11241100x8000000000000000416431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb418016c2ec8e02021-12-21 10:44:31.943root 11241100x8000000000000000416432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b56ca4fed21b94482021-12-21 10:44:31.943root 11241100x8000000000000000416433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6efe5b30b2b042482021-12-21 10:44:31.943root 11241100x8000000000000000416434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab9f2874d65ac462021-12-21 10:44:31.943root 11241100x8000000000000000416435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7117a5ecaf6ce262021-12-21 10:44:31.943root 11241100x8000000000000000416436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a85e9062d71a53e2021-12-21 10:44:31.943root 11241100x8000000000000000416437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5298bf0347003e192021-12-21 10:44:32.443root 11241100x8000000000000000416438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2fa1054cdaa5cb82021-12-21 10:44:32.443root 11241100x8000000000000000416439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9771e5c950b931292021-12-21 10:44:32.443root 11241100x8000000000000000416440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5190515bedd7648d2021-12-21 10:44:32.443root 11241100x8000000000000000416441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1e7e118b443d3212021-12-21 10:44:32.443root 11241100x8000000000000000416442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d8b9db1753cd452021-12-21 10:44:32.443root 11241100x8000000000000000416443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b43d4322e7cb8ae2021-12-21 10:44:32.443root 11241100x8000000000000000416444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c28381d96860a152021-12-21 10:44:32.443root 11241100x8000000000000000416445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7598de22161c87992021-12-21 10:44:32.443root 11241100x8000000000000000416446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76bbffd550cd4b692021-12-21 10:44:32.943root 11241100x8000000000000000416447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.758d4aff1ca9ae0e2021-12-21 10:44:32.943root 11241100x8000000000000000416448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4f53d80d60853392021-12-21 10:44:32.943root 11241100x8000000000000000416449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c212ee863358c732021-12-21 10:44:32.943root 11241100x8000000000000000416450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8087330cc83a09072021-12-21 10:44:32.943root 11241100x8000000000000000416451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8416d3ad98454fef2021-12-21 10:44:32.943root 11241100x8000000000000000416452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83818422b8afc7ad2021-12-21 10:44:32.943root 11241100x8000000000000000416453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c74e04069c4b59362021-12-21 10:44:32.943root 11241100x8000000000000000416454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd9b96e6c39c9b12021-12-21 10:44:32.944root 154100x8000000000000000416455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:33.309{ec2b6afe-b011-61c1-68d4-0bf136560000}9765/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 11241100x8000000000000000416456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:33.310{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51a722edaed08bbd2021-12-21 10:44:33.310root 11241100x8000000000000000416457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:33.310{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a6f2ff2979e8ff92021-12-21 10:44:33.310root 11241100x8000000000000000416458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:33.311{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e93de5dec7aa5a02021-12-21 10:44:33.311root 11241100x8000000000000000416459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:33.311{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.268af9974a5d381b2021-12-21 10:44:33.311root 11241100x8000000000000000416460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:33.311{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f91d7ac6741ec42021-12-21 10:44:33.311root 11241100x8000000000000000416461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:33.311{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88543c606521b4b42021-12-21 10:44:33.311root 11241100x8000000000000000416462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:33.311{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3caf1ea7bdf20b2c2021-12-21 10:44:33.311root 11241100x8000000000000000416463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:33.311{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f291fc4102927342021-12-21 10:44:33.311root 11241100x8000000000000000416464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:33.311{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.265e59bedc7152922021-12-21 10:44:33.311root 11241100x8000000000000000416465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:33.311{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f560d17e2a5c64a2021-12-21 10:44:33.311root 534500x8000000000000000416466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:33.326{ec2b6afe-b011-61c1-68d4-0bf136560000}9765/bin/psroot 11241100x8000000000000000416467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1edf0cf908198ec02021-12-21 10:44:33.693root 11241100x8000000000000000416468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a73ab9b18914b8fc2021-12-21 10:44:33.693root 11241100x8000000000000000416469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5feaf6ab275ace912021-12-21 10:44:33.693root 11241100x8000000000000000416470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38661d7c302e0ed22021-12-21 10:44:33.693root 11241100x8000000000000000416471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03cf64955b5e97c92021-12-21 10:44:33.693root 11241100x8000000000000000416472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3acc09f535d600a92021-12-21 10:44:33.693root 11241100x8000000000000000416473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6642e1e097d8826c2021-12-21 10:44:33.693root 11241100x8000000000000000416474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d3a78d496666e32021-12-21 10:44:33.693root 11241100x8000000000000000416475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.453d4b17a540d9ae2021-12-21 10:44:33.694root 11241100x8000000000000000416476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.469a3b6f4b30e0a72021-12-21 10:44:33.694root 11241100x8000000000000000416477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b8ec95ee6076b82021-12-21 10:44:33.694root 11241100x8000000000000000416478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef5dea1325fe0032021-12-21 10:44:34.193root 11241100x8000000000000000416479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7dfc5a899e95232021-12-21 10:44:34.193root 11241100x8000000000000000416480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a4cfb784d0880ed2021-12-21 10:44:34.193root 11241100x8000000000000000416481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48cd1e2d186391532021-12-21 10:44:34.193root 11241100x8000000000000000416482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b2c2d5b5cd4e97b2021-12-21 10:44:34.193root 11241100x8000000000000000416483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f15b3f1e38d1a82021-12-21 10:44:34.193root 11241100x8000000000000000416484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e8e4a5d1ddf5b0a2021-12-21 10:44:34.193root 11241100x8000000000000000416485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b599f7e877b155a02021-12-21 10:44:34.194root 11241100x8000000000000000416486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.192b2e4d9d30172b2021-12-21 10:44:34.194root 11241100x8000000000000000416487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a02267beee8d3c992021-12-21 10:44:34.194root 11241100x8000000000000000416488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a089f12d784202f2021-12-21 10:44:34.194root 11241100x8000000000000000416489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c7d9289e1ae0d42021-12-21 10:44:34.693root 11241100x8000000000000000416490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1647ed61ef2a82422021-12-21 10:44:34.693root 11241100x8000000000000000416491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf044206b756a9b2021-12-21 10:44:34.693root 11241100x8000000000000000416492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d65da7ade47ee9012021-12-21 10:44:34.693root 11241100x8000000000000000416493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e36b4aca98d3822021-12-21 10:44:34.693root 11241100x8000000000000000416494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aaabecf114f69692021-12-21 10:44:34.693root 11241100x8000000000000000416495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.021944495d6ed3772021-12-21 10:44:34.693root 11241100x8000000000000000416496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6843c765b4e3a3d42021-12-21 10:44:34.693root 11241100x8000000000000000416497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c26c785b1ba9832021-12-21 10:44:34.694root 11241100x8000000000000000416498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e8e2e5b8339cc42021-12-21 10:44:34.694root 11241100x8000000000000000416499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.643f22b2f84bda872021-12-21 10:44:34.694root 354300x8000000000000000416500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:35.084{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47536-false10.0.1.12-8000- 11241100x8000000000000000416501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:35.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66b6be95a8b5f9a72021-12-21 10:44:35.085root 11241100x8000000000000000416502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:35.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d8426adc3880922021-12-21 10:44:35.085root 11241100x8000000000000000416503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:35.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77f7ed577f268a6b2021-12-21 10:44:35.085root 11241100x8000000000000000416504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:35.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f5186b461451ca2021-12-21 10:44:35.085root 11241100x8000000000000000416505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:35.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d845814c3d38bbc2021-12-21 10:44:35.085root 11241100x8000000000000000416506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:35.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.711af7dee7e5e28b2021-12-21 10:44:35.086root 11241100x8000000000000000416507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:35.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d9da6aa4da133762021-12-21 10:44:35.086root 11241100x8000000000000000416508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:35.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f2208ea921a63442021-12-21 10:44:35.086root 11241100x8000000000000000416509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:35.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e8fd58c904c28b02021-12-21 10:44:35.086root 11241100x8000000000000000416510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:35.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b31c0eea3036d92021-12-21 10:44:35.086root 11241100x8000000000000000416511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:35.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de06591184ff93982021-12-21 10:44:35.086root 11241100x8000000000000000416512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:35.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ddc3ae60d697652021-12-21 10:44:35.086root 11241100x8000000000000000416513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:35.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18676d02e5bacc12021-12-21 10:44:35.086root 11241100x8000000000000000416514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16dc038f2af517cb2021-12-21 10:44:35.443root 11241100x8000000000000000416515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f650eac5397364b2021-12-21 10:44:35.443root 11241100x8000000000000000416516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e92e92755eb27b262021-12-21 10:44:35.443root 11241100x8000000000000000416517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3768da75fbee24da2021-12-21 10:44:35.443root 11241100x8000000000000000416518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b85cae1aafeac52021-12-21 10:44:35.443root 11241100x8000000000000000416519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cdea39e9c5d33982021-12-21 10:44:35.443root 11241100x8000000000000000416520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ca2382191b15fd2021-12-21 10:44:35.443root 11241100x8000000000000000416521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88c559400eb998cd2021-12-21 10:44:35.443root 11241100x8000000000000000416522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53f1383dd180c8742021-12-21 10:44:35.444root 11241100x8000000000000000416523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a8dae69f81a3ad2021-12-21 10:44:35.444root 11241100x8000000000000000416524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8a32761bfad1eb2021-12-21 10:44:35.444root 11241100x8000000000000000416525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.879080405004e53b2021-12-21 10:44:35.444root 11241100x8000000000000000416526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:35.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ead7b99863e3125a2021-12-21 10:44:35.942root 11241100x8000000000000000416527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61610092d24ea4052021-12-21 10:44:35.943root 11241100x8000000000000000416528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a8155467c535d872021-12-21 10:44:35.943root 11241100x8000000000000000416529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d6def0cf5a082d2021-12-21 10:44:35.943root 11241100x8000000000000000416530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b95aed0c905dddb2021-12-21 10:44:35.943root 11241100x8000000000000000416531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb897ce89423a10e2021-12-21 10:44:35.943root 11241100x8000000000000000416532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d8a9109e7d3f962021-12-21 10:44:35.944root 11241100x8000000000000000416533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.750b44443da297252021-12-21 10:44:35.944root 11241100x8000000000000000416534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f35f823a1f3c65dc2021-12-21 10:44:35.944root 11241100x8000000000000000416535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.278caee12b41e8642021-12-21 10:44:35.944root 11241100x8000000000000000416536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9e97ac4fdf6a8a2021-12-21 10:44:35.944root 11241100x8000000000000000416537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9381e692032b76b22021-12-21 10:44:35.944root 11241100x8000000000000000416538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:36.342{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 10:44:36.342root 11241100x8000000000000000416539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:36.343{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de0703273a667792021-12-21 10:44:36.343root 11241100x8000000000000000416540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:36.343{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b8a6b18a767d5cb2021-12-21 10:44:36.343root 11241100x8000000000000000416541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:36.344{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe408b28d0ba3302021-12-21 10:44:36.344root 11241100x8000000000000000416542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:36.344{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.307b602a403dab782021-12-21 10:44:36.344root 11241100x8000000000000000416543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:36.344{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ce2602422790eb2021-12-21 10:44:36.344root 11241100x8000000000000000416544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:36.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b96167b185a99e632021-12-21 10:44:36.345root 11241100x8000000000000000416545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:36.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40d4a94f2eca93ec2021-12-21 10:44:36.345root 11241100x8000000000000000416546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:36.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a931a2f707326ea2021-12-21 10:44:36.345root 11241100x8000000000000000416547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:36.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f1ac04984d5fdc2021-12-21 10:44:36.345root 11241100x8000000000000000416548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:36.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26526eca792905d62021-12-21 10:44:36.346root 11241100x8000000000000000416549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:36.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.959ad0abd49eee872021-12-21 10:44:36.346root 11241100x8000000000000000416550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:36.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e01a37c4ab2928b2021-12-21 10:44:36.346root 11241100x8000000000000000416551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:36.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.456afa6def898b582021-12-21 10:44:36.346root 11241100x8000000000000000416552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:36.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ae72a7b07e1948d2021-12-21 10:44:36.346root 11241100x8000000000000000416553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8b95503ce3841492021-12-21 10:44:36.693root 11241100x8000000000000000416554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.966902415b73384d2021-12-21 10:44:36.693root 11241100x8000000000000000416555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c13659e72166ac2021-12-21 10:44:36.693root 11241100x8000000000000000416556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb31b63f6421fb4c2021-12-21 10:44:36.693root 11241100x8000000000000000416557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ff7f9546a4f9a32021-12-21 10:44:36.693root 11241100x8000000000000000416558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e096e7f34c9cdf52021-12-21 10:44:36.693root 11241100x8000000000000000416559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2fa89967322774d2021-12-21 10:44:36.693root 11241100x8000000000000000416560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e232f715b85f3e062021-12-21 10:44:36.693root 11241100x8000000000000000416561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e80cbed8ba609b2021-12-21 10:44:36.693root 11241100x8000000000000000416562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.667e5f210e13e0af2021-12-21 10:44:36.694root 11241100x8000000000000000416563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c0a11c3b44cadc2021-12-21 10:44:36.694root 11241100x8000000000000000416564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a47359eb3ad47872021-12-21 10:44:36.694root 11241100x8000000000000000416565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc301ee1ecc64a7b2021-12-21 10:44:36.694root 11241100x8000000000000000416566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62419dd6ef3a79992021-12-21 10:44:37.193root 11241100x8000000000000000416567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b114b390357bb4b32021-12-21 10:44:37.193root 11241100x8000000000000000416568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca140db73aea9932021-12-21 10:44:37.193root 11241100x8000000000000000416569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ded6777f0cce4672021-12-21 10:44:37.193root 11241100x8000000000000000416570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd132f61207a6f22021-12-21 10:44:37.193root 11241100x8000000000000000416571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.917ebca5b2adbf4d2021-12-21 10:44:37.193root 11241100x8000000000000000416572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28cce4e7da51f72f2021-12-21 10:44:37.193root 11241100x8000000000000000416573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f81ed67d759a0682021-12-21 10:44:37.193root 11241100x8000000000000000416574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5903ec902f6009372021-12-21 10:44:37.194root 11241100x8000000000000000416575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7361d0c5c5fb0552021-12-21 10:44:37.194root 11241100x8000000000000000416576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608765aaf4248fac2021-12-21 10:44:37.194root 11241100x8000000000000000416577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e62fc8d2e61c45892021-12-21 10:44:37.194root 11241100x8000000000000000416578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a3ebedea56cfa6e2021-12-21 10:44:37.194root 11241100x8000000000000000416579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d5eb43d133bfae32021-12-21 10:44:37.693root 11241100x8000000000000000416580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cd193128000eee32021-12-21 10:44:37.693root 11241100x8000000000000000416581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d0c3e96042ed422021-12-21 10:44:37.693root 11241100x8000000000000000416582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d51e86df5b8723012021-12-21 10:44:37.693root 11241100x8000000000000000416583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b001e4183c498d512021-12-21 10:44:37.693root 11241100x8000000000000000416584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42e3ae1447c0f1682021-12-21 10:44:37.693root 11241100x8000000000000000416585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd4ea0602ae3e3252021-12-21 10:44:37.693root 11241100x8000000000000000416586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e4549a22ed61662021-12-21 10:44:37.693root 11241100x8000000000000000416587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2faea958f21e9432021-12-21 10:44:37.693root 11241100x8000000000000000416588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a9bc37102500ee2021-12-21 10:44:37.694root 11241100x8000000000000000416589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6b2ff4189498b072021-12-21 10:44:37.694root 11241100x8000000000000000416590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ba7f473c5f06242021-12-21 10:44:37.694root 11241100x8000000000000000416591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbdd6ddf6083128b2021-12-21 10:44:37.694root 11241100x8000000000000000416592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c744db31a1c88a52021-12-21 10:44:38.193root 11241100x8000000000000000416593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3906914152e78a02021-12-21 10:44:38.193root 11241100x8000000000000000416594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b049b58eed9141b2021-12-21 10:44:38.193root 11241100x8000000000000000416595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.069edd45ae617fbd2021-12-21 10:44:38.193root 11241100x8000000000000000416596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d1cfa210c2d744f2021-12-21 10:44:38.193root 11241100x8000000000000000416597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f51756241941b2f2021-12-21 10:44:38.193root 11241100x8000000000000000416598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f040ebce17ffdae82021-12-21 10:44:38.193root 11241100x8000000000000000416599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0455e097126f1b972021-12-21 10:44:38.193root 11241100x8000000000000000416600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b9f6dfe238fe9ee2021-12-21 10:44:38.194root 11241100x8000000000000000416601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.934fc7446db5dc392021-12-21 10:44:38.194root 11241100x8000000000000000416602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23bf339fd7bfd2912021-12-21 10:44:38.194root 11241100x8000000000000000416603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51a789969da039592021-12-21 10:44:38.194root 11241100x8000000000000000416604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d786d0a165d965e2021-12-21 10:44:38.194root 11241100x8000000000000000416605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dc834d5869a941a2021-12-21 10:44:38.693root 11241100x8000000000000000416606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bdea1d2ee53e1c82021-12-21 10:44:38.693root 11241100x8000000000000000416607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d548f69aa93e31c02021-12-21 10:44:38.693root 11241100x8000000000000000416608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d2c58c626572bf12021-12-21 10:44:38.693root 11241100x8000000000000000416609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.346161e6340500272021-12-21 10:44:38.693root 11241100x8000000000000000416610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b138e7d3ca611e942021-12-21 10:44:38.693root 11241100x8000000000000000416611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.485121adbd9dff0b2021-12-21 10:44:38.693root 11241100x8000000000000000416612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4675f3e7d98e0f742021-12-21 10:44:38.693root 11241100x8000000000000000416613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.147149d25479d2ff2021-12-21 10:44:38.693root 11241100x8000000000000000416614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b2d50a2fa9ebf82021-12-21 10:44:38.693root 11241100x8000000000000000416615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdce9f6444437a472021-12-21 10:44:38.693root 11241100x8000000000000000416616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da94c78a99bbefa2021-12-21 10:44:38.693root 11241100x8000000000000000416617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d95f292923f809c2021-12-21 10:44:38.694root 23542300x8000000000000000416618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:39.189{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000416619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:39.190{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf6cfe5be86aade2021-12-21 10:44:39.190root 11241100x8000000000000000416620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:39.190{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7947402f13df30392021-12-21 10:44:39.190root 11241100x8000000000000000416621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:39.191{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1624877c3eecd1162021-12-21 10:44:39.191root 11241100x8000000000000000416622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:39.191{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af2ca1d64bc2dcb92021-12-21 10:44:39.191root 11241100x8000000000000000416623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:39.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3ce61cb847eb3412021-12-21 10:44:39.192root 11241100x8000000000000000416624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:39.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d25cd897b2e3e92021-12-21 10:44:39.192root 11241100x8000000000000000416625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:39.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d767cc94ef3fa0a2021-12-21 10:44:39.192root 11241100x8000000000000000416626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:39.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.934893c62efe9ba02021-12-21 10:44:39.192root 11241100x8000000000000000416627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:39.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aada6cfedc31db42021-12-21 10:44:39.192root 11241100x8000000000000000416628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:39.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2fc754f2d50f85d2021-12-21 10:44:39.192root 11241100x8000000000000000416629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:39.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a47c98d8d6e76d702021-12-21 10:44:39.192root 11241100x8000000000000000416630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d8453ee9bd7a822021-12-21 10:44:39.193root 11241100x8000000000000000416631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64609cb8c407893e2021-12-21 10:44:39.193root 11241100x8000000000000000416632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51808d6a5ec050e52021-12-21 10:44:39.193root 11241100x8000000000000000416633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.598f4a30ed5400b12021-12-21 10:44:39.443root 11241100x8000000000000000416634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c82ac99c0ecf992021-12-21 10:44:39.443root 11241100x8000000000000000416635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beab9526dffc8dc02021-12-21 10:44:39.443root 11241100x8000000000000000416636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eefe0fa2a7575792021-12-21 10:44:39.443root 11241100x8000000000000000416637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fce05cdd6f2328a52021-12-21 10:44:39.443root 11241100x8000000000000000416638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576c0fc933427da32021-12-21 10:44:39.443root 11241100x8000000000000000416639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d75efd761c94ae2021-12-21 10:44:39.443root 11241100x8000000000000000416640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b79087287c67dfa2021-12-21 10:44:39.443root 11241100x8000000000000000416641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0badb9fdaeda253a2021-12-21 10:44:39.445root 11241100x8000000000000000416642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a726fc7828af3c32021-12-21 10:44:39.445root 11241100x8000000000000000416643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e4ef32e1f169f272021-12-21 10:44:39.445root 11241100x8000000000000000416644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fbe13adf762dcf22021-12-21 10:44:39.445root 11241100x8000000000000000416645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:39.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8bb7278448d200f2021-12-21 10:44:39.447root 11241100x8000000000000000416646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:39.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5fa605bc834a8042021-12-21 10:44:39.447root 11241100x8000000000000000416647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2411083675c689452021-12-21 10:44:39.943root 11241100x8000000000000000416648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7874182380b275c2021-12-21 10:44:39.943root 11241100x8000000000000000416649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc9d5bced4a9c872021-12-21 10:44:39.943root 11241100x8000000000000000416650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b791486ae28b0c6f2021-12-21 10:44:39.943root 11241100x8000000000000000416651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1fc8c9a485dcc162021-12-21 10:44:39.944root 11241100x8000000000000000416652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaa11df17005369c2021-12-21 10:44:39.944root 11241100x8000000000000000416653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f49c3ec1ad34c8a2021-12-21 10:44:39.944root 11241100x8000000000000000416654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c0f58e7e560bc22021-12-21 10:44:39.944root 11241100x8000000000000000416655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7799d9a88dc987b82021-12-21 10:44:39.944root 11241100x8000000000000000416656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c38bb65d68adee92021-12-21 10:44:39.944root 11241100x8000000000000000416657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29ce97b1f35a454b2021-12-21 10:44:39.944root 11241100x8000000000000000416658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c64ddb6c25beb72021-12-21 10:44:39.944root 11241100x8000000000000000416659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce288e76c627d4e32021-12-21 10:44:39.944root 11241100x8000000000000000416660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b41fbae8d21749f82021-12-21 10:44:39.944root 11241100x8000000000000000416661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:40.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3c65d1d99c9e872021-12-21 10:44:40.442root 11241100x8000000000000000416662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba150393793c4e862021-12-21 10:44:40.443root 11241100x8000000000000000416663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c7700468084443f2021-12-21 10:44:40.443root 11241100x8000000000000000416664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec3d403016c8c2f02021-12-21 10:44:40.443root 11241100x8000000000000000416665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dc5a1a1d835a2862021-12-21 10:44:40.443root 11241100x8000000000000000416666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db7ead81bb6ebd62021-12-21 10:44:40.443root 11241100x8000000000000000416667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac6595a51cd49c52021-12-21 10:44:40.443root 11241100x8000000000000000416668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980626941d9b6f472021-12-21 10:44:40.443root 11241100x8000000000000000416669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e902aeb68d6715122021-12-21 10:44:40.443root 11241100x8000000000000000416670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c35f1357c53c5392021-12-21 10:44:40.443root 11241100x8000000000000000416671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.526b47c503b4a9162021-12-21 10:44:40.443root 11241100x8000000000000000416672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732374446cdef4a62021-12-21 10:44:40.444root 11241100x8000000000000000416673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4f2c990960a93a32021-12-21 10:44:40.444root 11241100x8000000000000000416674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4f656fa532d1842021-12-21 10:44:40.444root 11241100x8000000000000000416675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e7313cb2a943e0d2021-12-21 10:44:40.943root 11241100x8000000000000000416676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53f8e9deb47dc52d2021-12-21 10:44:40.943root 11241100x8000000000000000416677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fa2cbedad0b72492021-12-21 10:44:40.943root 11241100x8000000000000000416678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eedc19a4fb8e472b2021-12-21 10:44:40.943root 11241100x8000000000000000416679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd86f838b2a7ba72021-12-21 10:44:40.943root 11241100x8000000000000000416680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f28c8f64be22a5bf2021-12-21 10:44:40.943root 11241100x8000000000000000416681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e17d484d9e04c42021-12-21 10:44:40.943root 11241100x8000000000000000416682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b25361ccefe7062d2021-12-21 10:44:40.944root 11241100x8000000000000000416683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e3e36ca595c5aa2021-12-21 10:44:40.944root 11241100x8000000000000000416684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dfe1ef94f4421182021-12-21 10:44:40.944root 11241100x8000000000000000416685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87bea0fdf9e946f82021-12-21 10:44:40.944root 11241100x8000000000000000416686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f56036955530e52021-12-21 10:44:40.944root 11241100x8000000000000000416687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd0f701005cf65052021-12-21 10:44:40.944root 11241100x8000000000000000416688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42be4e6909a1b40b2021-12-21 10:44:40.944root 354300x8000000000000000416689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:41.049{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47538-false10.0.1.12-8000- 11241100x8000000000000000416690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:41.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1e93eb63146284b2021-12-21 10:44:41.442root 11241100x8000000000000000416691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3830d5482c4921b82021-12-21 10:44:41.443root 11241100x8000000000000000416692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbc8ac3d597f6fee2021-12-21 10:44:41.443root 11241100x8000000000000000416693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9444e984e3c0d28e2021-12-21 10:44:41.443root 11241100x8000000000000000416694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f67b07e16b5b9a982021-12-21 10:44:41.443root 11241100x8000000000000000416695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37d40d1e234619002021-12-21 10:44:41.443root 11241100x8000000000000000416696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a52e187fcd7401c2021-12-21 10:44:41.444root 11241100x8000000000000000416697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbf43ebed9d8f1bd2021-12-21 10:44:41.444root 11241100x8000000000000000416698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc29a3c4ea6f3df2021-12-21 10:44:41.444root 11241100x8000000000000000416699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b7325e513f71fa2021-12-21 10:44:41.444root 11241100x8000000000000000416700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a25fc3940ebebd3e2021-12-21 10:44:41.444root 11241100x8000000000000000416701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c724ec1871836ccc2021-12-21 10:44:41.444root 11241100x8000000000000000416702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f828623c0ff9172021-12-21 10:44:41.444root 11241100x8000000000000000416703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38e75254d923a8422021-12-21 10:44:41.445root 11241100x8000000000000000416704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1dd87bf71f1b2c82021-12-21 10:44:41.445root 11241100x8000000000000000416705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a28a631fff004de2021-12-21 10:44:41.943root 11241100x8000000000000000416706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ccc662fbf25651f2021-12-21 10:44:41.943root 11241100x8000000000000000416707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7132e594bb18182c2021-12-21 10:44:41.943root 11241100x8000000000000000416708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb354c825ac63f932021-12-21 10:44:41.944root 11241100x8000000000000000416709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242fda7b029d4e672021-12-21 10:44:41.944root 11241100x8000000000000000416710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae3cfaae6cb8ee9f2021-12-21 10:44:41.944root 11241100x8000000000000000416711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e17787289468b152021-12-21 10:44:41.944root 11241100x8000000000000000416712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c78f0a4737aa8d9e2021-12-21 10:44:41.944root 11241100x8000000000000000416713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67995a16bf73d2f32021-12-21 10:44:41.944root 11241100x8000000000000000416714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd8bc6617717959f2021-12-21 10:44:41.944root 11241100x8000000000000000416715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a005539fd358712021-12-21 10:44:41.945root 11241100x8000000000000000416716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b14d7b2b4fab78d2021-12-21 10:44:41.945root 11241100x8000000000000000416717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37a7f823cd9730a2021-12-21 10:44:41.945root 11241100x8000000000000000416718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdf0074d87a26c2e2021-12-21 10:44:41.945root 11241100x8000000000000000416719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:41.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.682cfbd84ea075de2021-12-21 10:44:41.948root 11241100x8000000000000000416720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7baf2e7d8dbe93ff2021-12-21 10:44:42.443root 11241100x8000000000000000416721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a55027f4d37ce52021-12-21 10:44:42.443root 11241100x8000000000000000416722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9961df018f056f142021-12-21 10:44:42.443root 11241100x8000000000000000416723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db7685ced2a8d1c2021-12-21 10:44:42.443root 11241100x8000000000000000416724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b27e91a9d36a1102021-12-21 10:44:42.444root 11241100x8000000000000000416725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ff5add1203974e2021-12-21 10:44:42.444root 11241100x8000000000000000416726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.577d4157b0ad21662021-12-21 10:44:42.444root 11241100x8000000000000000416727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad70867266d0ea672021-12-21 10:44:42.444root 11241100x8000000000000000416728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5923d23c73edf832021-12-21 10:44:42.444root 11241100x8000000000000000416729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30cccb51eb1ebe2a2021-12-21 10:44:42.444root 11241100x8000000000000000416730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35276f26dd8b0de62021-12-21 10:44:42.444root 11241100x8000000000000000416731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0807617c704361742021-12-21 10:44:42.445root 11241100x8000000000000000416732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57de023b928abd672021-12-21 10:44:42.445root 11241100x8000000000000000416733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c03eff17231be3b2021-12-21 10:44:42.445root 11241100x8000000000000000416734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.711b833a9ed7cef82021-12-21 10:44:42.445root 11241100x8000000000000000416735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d7ec9c19d9d42752021-12-21 10:44:42.943root 11241100x8000000000000000416736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a7839c98978f082021-12-21 10:44:42.943root 11241100x8000000000000000416737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2abe4f8b3528e1be2021-12-21 10:44:42.943root 11241100x8000000000000000416738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7dcf8c008412262021-12-21 10:44:42.943root 11241100x8000000000000000416739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f4cccb5bf1947f2021-12-21 10:44:42.943root 11241100x8000000000000000416740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7bb834c4cd0a2f12021-12-21 10:44:42.944root 11241100x8000000000000000416741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faaa42ee6f7c7c162021-12-21 10:44:42.944root 11241100x8000000000000000416742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84cba8efaf9efdaf2021-12-21 10:44:42.944root 11241100x8000000000000000416743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.961465cd17d7b9162021-12-21 10:44:42.944root 11241100x8000000000000000416744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75170d50bf0d39702021-12-21 10:44:42.944root 11241100x8000000000000000416745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5066a82a3e4e03f92021-12-21 10:44:42.944root 11241100x8000000000000000416746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c5b626b9a9cec92021-12-21 10:44:42.944root 11241100x8000000000000000416747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e6c4e3893ea5f222021-12-21 10:44:42.944root 11241100x8000000000000000416748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1dabde75a398362021-12-21 10:44:42.945root 11241100x8000000000000000416749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72990824bb3e5aa32021-12-21 10:44:42.945root 11241100x8000000000000000416750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d61f80908bf513e52021-12-21 10:44:43.443root 11241100x8000000000000000416751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29ed05e371d577ad2021-12-21 10:44:43.443root 11241100x8000000000000000416752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1b14811c536702f2021-12-21 10:44:43.443root 11241100x8000000000000000416753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.066dd4bf45df9a922021-12-21 10:44:43.443root 11241100x8000000000000000416754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d5c1648c75154c82021-12-21 10:44:43.443root 11241100x8000000000000000416755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b41dd7a42f1f462021-12-21 10:44:43.443root 11241100x8000000000000000416756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225da1ae452c4ff52021-12-21 10:44:43.443root 11241100x8000000000000000416757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2287ea752df3769a2021-12-21 10:44:43.444root 11241100x8000000000000000416758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f5d44ffeb9ea152021-12-21 10:44:43.444root 11241100x8000000000000000416759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.386fef7cbb26d0e12021-12-21 10:44:43.444root 11241100x8000000000000000416760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0851571cc9d74592021-12-21 10:44:43.444root 11241100x8000000000000000416761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.784c5ed504e982362021-12-21 10:44:43.444root 11241100x8000000000000000416762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b19ffd8dc20e5d2021-12-21 10:44:43.444root 11241100x8000000000000000416763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.326b8f0f1698d5042021-12-21 10:44:43.444root 11241100x8000000000000000416764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc3c7b9dd222094c2021-12-21 10:44:43.444root 11241100x8000000000000000416765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8abdc807c343e35e2021-12-21 10:44:43.943root 11241100x8000000000000000416766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a142fd2685cc0242021-12-21 10:44:43.943root 11241100x8000000000000000416767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb9bbfbe659c9c6c2021-12-21 10:44:43.943root 11241100x8000000000000000416768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc6b43fb91e81d2e2021-12-21 10:44:43.943root 11241100x8000000000000000416769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9d989dd3b625e5a2021-12-21 10:44:43.943root 11241100x8000000000000000416770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd32d41679e33c02021-12-21 10:44:43.943root 11241100x8000000000000000416771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b24f998f7b453132021-12-21 10:44:43.943root 11241100x8000000000000000416772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fc93862153698922021-12-21 10:44:43.943root 11241100x8000000000000000416773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8097d512aa3f871c2021-12-21 10:44:43.944root 11241100x8000000000000000416774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19cab1a1eb52224b2021-12-21 10:44:43.944root 11241100x8000000000000000416775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.befb36aff5d1cbd92021-12-21 10:44:43.944root 11241100x8000000000000000416776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a0f796fc0a23dbe2021-12-21 10:44:43.944root 11241100x8000000000000000416777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a474a3055eed3102021-12-21 10:44:43.944root 11241100x8000000000000000416778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.692ee8338359be6b2021-12-21 10:44:43.944root 11241100x8000000000000000416779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f948dc9f95f18c02021-12-21 10:44:43.944root 11241100x8000000000000000416780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:44.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c9543daa0350102021-12-21 10:44:44.442root 11241100x8000000000000000416781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.097e776c9fb7a72c2021-12-21 10:44:44.443root 11241100x8000000000000000416782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee35fd0e21e050832021-12-21 10:44:44.443root 11241100x8000000000000000416783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9053358da01dcf022021-12-21 10:44:44.443root 11241100x8000000000000000416784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.028b48075155334c2021-12-21 10:44:44.443root 11241100x8000000000000000416785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98d3126a26c120cd2021-12-21 10:44:44.443root 11241100x8000000000000000416786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe3b579fd56540c2021-12-21 10:44:44.443root 11241100x8000000000000000416787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e2ff3ab8158daa2021-12-21 10:44:44.443root 11241100x8000000000000000416788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2619cec072472c932021-12-21 10:44:44.443root 11241100x8000000000000000416789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a64e89e649d29012021-12-21 10:44:44.443root 11241100x8000000000000000416790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec136e274f090c12021-12-21 10:44:44.443root 11241100x8000000000000000416791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c40ff8d54f818cf52021-12-21 10:44:44.443root 11241100x8000000000000000416792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac1c2052706f1432021-12-21 10:44:44.443root 11241100x8000000000000000416793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb1d6db964b5964e2021-12-21 10:44:44.443root 11241100x8000000000000000416794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5f93d343737b5b62021-12-21 10:44:44.443root 11241100x8000000000000000416795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1283fe6944ffccf32021-12-21 10:44:44.943root 11241100x8000000000000000416796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9f647c294b60a122021-12-21 10:44:44.943root 11241100x8000000000000000416797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bb6085206ed2fb02021-12-21 10:44:44.943root 11241100x8000000000000000416798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b661af643094602021-12-21 10:44:44.943root 11241100x8000000000000000416799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca7d61480c2d9782021-12-21 10:44:44.943root 11241100x8000000000000000416800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d51c348f1628174e2021-12-21 10:44:44.943root 11241100x8000000000000000416801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23c1fdf1aeb287bb2021-12-21 10:44:44.943root 11241100x8000000000000000416802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ef501453654f5b2021-12-21 10:44:44.944root 11241100x8000000000000000416803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f821bf75312684902021-12-21 10:44:44.944root 11241100x8000000000000000416804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a2157dda70406822021-12-21 10:44:44.944root 11241100x8000000000000000416805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e1c79e1608dcee2021-12-21 10:44:44.944root 11241100x8000000000000000416806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b24120f2a5440d92021-12-21 10:44:44.944root 11241100x8000000000000000416807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ffc2d1762cd5f502021-12-21 10:44:44.944root 11241100x8000000000000000416808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b523e18446825e12021-12-21 10:44:44.944root 11241100x8000000000000000416809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a48292a699e377532021-12-21 10:44:44.944root 11241100x8000000000000000416810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ec8e3ba58439962021-12-21 10:44:45.443root 11241100x8000000000000000416811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d873001fa0b4d52021-12-21 10:44:45.443root 11241100x8000000000000000416812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcd68894ec342e8b2021-12-21 10:44:45.443root 11241100x8000000000000000416813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd43566aadd0d05d2021-12-21 10:44:45.443root 11241100x8000000000000000416814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9941be1e123c46fe2021-12-21 10:44:45.443root 11241100x8000000000000000416815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fce4d7a280ea13ec2021-12-21 10:44:45.443root 11241100x8000000000000000416816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf3d127daaa323f2021-12-21 10:44:45.443root 11241100x8000000000000000416817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f88b2aaa5e873ab12021-12-21 10:44:45.443root 11241100x8000000000000000416818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.135973964f6070ea2021-12-21 10:44:45.443root 11241100x8000000000000000416819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb04178cff4964cb2021-12-21 10:44:45.443root 11241100x8000000000000000416820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a425d79b4fff86832021-12-21 10:44:45.443root 11241100x8000000000000000416821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29d7bd3e1d4bab5c2021-12-21 10:44:45.443root 11241100x8000000000000000416822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d5b1c1bbe863d362021-12-21 10:44:45.444root 11241100x8000000000000000416823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d9d10fb0a29945a2021-12-21 10:44:45.444root 11241100x8000000000000000416824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e9435719adbb8a52021-12-21 10:44:45.444root 11241100x8000000000000000416825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9afc5bf1d823c7852021-12-21 10:44:45.943root 11241100x8000000000000000416826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.636170f72381133e2021-12-21 10:44:45.943root 11241100x8000000000000000416827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f72d45d3de56ddef2021-12-21 10:44:45.943root 11241100x8000000000000000416828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ee193555446c0cc2021-12-21 10:44:45.943root 11241100x8000000000000000416829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f477f2cafbfbe6442021-12-21 10:44:45.943root 11241100x8000000000000000416830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79fd6d2658b2ac712021-12-21 10:44:45.943root 11241100x8000000000000000416831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.415bef18370a82342021-12-21 10:44:45.943root 11241100x8000000000000000416832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10039a84024093dd2021-12-21 10:44:45.944root 11241100x8000000000000000416833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b201ee389eeaf7b2021-12-21 10:44:45.945root 11241100x8000000000000000416834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.484f9416b6be1c522021-12-21 10:44:45.945root 11241100x8000000000000000416835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7aba7bbae95beed2021-12-21 10:44:45.945root 11241100x8000000000000000416836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f43b220e7bed057e2021-12-21 10:44:45.945root 11241100x8000000000000000416837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b2c3644ccae78d52021-12-21 10:44:45.945root 11241100x8000000000000000416838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c806d4b4992d79932021-12-21 10:44:45.946root 11241100x8000000000000000416839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23614ed1798153e62021-12-21 10:44:45.946root 354300x8000000000000000416840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:46.193{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47540-false10.0.1.12-8000- 11241100x8000000000000000416841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.479c76c07f7c4de42021-12-21 10:44:46.194root 11241100x8000000000000000416842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bce6b40bb2d26ce2021-12-21 10:44:46.194root 11241100x8000000000000000416843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c31d116b32cc992021-12-21 10:44:46.194root 11241100x8000000000000000416844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:46.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b2dba5763d43ecc2021-12-21 10:44:46.195root 11241100x8000000000000000416845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:46.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddc905500363dc832021-12-21 10:44:46.195root 11241100x8000000000000000416846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:46.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4cb815539545b272021-12-21 10:44:46.195root 11241100x8000000000000000416847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:46.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec803199090b259f2021-12-21 10:44:46.195root 11241100x8000000000000000416848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:46.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebfeab44b86b38cd2021-12-21 10:44:46.195root 11241100x8000000000000000416849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:46.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92fb9b5b7a4e04d42021-12-21 10:44:46.195root 11241100x8000000000000000416850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:46.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6842f2e7a0358862021-12-21 10:44:46.196root 11241100x8000000000000000416851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:46.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5a4c3d5efd0fa472021-12-21 10:44:46.196root 11241100x8000000000000000416852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:46.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bdb1f1bf1eb5bad2021-12-21 10:44:46.196root 11241100x8000000000000000416853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:46.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af5da4901f8bd0c2021-12-21 10:44:46.196root 11241100x8000000000000000416854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:46.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faa4cac4dd804e122021-12-21 10:44:46.196root 11241100x8000000000000000416855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:46.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c328b83c5aa90dd22021-12-21 10:44:46.196root 11241100x8000000000000000416856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:46.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04a3a4de10c71b2e2021-12-21 10:44:46.197root 11241100x8000000000000000416857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.538d32c4c91c87e92021-12-21 10:44:46.693root 11241100x8000000000000000416858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7515e009768c8c422021-12-21 10:44:46.693root 11241100x8000000000000000416859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13f4ed29e8b6358e2021-12-21 10:44:46.694root 11241100x8000000000000000416860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d74f27aebd2663532021-12-21 10:44:46.694root 11241100x8000000000000000416861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed84150753218cf52021-12-21 10:44:46.694root 11241100x8000000000000000416862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a4fadd113a45ad2021-12-21 10:44:46.694root 11241100x8000000000000000416863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c754c6faf1879d82021-12-21 10:44:46.694root 11241100x8000000000000000416864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd82571f5940dda92021-12-21 10:44:46.694root 11241100x8000000000000000416865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f35b1bcb975ba082021-12-21 10:44:46.694root 11241100x8000000000000000416866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd09c274021c3bc2021-12-21 10:44:46.695root 11241100x8000000000000000416867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1ac85641b9f7f42021-12-21 10:44:46.695root 11241100x8000000000000000416868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73dc5551351e2b872021-12-21 10:44:46.695root 11241100x8000000000000000416869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14db37924f4d63e32021-12-21 10:44:46.695root 11241100x8000000000000000416870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f94a8a976ef83a0e2021-12-21 10:44:46.695root 11241100x8000000000000000416871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c7b00d9b3650c0c2021-12-21 10:44:46.695root 11241100x8000000000000000416872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af7f374addadff3b2021-12-21 10:44:46.695root 11241100x8000000000000000416873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f3c66805eeeefeb2021-12-21 10:44:47.193root 11241100x8000000000000000416874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aef05dbb3db92be2021-12-21 10:44:47.193root 11241100x8000000000000000416875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db05639d218c9402021-12-21 10:44:47.193root 11241100x8000000000000000416876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ce65f0ce9e88dbe2021-12-21 10:44:47.193root 11241100x8000000000000000416877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c5c744b64ccc7b92021-12-21 10:44:47.193root 11241100x8000000000000000416878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.454624d0b4cb5d662021-12-21 10:44:47.193root 11241100x8000000000000000416879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e2deb1193cabd62021-12-21 10:44:47.193root 11241100x8000000000000000416880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26dae07ae7d2f4912021-12-21 10:44:47.193root 11241100x8000000000000000416881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51dfa925e5f0ac0c2021-12-21 10:44:47.194root 11241100x8000000000000000416882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a91473d33a824eb72021-12-21 10:44:47.194root 11241100x8000000000000000416883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1385571ede7c5f7d2021-12-21 10:44:47.194root 11241100x8000000000000000416884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0eac723d7895322021-12-21 10:44:47.194root 11241100x8000000000000000416885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fae765ecd5422bd2021-12-21 10:44:47.194root 11241100x8000000000000000416886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80700b12afc770532021-12-21 10:44:47.194root 11241100x8000000000000000416887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa675034e9d794022021-12-21 10:44:47.194root 11241100x8000000000000000416888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f5cba436385b662021-12-21 10:44:47.194root 11241100x8000000000000000416889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48382f87bb861e372021-12-21 10:44:47.693root 11241100x8000000000000000416890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b289a5d1b9a19b32021-12-21 10:44:47.693root 11241100x8000000000000000416891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e48bd67374b617ed2021-12-21 10:44:47.693root 11241100x8000000000000000416892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6deaed41d01598592021-12-21 10:44:47.693root 11241100x8000000000000000416893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eed681efd9c33e02021-12-21 10:44:47.693root 11241100x8000000000000000416894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ef8a5df6ca1faa2021-12-21 10:44:47.693root 11241100x8000000000000000416895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c957aec37c98ed312021-12-21 10:44:47.693root 11241100x8000000000000000416896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b58c05066d821802021-12-21 10:44:47.694root 11241100x8000000000000000416897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16a8bb36167a80ea2021-12-21 10:44:47.694root 11241100x8000000000000000416898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeb278c829c9fad42021-12-21 10:44:47.694root 11241100x8000000000000000416899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce05050cf3794ef22021-12-21 10:44:47.694root 11241100x8000000000000000416900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d026448706c9912021-12-21 10:44:47.694root 11241100x8000000000000000416901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.000074217eceed582021-12-21 10:44:47.694root 11241100x8000000000000000416902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.316d49cf55a17a2a2021-12-21 10:44:47.694root 11241100x8000000000000000416903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd6ef903d89a13a22021-12-21 10:44:47.694root 11241100x8000000000000000416904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f84a8d4a1b1e382021-12-21 10:44:47.695root 11241100x8000000000000000416905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e15d9c3e76aa2db2021-12-21 10:44:48.193root 11241100x8000000000000000416906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d75561dbb1a77542021-12-21 10:44:48.193root 11241100x8000000000000000416907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c4f308ee0db407a2021-12-21 10:44:48.193root 11241100x8000000000000000416908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab1fdc5561ce09dd2021-12-21 10:44:48.193root 11241100x8000000000000000416909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa97eda4e7854ab2021-12-21 10:44:48.193root 11241100x8000000000000000416910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d935d3b63e4363612021-12-21 10:44:48.193root 11241100x8000000000000000416911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2cff3afba11c5fe2021-12-21 10:44:48.193root 11241100x8000000000000000416912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc65a987a612ac52021-12-21 10:44:48.194root 11241100x8000000000000000416913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d5072ea740aec792021-12-21 10:44:48.194root 11241100x8000000000000000416914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba052d0826fd0412021-12-21 10:44:48.194root 11241100x8000000000000000416915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8819483a0b532932021-12-21 10:44:48.195root 11241100x8000000000000000416916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a798f6074c4245a92021-12-21 10:44:48.195root 11241100x8000000000000000416917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e72f814a615c1482021-12-21 10:44:48.195root 11241100x8000000000000000416918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06840953d4b58ae92021-12-21 10:44:48.195root 11241100x8000000000000000416919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.572eba09cb171dc32021-12-21 10:44:48.196root 11241100x8000000000000000416920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a92924934ae7182021-12-21 10:44:48.196root 11241100x8000000000000000416921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb3d83a70716ff02021-12-21 10:44:48.693root 11241100x8000000000000000416922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ee28cc6141c5dda2021-12-21 10:44:48.693root 11241100x8000000000000000416923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59b6736b008b91202021-12-21 10:44:48.693root 11241100x8000000000000000416924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f93f26dc6ef170c2021-12-21 10:44:48.693root 11241100x8000000000000000416925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7630b7e8a50bdb542021-12-21 10:44:48.693root 11241100x8000000000000000416926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cddbd971c51b0f6a2021-12-21 10:44:48.693root 11241100x8000000000000000416927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6876f6d670dd08f32021-12-21 10:44:48.693root 11241100x8000000000000000416928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5bbe9f64b2ae3db2021-12-21 10:44:48.694root 11241100x8000000000000000416929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2007e7e5f4c2370f2021-12-21 10:44:48.694root 11241100x8000000000000000416930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd6162dc65db5c52021-12-21 10:44:48.694root 11241100x8000000000000000416931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f673857e7d7a3d32021-12-21 10:44:48.694root 11241100x8000000000000000416932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6831d19dcce84b02021-12-21 10:44:48.694root 11241100x8000000000000000416933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf53255b3020deb62021-12-21 10:44:48.694root 11241100x8000000000000000416934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a9c40f3c79810812021-12-21 10:44:48.694root 11241100x8000000000000000416935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b097694d881b3a6d2021-12-21 10:44:48.694root 11241100x8000000000000000416936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00ad37263edbed872021-12-21 10:44:48.695root 11241100x8000000000000000416937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d761912cff2aca0e2021-12-21 10:44:49.193root 11241100x8000000000000000416938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c338a8bb12b455862021-12-21 10:44:49.193root 11241100x8000000000000000416939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ddcacd773f3a272021-12-21 10:44:49.194root 11241100x8000000000000000416940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2e48cbd153474f52021-12-21 10:44:49.194root 11241100x8000000000000000416941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1638353a9e49bfcf2021-12-21 10:44:49.194root 11241100x8000000000000000416942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c714e7f086c31b2021-12-21 10:44:49.194root 11241100x8000000000000000416943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9713f55ce37514612021-12-21 10:44:49.194root 11241100x8000000000000000416944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.293ae881eef865dd2021-12-21 10:44:49.194root 11241100x8000000000000000416945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad621e627388f072021-12-21 10:44:49.194root 11241100x8000000000000000416946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628089b16243a9882021-12-21 10:44:49.194root 11241100x8000000000000000416947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d03b14649a7af82021-12-21 10:44:49.194root 11241100x8000000000000000416948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0cff73cf5fb63292021-12-21 10:44:49.194root 11241100x8000000000000000416949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.669bc3e011a849ba2021-12-21 10:44:49.194root 11241100x8000000000000000416950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df9fbbd2566ec2d12021-12-21 10:44:49.194root 11241100x8000000000000000416951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ede5188b45b522c2021-12-21 10:44:49.194root 11241100x8000000000000000416952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d08b2f4f846c81bc2021-12-21 10:44:49.195root 11241100x8000000000000000416953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89ab935082e966e62021-12-21 10:44:49.693root 11241100x8000000000000000416954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efadc4aa68aa46422021-12-21 10:44:49.693root 11241100x8000000000000000416955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c542c58503752842021-12-21 10:44:49.693root 11241100x8000000000000000416956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df858f2449abe5d2021-12-21 10:44:49.693root 11241100x8000000000000000416957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6614773597c683312021-12-21 10:44:49.693root 11241100x8000000000000000416958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9cf1e12cb98c802021-12-21 10:44:49.694root 11241100x8000000000000000416959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a98eee31b0293db52021-12-21 10:44:49.694root 11241100x8000000000000000416960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d47c12ea0c7ed9d52021-12-21 10:44:49.694root 11241100x8000000000000000416961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5242a7276acb9f172021-12-21 10:44:49.694root 11241100x8000000000000000416962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a803ca1ecdbfa64a2021-12-21 10:44:49.694root 11241100x8000000000000000416963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf02c6f64c5932182021-12-21 10:44:49.694root 11241100x8000000000000000416964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6400da6120f544e32021-12-21 10:44:49.694root 11241100x8000000000000000416965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b1fe0634a194582021-12-21 10:44:49.694root 11241100x8000000000000000416966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fef75f39324f2cfa2021-12-21 10:44:49.694root 11241100x8000000000000000416967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d3323debc917b02021-12-21 10:44:49.694root 11241100x8000000000000000416968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da2f264235480422021-12-21 10:44:49.695root 11241100x8000000000000000416969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:50.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc8fa4a96f87d332021-12-21 10:44:50.192root 11241100x8000000000000000416970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd47ee72bbe8c2f32021-12-21 10:44:50.193root 11241100x8000000000000000416971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79138efa017b047d2021-12-21 10:44:50.193root 11241100x8000000000000000416972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e408c8445abc5f2021-12-21 10:44:50.193root 11241100x8000000000000000416973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cde9ab5bbb0646d2021-12-21 10:44:50.193root 11241100x8000000000000000416974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ad181ac1c52db5e2021-12-21 10:44:50.193root 11241100x8000000000000000416975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8aece662cf99bb42021-12-21 10:44:50.194root 11241100x8000000000000000416976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cca1292a29394462021-12-21 10:44:50.194root 11241100x8000000000000000416977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5613951f53cd8dee2021-12-21 10:44:50.194root 11241100x8000000000000000416978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c99c5404743f9fd2021-12-21 10:44:50.194root 11241100x8000000000000000416979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f66fe61678f2da2021-12-21 10:44:50.194root 11241100x8000000000000000416980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4b2930456c323c72021-12-21 10:44:50.194root 11241100x8000000000000000416981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.811b08e0be87eeed2021-12-21 10:44:50.194root 11241100x8000000000000000416982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.521fe621dcd9fd262021-12-21 10:44:50.194root 11241100x8000000000000000416983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6cad2bd2d2ed2952021-12-21 10:44:50.194root 11241100x8000000000000000416984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33773f7ad92604352021-12-21 10:44:50.194root 11241100x8000000000000000416985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5424092469a9d9e02021-12-21 10:44:50.195root 11241100x8000000000000000416986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.272639f99a9436f32021-12-21 10:44:50.195root 11241100x8000000000000000416987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e976c1dab68881a72021-12-21 10:44:50.693root 11241100x8000000000000000416988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f0da135288f8912021-12-21 10:44:50.693root 11241100x8000000000000000416989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a53e4058845aad2021-12-21 10:44:50.693root 11241100x8000000000000000416990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ca25cdc96d2b452021-12-21 10:44:50.693root 11241100x8000000000000000416991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61092f16eaf349292021-12-21 10:44:50.693root 11241100x8000000000000000416992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19d6fe45ccf811ec2021-12-21 10:44:50.693root 11241100x8000000000000000416993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.958e7ea4012713f32021-12-21 10:44:50.693root 11241100x8000000000000000416994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad221cc516eacb22021-12-21 10:44:50.694root 11241100x8000000000000000416995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4773e1841cfee642021-12-21 10:44:50.694root 11241100x8000000000000000416996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d569268b70cc25d32021-12-21 10:44:50.694root 11241100x8000000000000000416997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d93c460ffb3fe8c2021-12-21 10:44:50.694root 11241100x8000000000000000416998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb5e146352947d12021-12-21 10:44:50.695root 11241100x8000000000000000416999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47c4da8bb76d2b4d2021-12-21 10:44:50.695root 11241100x8000000000000000417000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ff875dae5e9fbd2021-12-21 10:44:50.695root 11241100x8000000000000000417001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.100598980c342f612021-12-21 10:44:50.695root 11241100x8000000000000000417002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be33ad766e94a2a12021-12-21 10:44:50.695root 11241100x8000000000000000417003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.050b00946f23b3bc2021-12-21 10:44:51.193root 11241100x8000000000000000417004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a692b3b827140f2021-12-21 10:44:51.193root 11241100x8000000000000000417005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a31069d50529f4d32021-12-21 10:44:51.193root 11241100x8000000000000000417006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beb0f0efec40e8ff2021-12-21 10:44:51.193root 11241100x8000000000000000417007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d4a8e30c18c6aa92021-12-21 10:44:51.193root 11241100x8000000000000000417008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db1a019036e733a2021-12-21 10:44:51.193root 11241100x8000000000000000417009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac5af2b93c466bd92021-12-21 10:44:51.193root 11241100x8000000000000000417010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775f828bcf2d82c82021-12-21 10:44:51.194root 11241100x8000000000000000417011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a84ce0a4002007f2021-12-21 10:44:51.194root 11241100x8000000000000000417012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76da62c30481066c2021-12-21 10:44:51.194root 11241100x8000000000000000417013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f4b563dc393fdf2021-12-21 10:44:51.194root 11241100x8000000000000000417014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0238b7f3d12707c2021-12-21 10:44:51.194root 11241100x8000000000000000417015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46c4c53c457e06a2021-12-21 10:44:51.194root 11241100x8000000000000000417016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b007e5a3ee792e22021-12-21 10:44:51.194root 11241100x8000000000000000417017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ccd26e529a238382021-12-21 10:44:51.194root 11241100x8000000000000000417018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ef641670e8a04c2021-12-21 10:44:51.194root 11241100x8000000000000000417019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b47cd953c8643a4a2021-12-21 10:44:51.693root 11241100x8000000000000000417020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4798e22eae8c07f52021-12-21 10:44:51.693root 11241100x8000000000000000417021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60159e35c76f7e1b2021-12-21 10:44:51.693root 11241100x8000000000000000417022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e28aca70e03cfd02021-12-21 10:44:51.693root 11241100x8000000000000000417023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc5c08ad1a5775c2021-12-21 10:44:51.693root 11241100x8000000000000000417024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c49a0716496c892021-12-21 10:44:51.693root 11241100x8000000000000000417025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f4cee3837d38e12021-12-21 10:44:51.693root 11241100x8000000000000000417026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2693a93b61d5fd22021-12-21 10:44:51.694root 11241100x8000000000000000417027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69bb00ea94d2a73c2021-12-21 10:44:51.694root 11241100x8000000000000000417028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af8babe0ebbfcc42021-12-21 10:44:51.694root 11241100x8000000000000000417029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd290cb07290d262021-12-21 10:44:51.694root 11241100x8000000000000000417030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e1b05a9a3a20df12021-12-21 10:44:51.694root 11241100x8000000000000000417031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d03fd417906e75282021-12-21 10:44:51.694root 11241100x8000000000000000417032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0eaa22900cb0a552021-12-21 10:44:51.694root 11241100x8000000000000000417033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cfb99ea9a1086052021-12-21 10:44:51.694root 11241100x8000000000000000417034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f7d89f6d7631b32021-12-21 10:44:51.694root 354300x8000000000000000417035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:52.128{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47542-false10.0.1.12-8000- 11241100x8000000000000000417036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:52.129{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.315fb2c06de1e2942021-12-21 10:44:52.129root 11241100x8000000000000000417037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:52.129{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a9a4512ff298932021-12-21 10:44:52.129root 11241100x8000000000000000417038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:52.129{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d5fbd7e028eaa282021-12-21 10:44:52.129root 11241100x8000000000000000417039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:52.129{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a3bb150449e5122021-12-21 10:44:52.129root 11241100x8000000000000000417040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:52.129{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4272e73653548562021-12-21 10:44:52.129root 11241100x8000000000000000417041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:52.129{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36374e89b4fedc72021-12-21 10:44:52.129root 11241100x8000000000000000417042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:52.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60dde55a8da2c3a22021-12-21 10:44:52.130root 11241100x8000000000000000417043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:52.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71ad0595840b16972021-12-21 10:44:52.130root 11241100x8000000000000000417044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:52.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.180a2557480292412021-12-21 10:44:52.130root 11241100x8000000000000000417045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:52.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e139ce7c41570c202021-12-21 10:44:52.130root 11241100x8000000000000000417046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:52.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06446ced3c039a702021-12-21 10:44:52.130root 11241100x8000000000000000417047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:52.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae7c6cfce22344db2021-12-21 10:44:52.130root 11241100x8000000000000000417048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:52.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d68e0fcc5eb6ef2021-12-21 10:44:52.130root 11241100x8000000000000000417049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:52.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef2cb60895ce20132021-12-21 10:44:52.130root 11241100x8000000000000000417050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:52.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c417b38fdb361c622021-12-21 10:44:52.130root 11241100x8000000000000000417051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:52.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.810081dc1a53360f2021-12-21 10:44:52.131root 11241100x8000000000000000417052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:52.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e0b5b25732d07b2021-12-21 10:44:52.131root 11241100x8000000000000000417053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d63c0108d9a8719f2021-12-21 10:44:52.443root 11241100x8000000000000000417054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f5c041946931572021-12-21 10:44:52.443root 11241100x8000000000000000417055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eab3e2add15153a2021-12-21 10:44:52.443root 11241100x8000000000000000417056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5814e25753f2d9e52021-12-21 10:44:52.443root 11241100x8000000000000000417057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b3a1638dbf34762021-12-21 10:44:52.443root 11241100x8000000000000000417058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc46a3e80dc33732021-12-21 10:44:52.444root 11241100x8000000000000000417059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5066ca13fcae7a772021-12-21 10:44:52.444root 11241100x8000000000000000417060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c89a099f2d54fd202021-12-21 10:44:52.444root 11241100x8000000000000000417061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca95f881db8f580e2021-12-21 10:44:52.444root 11241100x8000000000000000417062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8efd94e03b111772021-12-21 10:44:52.444root 11241100x8000000000000000417063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c64f7ae810d7212021-12-21 10:44:52.444root 11241100x8000000000000000417064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.863266b935e981142021-12-21 10:44:52.444root 11241100x8000000000000000417065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d9e5e84126ea1952021-12-21 10:44:52.444root 11241100x8000000000000000417066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b1e0170a86440042021-12-21 10:44:52.444root 11241100x8000000000000000417067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a076cd192e65d5892021-12-21 10:44:52.444root 11241100x8000000000000000417068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d313208b3f5738a22021-12-21 10:44:52.445root 11241100x8000000000000000417069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581f6fdedee22d952021-12-21 10:44:52.445root 11241100x8000000000000000417070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28129cd3656e3d222021-12-21 10:44:52.943root 11241100x8000000000000000417071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45efcc8b81a5015a2021-12-21 10:44:52.943root 11241100x8000000000000000417072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e89b84393ff59f152021-12-21 10:44:52.943root 11241100x8000000000000000417073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.982369caca605d922021-12-21 10:44:52.944root 11241100x8000000000000000417074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.556d8db1b8e3cccf2021-12-21 10:44:52.944root 11241100x8000000000000000417075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c07d6ba5adf48e2021-12-21 10:44:52.944root 11241100x8000000000000000417076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab78dd328e76e7132021-12-21 10:44:52.944root 11241100x8000000000000000417077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4f27ab2e683cc9e2021-12-21 10:44:52.944root 11241100x8000000000000000417078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5756637079d8f3cb2021-12-21 10:44:52.944root 11241100x8000000000000000417079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.676333a14c0926902021-12-21 10:44:52.945root 11241100x8000000000000000417080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd15f0a9b56a0a5e2021-12-21 10:44:52.945root 11241100x8000000000000000417081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c12e8547710a16e2021-12-21 10:44:52.945root 11241100x8000000000000000417082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa16e0c0289641b2021-12-21 10:44:52.945root 11241100x8000000000000000417083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a264b3f9723059772021-12-21 10:44:52.945root 11241100x8000000000000000417084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3782533a3cd365e2021-12-21 10:44:52.945root 11241100x8000000000000000417085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede5507792ff307f2021-12-21 10:44:52.945root 11241100x8000000000000000417086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.119585bc2fdf0d212021-12-21 10:44:52.945root 11241100x8000000000000000417087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4881fd4e536f5ab2021-12-21 10:44:53.443root 11241100x8000000000000000417088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14fc44b0ed1cea932021-12-21 10:44:53.443root 11241100x8000000000000000417089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.257fff9ebf77ec482021-12-21 10:44:53.443root 11241100x8000000000000000417090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c764996f4b0ed872021-12-21 10:44:53.443root 11241100x8000000000000000417091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d916c371f8498e2021-12-21 10:44:53.443root 11241100x8000000000000000417092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6fdf920521b36762021-12-21 10:44:53.443root 11241100x8000000000000000417093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11fe127f347bb9b22021-12-21 10:44:53.444root 11241100x8000000000000000417094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.738284f773966c922021-12-21 10:44:53.444root 11241100x8000000000000000417095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1efcd96d2748115a2021-12-21 10:44:53.444root 11241100x8000000000000000417096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da40092b0988760a2021-12-21 10:44:53.444root 11241100x8000000000000000417097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35624a385398a9692021-12-21 10:44:53.444root 11241100x8000000000000000417098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8affd5e315f7af242021-12-21 10:44:53.444root 11241100x8000000000000000417099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f190f21bf6c0092021-12-21 10:44:53.445root 11241100x8000000000000000417100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ee3253cf3e7f8942021-12-21 10:44:53.445root 11241100x8000000000000000417101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a97c39bd2ca2532021-12-21 10:44:53.445root 11241100x8000000000000000417102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.256137b0d9ceef9a2021-12-21 10:44:53.445root 11241100x8000000000000000417103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e563bff8dd58ae2021-12-21 10:44:53.445root 11241100x8000000000000000417104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b3539a5740128902021-12-21 10:44:53.943root 11241100x8000000000000000417105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcdf17edf5a0acf62021-12-21 10:44:53.943root 11241100x8000000000000000417106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6dbfe53147e0eb72021-12-21 10:44:53.943root 11241100x8000000000000000417107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3ecce1c89f35dc2021-12-21 10:44:53.944root 11241100x8000000000000000417108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf8a7a10e3f2e9662021-12-21 10:44:53.944root 11241100x8000000000000000417109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.917f70c1788972722021-12-21 10:44:53.944root 11241100x8000000000000000417110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c95abd7d1547e0522021-12-21 10:44:53.944root 11241100x8000000000000000417111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d896cf3032839ec42021-12-21 10:44:53.944root 11241100x8000000000000000417112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.796b0e7809647f782021-12-21 10:44:53.944root 11241100x8000000000000000417113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.087604737ce2c4712021-12-21 10:44:53.944root 11241100x8000000000000000417114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f89e5f46bb505e442021-12-21 10:44:53.944root 11241100x8000000000000000417115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e27ee8ff0222d4492021-12-21 10:44:53.944root 11241100x8000000000000000417116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffb2fc9552ca93c72021-12-21 10:44:53.944root 11241100x8000000000000000417117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57319609d5f910622021-12-21 10:44:53.944root 11241100x8000000000000000417118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea3bcd223efd4632021-12-21 10:44:53.944root 11241100x8000000000000000417119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c08fc2716826732021-12-21 10:44:53.945root 11241100x8000000000000000417120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47705e12702681a32021-12-21 10:44:53.945root 11241100x8000000000000000417121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d3a2d0ab71f2b602021-12-21 10:44:54.443root 11241100x8000000000000000417122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e9f6ff4e6e77e5d2021-12-21 10:44:54.443root 11241100x8000000000000000417123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b1d50c4028c7fbf2021-12-21 10:44:54.443root 11241100x8000000000000000417124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bd2033fe6759d3c2021-12-21 10:44:54.443root 11241100x8000000000000000417125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f8b35bcebb1dee2021-12-21 10:44:54.443root 11241100x8000000000000000417126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e212bbe1d33d272021-12-21 10:44:54.443root 11241100x8000000000000000417127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ab13447dfe006492021-12-21 10:44:54.444root 11241100x8000000000000000417128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7815175149eedece2021-12-21 10:44:54.444root 11241100x8000000000000000417129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe0e82a372b0f6d92021-12-21 10:44:54.444root 11241100x8000000000000000417130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a5be506c0dfcb62021-12-21 10:44:54.444root 11241100x8000000000000000417131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31435c30b4b214af2021-12-21 10:44:54.444root 11241100x8000000000000000417132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de25684ffa480fe2021-12-21 10:44:54.444root 11241100x8000000000000000417133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5787221d04b6add92021-12-21 10:44:54.444root 11241100x8000000000000000417134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec7ca122a51f06632021-12-21 10:44:54.444root 11241100x8000000000000000417135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.090cbed7cabcdb402021-12-21 10:44:54.444root 11241100x8000000000000000417136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.018cf373421b87b92021-12-21 10:44:54.444root 11241100x8000000000000000417137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad349a77be8b43582021-12-21 10:44:54.445root 11241100x8000000000000000417138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c8f98a3bc510182021-12-21 10:44:54.943root 11241100x8000000000000000417139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa4190b80b47f272021-12-21 10:44:54.943root 11241100x8000000000000000417140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18fd96800876884a2021-12-21 10:44:54.943root 11241100x8000000000000000417141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.868072e78224d0792021-12-21 10:44:54.943root 11241100x8000000000000000417142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d616fa9c4a13002021-12-21 10:44:54.944root 11241100x8000000000000000417143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a57bd2e6d22fd2e82021-12-21 10:44:54.944root 11241100x8000000000000000417144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0912ff6ab5e396ab2021-12-21 10:44:54.944root 11241100x8000000000000000417145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2c76a002e8e76de2021-12-21 10:44:54.944root 11241100x8000000000000000417146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7432077a334707792021-12-21 10:44:54.944root 11241100x8000000000000000417147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b72ad6dc39803bf02021-12-21 10:44:54.944root 11241100x8000000000000000417148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.224e388c8e275adf2021-12-21 10:44:54.944root 11241100x8000000000000000417149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3469a5184cd721c82021-12-21 10:44:54.944root 11241100x8000000000000000417150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eacf11b3b431fa52021-12-21 10:44:54.944root 11241100x8000000000000000417151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed36fc575b4b8f802021-12-21 10:44:54.945root 11241100x8000000000000000417152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d81eb7fb52994b2021-12-21 10:44:54.945root 11241100x8000000000000000417153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b03098a3b68c72fd2021-12-21 10:44:54.945root 11241100x8000000000000000417154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a30baabee9d943992021-12-21 10:44:54.945root 11241100x8000000000000000417155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e38f9e1112e6a8b2021-12-21 10:44:55.443root 11241100x8000000000000000417156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267585afc1121cea2021-12-21 10:44:55.443root 11241100x8000000000000000417157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dacbd5b49e1c41502021-12-21 10:44:55.443root 11241100x8000000000000000417158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cf7c32622e0b0242021-12-21 10:44:55.443root 11241100x8000000000000000417159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba38c41af0faccd2021-12-21 10:44:55.443root 11241100x8000000000000000417160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef7fcbb67d157392021-12-21 10:44:55.444root 11241100x8000000000000000417161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b129d73875a5fb1d2021-12-21 10:44:55.444root 11241100x8000000000000000417162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718c4d0a19ccea542021-12-21 10:44:55.444root 11241100x8000000000000000417163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efac231a3fbbd0f92021-12-21 10:44:55.444root 11241100x8000000000000000417164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b71812be59ed5ba22021-12-21 10:44:55.444root 11241100x8000000000000000417165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.679d1d983f67c73d2021-12-21 10:44:55.444root 11241100x8000000000000000417166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f05c8399bfd9452021-12-21 10:44:55.444root 11241100x8000000000000000417167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd614de02a130982021-12-21 10:44:55.444root 11241100x8000000000000000417168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c701876490c44c882021-12-21 10:44:55.444root 11241100x8000000000000000417169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f6340be70e422a52021-12-21 10:44:55.444root 11241100x8000000000000000417170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c37489d01083662021-12-21 10:44:55.444root 11241100x8000000000000000417171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f65bf2c8cf54792021-12-21 10:44:55.444root 11241100x8000000000000000417172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.314abf666755bdf62021-12-21 10:44:55.943root 11241100x8000000000000000417173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8e0faaf00299bd72021-12-21 10:44:55.943root 11241100x8000000000000000417174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f381e3cd8d635f82021-12-21 10:44:55.943root 11241100x8000000000000000417175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df8314d9e878ab002021-12-21 10:44:55.943root 11241100x8000000000000000417176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74f97d3df97f39a2021-12-21 10:44:55.944root 11241100x8000000000000000417177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15fdc6329f912af72021-12-21 10:44:55.944root 11241100x8000000000000000417178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.662af2263f19f2b72021-12-21 10:44:55.944root 11241100x8000000000000000417179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e742c1dba4c6f22021-12-21 10:44:55.944root 11241100x8000000000000000417180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ebed4e7fc778d572021-12-21 10:44:55.944root 11241100x8000000000000000417181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e6e38f33e384962021-12-21 10:44:55.944root 11241100x8000000000000000417182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e12329322334a992021-12-21 10:44:55.944root 11241100x8000000000000000417183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d0574c091d8ece2021-12-21 10:44:55.944root 11241100x8000000000000000417184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc907fb6295025b82021-12-21 10:44:55.944root 11241100x8000000000000000417185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527751ee5120fc0b2021-12-21 10:44:55.945root 11241100x8000000000000000417186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4809c8cf2ad837eb2021-12-21 10:44:55.945root 11241100x8000000000000000417187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3120a9deca00c04c2021-12-21 10:44:55.945root 11241100x8000000000000000417188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb9d265a7300efe2021-12-21 10:44:55.945root 11241100x8000000000000000417189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a002bd6de8ff41b2021-12-21 10:44:56.443root 11241100x8000000000000000417190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b925641aaeb62cff2021-12-21 10:44:56.443root 11241100x8000000000000000417191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987385ac5d8044b62021-12-21 10:44:56.443root 11241100x8000000000000000417192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa6fa6934e74d7ef2021-12-21 10:44:56.443root 11241100x8000000000000000417193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d91d058ad76a6ac2021-12-21 10:44:56.443root 11241100x8000000000000000417194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe662a63b82805d2021-12-21 10:44:56.444root 11241100x8000000000000000417195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1d7085248ededdb2021-12-21 10:44:56.444root 11241100x8000000000000000417196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e445c6c3805e3402021-12-21 10:44:56.444root 11241100x8000000000000000417197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.924fe6a9ee9713d72021-12-21 10:44:56.444root 11241100x8000000000000000417198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b38bcc2453640e2021-12-21 10:44:56.444root 11241100x8000000000000000417199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b7d1fb6d9f87b02021-12-21 10:44:56.444root 11241100x8000000000000000417200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46016c4a00323f7d2021-12-21 10:44:56.444root 11241100x8000000000000000417201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a16b6de73c5c632021-12-21 10:44:56.444root 11241100x8000000000000000417202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9363dd9d943408c22021-12-21 10:44:56.444root 11241100x8000000000000000417203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8aadc20ed796aaa2021-12-21 10:44:56.444root 11241100x8000000000000000417204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fcbba3a888fd4702021-12-21 10:44:56.444root 11241100x8000000000000000417205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a4569b5a1619c52021-12-21 10:44:56.444root 11241100x8000000000000000417206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb587da5eaf727152021-12-21 10:44:56.943root 11241100x8000000000000000417207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e40477abee8ed61e2021-12-21 10:44:56.943root 11241100x8000000000000000417208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f70449fe081b17e2021-12-21 10:44:56.943root 11241100x8000000000000000417209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37db08d7ec5441692021-12-21 10:44:56.943root 11241100x8000000000000000417210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6512f66091f30742021-12-21 10:44:56.943root 11241100x8000000000000000417211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1059c83467ce93b42021-12-21 10:44:56.943root 11241100x8000000000000000417212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcdcc3c0fde2a9bd2021-12-21 10:44:56.944root 11241100x8000000000000000417213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18dcb8f7b2d5d892021-12-21 10:44:56.944root 11241100x8000000000000000417214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca17db0550d57912021-12-21 10:44:56.944root 11241100x8000000000000000417215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c85760824447da7b2021-12-21 10:44:56.944root 11241100x8000000000000000417216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5bed43e6a2cffde2021-12-21 10:44:56.944root 11241100x8000000000000000417217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3830e4b4baf3ce6c2021-12-21 10:44:56.944root 11241100x8000000000000000417218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48db6b5f0b6ad4f62021-12-21 10:44:56.944root 11241100x8000000000000000417219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2638c4d3f0719512021-12-21 10:44:56.944root 11241100x8000000000000000417220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ab1d852bfbdc982021-12-21 10:44:56.944root 11241100x8000000000000000417221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c16884e37552c1ad2021-12-21 10:44:56.944root 11241100x8000000000000000417222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6520070b17dcaf252021-12-21 10:44:56.944root 354300x8000000000000000417223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:57.251{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47544-false10.0.1.12-8000- 11241100x8000000000000000417224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:57.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b63a8cea4a9b4a12021-12-21 10:44:57.251root 11241100x8000000000000000417225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:57.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03dea4b04781d8b52021-12-21 10:44:57.251root 11241100x8000000000000000417226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:57.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e1ddb2a8ed02b982021-12-21 10:44:57.251root 11241100x8000000000000000417227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:57.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e9de4977244d4332021-12-21 10:44:57.252root 11241100x8000000000000000417228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:57.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd40e5b7012efcc2021-12-21 10:44:57.252root 11241100x8000000000000000417229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:57.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e15e5f42296255102021-12-21 10:44:57.252root 11241100x8000000000000000417230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:57.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b0ce8e827e3c3d2021-12-21 10:44:57.252root 11241100x8000000000000000417231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:57.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e15f1f1d609cb5b22021-12-21 10:44:57.252root 11241100x8000000000000000417232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:57.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.906d41611087e77d2021-12-21 10:44:57.252root 11241100x8000000000000000417233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:57.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b8c2dd89690a1172021-12-21 10:44:57.252root 11241100x8000000000000000417234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:57.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2272d6b633ca3f822021-12-21 10:44:57.253root 11241100x8000000000000000417235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:57.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ae3cb043a073d12021-12-21 10:44:57.253root 11241100x8000000000000000417236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:57.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c7f632372fa25162021-12-21 10:44:57.253root 11241100x8000000000000000417237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:57.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5156cac27b6ff7202021-12-21 10:44:57.253root 11241100x8000000000000000417238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:57.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e886e4ed1dfc532021-12-21 10:44:57.253root 11241100x8000000000000000417239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:57.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73e62c9a74650d152021-12-21 10:44:57.253root 11241100x8000000000000000417240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:57.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8d27f2ca16e5112021-12-21 10:44:57.253root 11241100x8000000000000000417241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:57.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad088290db515232021-12-21 10:44:57.253root 11241100x8000000000000000417242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:57.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.086a4a4aff3ea1802021-12-21 10:44:57.253root 11241100x8000000000000000417243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:57.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfcf1a3b55293e7a2021-12-21 10:44:57.253root 11241100x8000000000000000417244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:57.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c71b64097a4aaf22021-12-21 10:44:57.253root 11241100x8000000000000000417245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:57.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1eb36b7531831f82021-12-21 10:44:57.253root 11241100x8000000000000000417246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:57.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb007b5a430f747b2021-12-21 10:44:57.253root 11241100x8000000000000000417247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a46672b71d985fe2021-12-21 10:44:57.693root 11241100x8000000000000000417248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab254f37789cf4e02021-12-21 10:44:57.693root 11241100x8000000000000000417249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff5ee1ffa8b32f272021-12-21 10:44:57.694root 11241100x8000000000000000417250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c495073685e96bb2021-12-21 10:44:57.694root 11241100x8000000000000000417251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afbed59fc718218e2021-12-21 10:44:57.694root 11241100x8000000000000000417252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.927deec2d16120e92021-12-21 10:44:57.694root 11241100x8000000000000000417253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c7fd29b70453e82021-12-21 10:44:57.694root 11241100x8000000000000000417254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58a89a8cf53772b82021-12-21 10:44:57.694root 11241100x8000000000000000417255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371702ceef172d2c2021-12-21 10:44:57.694root 11241100x8000000000000000417256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7044fcea1bcf0c22021-12-21 10:44:57.694root 11241100x8000000000000000417257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d39473b36ba58582021-12-21 10:44:57.695root 11241100x8000000000000000417258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01f71074d12472f02021-12-21 10:44:57.695root 11241100x8000000000000000417259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a390de74277467c42021-12-21 10:44:57.695root 11241100x8000000000000000417260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa9de94b30d13ef72021-12-21 10:44:57.695root 11241100x8000000000000000417261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882fa0b65c8622e02021-12-21 10:44:57.695root 11241100x8000000000000000417262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e26d2caa020c09de2021-12-21 10:44:57.695root 11241100x8000000000000000417263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882959d25ac8f15d2021-12-21 10:44:57.695root 11241100x8000000000000000417264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.077e1c56a7cd71cc2021-12-21 10:44:57.695root 11241100x8000000000000000417265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b34d43b12ede086c2021-12-21 10:44:58.193root 11241100x8000000000000000417266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.532cc522ea6cd9dd2021-12-21 10:44:58.193root 11241100x8000000000000000417267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb066cdc3d0e521b2021-12-21 10:44:58.193root 11241100x8000000000000000417268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0706f7a863dee2e12021-12-21 10:44:58.193root 11241100x8000000000000000417269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16dea33351730a4b2021-12-21 10:44:58.193root 11241100x8000000000000000417270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72b72880a6bbdd9b2021-12-21 10:44:58.193root 11241100x8000000000000000417271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5408bbb263951a22021-12-21 10:44:58.194root 11241100x8000000000000000417272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e3e6eb8cab83bc12021-12-21 10:44:58.194root 11241100x8000000000000000417273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9cdb427f63fd9592021-12-21 10:44:58.194root 11241100x8000000000000000417274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eba9f825bb9da97d2021-12-21 10:44:58.194root 11241100x8000000000000000417275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b2097a9433b3d7e2021-12-21 10:44:58.194root 11241100x8000000000000000417276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c420345610bfa82021-12-21 10:44:58.194root 11241100x8000000000000000417277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.113fc5f3db2cc9e22021-12-21 10:44:58.194root 11241100x8000000000000000417278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd6518eb6a4532172021-12-21 10:44:58.194root 11241100x8000000000000000417279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69ea4b753bc485452021-12-21 10:44:58.194root 11241100x8000000000000000417280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ce98b05659095c2021-12-21 10:44:58.194root 11241100x8000000000000000417281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1942bd2197ba26482021-12-21 10:44:58.194root 11241100x8000000000000000417282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f8234fc7acb0362021-12-21 10:44:58.194root 11241100x8000000000000000417283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fdfb201faf423352021-12-21 10:44:58.693root 11241100x8000000000000000417284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.922f21e4d73f87f12021-12-21 10:44:58.693root 11241100x8000000000000000417285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871467b43e32910c2021-12-21 10:44:58.693root 11241100x8000000000000000417286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f7f33bb77c90b822021-12-21 10:44:58.693root 11241100x8000000000000000417287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.845e8c7c4be416612021-12-21 10:44:58.694root 11241100x8000000000000000417288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.835d9b1f469de2ae2021-12-21 10:44:58.694root 11241100x8000000000000000417289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf3049a0eb5c8e422021-12-21 10:44:58.694root 11241100x8000000000000000417290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7ae57036138c8cb2021-12-21 10:44:58.694root 11241100x8000000000000000417291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e1ec8fb18fa43502021-12-21 10:44:58.694root 11241100x8000000000000000417292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b89e6ae00bcf302021-12-21 10:44:58.694root 11241100x8000000000000000417293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a78faa232900aa2021-12-21 10:44:58.694root 11241100x8000000000000000417294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f4fd38ce5681cd82021-12-21 10:44:58.694root 11241100x8000000000000000417295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.579baf01a468988d2021-12-21 10:44:58.694root 11241100x8000000000000000417296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.771d55c7c163e6d22021-12-21 10:44:58.694root 11241100x8000000000000000417297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f15baacde7fc7812021-12-21 10:44:58.694root 11241100x8000000000000000417298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.800beba7054918e82021-12-21 10:44:58.694root 11241100x8000000000000000417299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:58.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e280d6ce40315412021-12-21 10:44:58.695root 11241100x8000000000000000417300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:58.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fea97be0f66c9532021-12-21 10:44:58.695root 11241100x8000000000000000417301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d5638b1d35a1a022021-12-21 10:44:59.193root 11241100x8000000000000000417302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da6522fa0aa70762021-12-21 10:44:59.193root 11241100x8000000000000000417303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e4bcf9246fb20452021-12-21 10:44:59.193root 11241100x8000000000000000417304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b0ab527edf8e88b2021-12-21 10:44:59.193root 11241100x8000000000000000417305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.271794670e1f1f592021-12-21 10:44:59.193root 11241100x8000000000000000417306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8142cd6693d31def2021-12-21 10:44:59.193root 11241100x8000000000000000417307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299e57b75dfeba482021-12-21 10:44:59.194root 11241100x8000000000000000417308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c6e093fd356f4e2021-12-21 10:44:59.194root 11241100x8000000000000000417309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ef4ba54b36378b2021-12-21 10:44:59.194root 11241100x8000000000000000417310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f53c8b9f9f29d192021-12-21 10:44:59.194root 11241100x8000000000000000417311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91905845d29209322021-12-21 10:44:59.194root 11241100x8000000000000000417312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d63d7ae6ace241602021-12-21 10:44:59.194root 11241100x8000000000000000417313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37f4cb7a11e07352021-12-21 10:44:59.194root 11241100x8000000000000000417314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2c5d47e8e30e1b2021-12-21 10:44:59.194root 11241100x8000000000000000417315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd9085fc5244f8732021-12-21 10:44:59.194root 11241100x8000000000000000417316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ef32f74f66bf9a2021-12-21 10:44:59.194root 11241100x8000000000000000417317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3928a93126514782021-12-21 10:44:59.194root 11241100x8000000000000000417318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3f4e5e3a686bc222021-12-21 10:44:59.195root 11241100x8000000000000000417319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfbd59f2c100a4bc2021-12-21 10:44:59.693root 11241100x8000000000000000417320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ac8de53b278cd3a2021-12-21 10:44:59.693root 11241100x8000000000000000417321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb9fee5c925255f52021-12-21 10:44:59.693root 11241100x8000000000000000417322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d58055deb0c0dbb92021-12-21 10:44:59.693root 11241100x8000000000000000417323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f190a42a5f8e03f2021-12-21 10:44:59.693root 11241100x8000000000000000417324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29920d32328a649f2021-12-21 10:44:59.693root 11241100x8000000000000000417325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1533e3fa9776eb132021-12-21 10:44:59.694root 11241100x8000000000000000417326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b5000f3777f0ae22021-12-21 10:44:59.694root 11241100x8000000000000000417327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c2ab5bf296ee6ab2021-12-21 10:44:59.694root 11241100x8000000000000000417328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f611ff9639f1f2b2021-12-21 10:44:59.694root 11241100x8000000000000000417329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a00428635604722021-12-21 10:44:59.694root 11241100x8000000000000000417330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad06a2581edb0d6e2021-12-21 10:44:59.694root 11241100x8000000000000000417331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9293baa346e5a9992021-12-21 10:44:59.694root 11241100x8000000000000000417332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c38ea55e7d764ae2021-12-21 10:44:59.695root 11241100x8000000000000000417333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff7039b2c25cbe72021-12-21 10:44:59.695root 11241100x8000000000000000417334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a226ffac504c388d2021-12-21 10:44:59.695root 11241100x8000000000000000417335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77f2d263bcc387eb2021-12-21 10:44:59.695root 11241100x8000000000000000417336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:44:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2019de7b03fa6da2021-12-21 10:44:59.695root 11241100x8000000000000000417337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1210a5a92d6e222b2021-12-21 10:45:00.193root 11241100x8000000000000000417338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e4125dcf90fa7ad2021-12-21 10:45:00.193root 11241100x8000000000000000417339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f5c053eb00f08ab2021-12-21 10:45:00.193root 11241100x8000000000000000417340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af8eced10618d9b42021-12-21 10:45:00.193root 11241100x8000000000000000417341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a685246308677e2021-12-21 10:45:00.194root 11241100x8000000000000000417342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e900d216439a541c2021-12-21 10:45:00.194root 11241100x8000000000000000417343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eff113f5fcfd772e2021-12-21 10:45:00.194root 11241100x8000000000000000417344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e4fab304e574ae62021-12-21 10:45:00.194root 11241100x8000000000000000417345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055c1050d4e432572021-12-21 10:45:00.194root 11241100x8000000000000000417346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa3cfffc8c83bc7e2021-12-21 10:45:00.194root 11241100x8000000000000000417347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8642c6f9ddb7432b2021-12-21 10:45:00.194root 11241100x8000000000000000417348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a83e5e19fb8a5b42021-12-21 10:45:00.194root 11241100x8000000000000000417349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60270881f46c3f3c2021-12-21 10:45:00.194root 11241100x8000000000000000417350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25997f1f60c58c262021-12-21 10:45:00.194root 11241100x8000000000000000417351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a494d8866e33cb422021-12-21 10:45:00.194root 11241100x8000000000000000417352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.737d43b0980048732021-12-21 10:45:00.194root 11241100x8000000000000000417353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3249685dc9ee17f52021-12-21 10:45:00.194root 11241100x8000000000000000417354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b4e68fbaddd03f2021-12-21 10:45:00.195root 11241100x8000000000000000417355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb87279864fd9ef2021-12-21 10:45:00.693root 11241100x8000000000000000417356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ead4cd7527e98d82021-12-21 10:45:00.693root 11241100x8000000000000000417357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f31a7d678f3208302021-12-21 10:45:00.693root 11241100x8000000000000000417358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a678d3bd92d6c47d2021-12-21 10:45:00.694root 11241100x8000000000000000417359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138c339ec9ae2ceb2021-12-21 10:45:00.694root 11241100x8000000000000000417360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.026841507bf9a9412021-12-21 10:45:00.694root 11241100x8000000000000000417361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd994a4af1bdf28c2021-12-21 10:45:00.694root 11241100x8000000000000000417362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e37016f29acd3582021-12-21 10:45:00.694root 11241100x8000000000000000417363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d10aebdacbd93f2021-12-21 10:45:00.694root 11241100x8000000000000000417364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1473b7fa2dd16d642021-12-21 10:45:00.694root 11241100x8000000000000000417365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f22839e02d458632021-12-21 10:45:00.694root 11241100x8000000000000000417366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.702fa9a865cf0f2e2021-12-21 10:45:00.694root 11241100x8000000000000000417367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4719ae0e39892fe2021-12-21 10:45:00.694root 11241100x8000000000000000417368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51930fcd3bb035462021-12-21 10:45:00.694root 11241100x8000000000000000417369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:00.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23aec0ca23bf2f6b2021-12-21 10:45:00.695root 11241100x8000000000000000417370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:00.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac12032e5bc9c4dc2021-12-21 10:45:00.695root 11241100x8000000000000000417371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:00.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46d578d18b881a52021-12-21 10:45:00.695root 11241100x8000000000000000417372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:00.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f68362762dd7372021-12-21 10:45:00.695root 11241100x8000000000000000417373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a985c70f14a66d1a2021-12-21 10:45:01.193root 11241100x8000000000000000417374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ff38cd50f50f912021-12-21 10:45:01.193root 11241100x8000000000000000417375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07924f242b1cc4e12021-12-21 10:45:01.193root 11241100x8000000000000000417376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a37e7e06f7027ea2021-12-21 10:45:01.193root 11241100x8000000000000000417377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76172bc029c00fc72021-12-21 10:45:01.193root 11241100x8000000000000000417378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.868ff1f245c264822021-12-21 10:45:01.193root 11241100x8000000000000000417379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b14fc58bec0c97e2021-12-21 10:45:01.193root 11241100x8000000000000000417380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01697771fcd177442021-12-21 10:45:01.193root 11241100x8000000000000000417381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fea85aece05eaca62021-12-21 10:45:01.193root 11241100x8000000000000000417382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce9e318941d95e812021-12-21 10:45:01.193root 11241100x8000000000000000417383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.435ef5383b7ec4002021-12-21 10:45:01.193root 11241100x8000000000000000417384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1800c192519b1f82021-12-21 10:45:01.193root 11241100x8000000000000000417385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d3f8233b6a0c092021-12-21 10:45:01.194root 11241100x8000000000000000417386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5644c6c3230369462021-12-21 10:45:01.194root 11241100x8000000000000000417387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.448ca54425532a492021-12-21 10:45:01.194root 11241100x8000000000000000417388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e5c1198718f744b2021-12-21 10:45:01.194root 11241100x8000000000000000417389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52045e1e617b57a02021-12-21 10:45:01.194root 11241100x8000000000000000417390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c9bf344207d3dc2021-12-21 10:45:01.194root 11241100x8000000000000000417391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.260af304c02166642021-12-21 10:45:01.693root 11241100x8000000000000000417392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c544b97a9528ab2021-12-21 10:45:01.693root 11241100x8000000000000000417393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddae2e6c0acc36552021-12-21 10:45:01.693root 11241100x8000000000000000417394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0eb713bcca97c52021-12-21 10:45:01.693root 11241100x8000000000000000417395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b10049b1c23ed52021-12-21 10:45:01.694root 11241100x8000000000000000417396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d53d53704b511872021-12-21 10:45:01.694root 11241100x8000000000000000417397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c072ed2daa25a52021-12-21 10:45:01.694root 11241100x8000000000000000417398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca4c3ebd415d04c2021-12-21 10:45:01.694root 11241100x8000000000000000417399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5d8130a94d49ee62021-12-21 10:45:01.694root 11241100x8000000000000000417400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ca65d2ac0fb68f2021-12-21 10:45:01.694root 11241100x8000000000000000417401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e6a4ef5379aa7d2021-12-21 10:45:01.694root 11241100x8000000000000000417402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a3847758b0fb7582021-12-21 10:45:01.694root 11241100x8000000000000000417403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db1d0fb93b4dfb132021-12-21 10:45:01.694root 11241100x8000000000000000417404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b47d9680bbb00782021-12-21 10:45:01.694root 11241100x8000000000000000417405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c449ef07f04d4552021-12-21 10:45:01.695root 11241100x8000000000000000417406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78bd2279427e38b82021-12-21 10:45:01.695root 11241100x8000000000000000417407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c8d55d096cdfbe2021-12-21 10:45:01.695root 11241100x8000000000000000417408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b42489d6127fc9222021-12-21 10:45:01.695root 11241100x8000000000000000417409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90929bdd380841f92021-12-21 10:45:02.193root 11241100x8000000000000000417410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d6b7ae76b5501372021-12-21 10:45:02.193root 11241100x8000000000000000417411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad4cbdb0005461e22021-12-21 10:45:02.193root 11241100x8000000000000000417412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f06cb530038edc032021-12-21 10:45:02.193root 11241100x8000000000000000417413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bd80d06e289dad72021-12-21 10:45:02.194root 11241100x8000000000000000417414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa533bbc411f40b02021-12-21 10:45:02.194root 11241100x8000000000000000417415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a9c9841f8258392021-12-21 10:45:02.194root 11241100x8000000000000000417416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6acbc9af75669e022021-12-21 10:45:02.194root 11241100x8000000000000000417417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f016b6b8782f7ee52021-12-21 10:45:02.194root 11241100x8000000000000000417418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.110bc489c7ae0e172021-12-21 10:45:02.194root 11241100x8000000000000000417419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f38368bccb216232021-12-21 10:45:02.194root 11241100x8000000000000000417420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fe075dace5ab0b02021-12-21 10:45:02.194root 11241100x8000000000000000417421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d7c4fb8e765b292021-12-21 10:45:02.194root 11241100x8000000000000000417422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1b42eb26a6f08a52021-12-21 10:45:02.194root 11241100x8000000000000000417423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e9efcb91ed8bfaf2021-12-21 10:45:02.194root 11241100x8000000000000000417424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b99fa1c1295fad2021-12-21 10:45:02.194root 11241100x8000000000000000417425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48ccea9fbc2aaaf82021-12-21 10:45:02.194root 11241100x8000000000000000417426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec3ad8485663f3002021-12-21 10:45:02.194root 11241100x8000000000000000417427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e375d80f0a5ed2592021-12-21 10:45:02.693root 11241100x8000000000000000417428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25f1cd40b54ae74e2021-12-21 10:45:02.693root 11241100x8000000000000000417429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a7eb44429609432021-12-21 10:45:02.693root 11241100x8000000000000000417430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3595c1777bab64012021-12-21 10:45:02.693root 11241100x8000000000000000417431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ec36c3e030651e2021-12-21 10:45:02.693root 11241100x8000000000000000417432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.455b977ff79d46412021-12-21 10:45:02.694root 11241100x8000000000000000417433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f24789e2d86f55a2021-12-21 10:45:02.694root 11241100x8000000000000000417434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5834a51af0823b7f2021-12-21 10:45:02.694root 11241100x8000000000000000417435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09beb0db4acf8602021-12-21 10:45:02.694root 11241100x8000000000000000417436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc8c66fb45680612021-12-21 10:45:02.694root 11241100x8000000000000000417437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f6db169f2b19242021-12-21 10:45:02.694root 11241100x8000000000000000417438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31f63caf16a3df372021-12-21 10:45:02.694root 11241100x8000000000000000417439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e4417d0c0e8f6e52021-12-21 10:45:02.694root 11241100x8000000000000000417440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28efd3e7f43cd2c62021-12-21 10:45:02.694root 11241100x8000000000000000417441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33181862a34642a12021-12-21 10:45:02.694root 11241100x8000000000000000417442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.354771dffacb13702021-12-21 10:45:02.694root 11241100x8000000000000000417443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.975e28638c98a1352021-12-21 10:45:02.694root 11241100x8000000000000000417444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95199118295457432021-12-21 10:45:02.694root 354300x8000000000000000417445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:03.125{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47546-false10.0.1.12-8000- 11241100x8000000000000000417446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:03.125{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19c6b3c122a9e3f02021-12-21 10:45:03.125root 11241100x8000000000000000417447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:03.125{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f9c444cb2944c0c2021-12-21 10:45:03.125root 11241100x8000000000000000417448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:03.125{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e1f28afbedc2ed2021-12-21 10:45:03.125root 11241100x8000000000000000417449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:03.125{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13bf3b119b9a3a9e2021-12-21 10:45:03.125root 11241100x8000000000000000417450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:03.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48fc5f4b04729e612021-12-21 10:45:03.126root 11241100x8000000000000000417451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:03.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94b9acdb492ce7102021-12-21 10:45:03.126root 11241100x8000000000000000417452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:03.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fba07b898111e3c92021-12-21 10:45:03.126root 11241100x8000000000000000417453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:03.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0073e2c1ff4929012021-12-21 10:45:03.126root 11241100x8000000000000000417454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:03.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a2c50647d6c4ec42021-12-21 10:45:03.126root 11241100x8000000000000000417455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:03.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a2b88f415c483eb2021-12-21 10:45:03.126root 11241100x8000000000000000417456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:03.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8056dcc7416f4f8e2021-12-21 10:45:03.126root 11241100x8000000000000000417457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:03.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67f18ea42a31a5af2021-12-21 10:45:03.126root 11241100x8000000000000000417458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:03.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1298dbd41f98decc2021-12-21 10:45:03.126root 11241100x8000000000000000417459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:03.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ed0d9f29ddfae62021-12-21 10:45:03.126root 11241100x8000000000000000417460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:03.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cefcdb012c0bfb6a2021-12-21 10:45:03.126root 11241100x8000000000000000417461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:03.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fbcd9e221a72ade2021-12-21 10:45:03.126root 11241100x8000000000000000417462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:03.127{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b16beadc7499b15c2021-12-21 10:45:03.127root 11241100x8000000000000000417463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:03.127{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b81401e0dd1f212021-12-21 10:45:03.127root 11241100x8000000000000000417464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:03.127{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6191c1e824628332021-12-21 10:45:03.127root 11241100x8000000000000000417465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db048b1ac9a198a32021-12-21 10:45:03.443root 11241100x8000000000000000417466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14fb53ecec3e51782021-12-21 10:45:03.443root 11241100x8000000000000000417467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10ee29b8ac4deae12021-12-21 10:45:03.443root 11241100x8000000000000000417468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcac84b8266870012021-12-21 10:45:03.443root 11241100x8000000000000000417469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb840adfabfdacf2021-12-21 10:45:03.444root 11241100x8000000000000000417470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64468e5858a5a6ab2021-12-21 10:45:03.444root 11241100x8000000000000000417471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89262fa9bb9ac7772021-12-21 10:45:03.444root 11241100x8000000000000000417472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60c623d386547e2c2021-12-21 10:45:03.444root 11241100x8000000000000000417473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77b2bc528cb4c2d12021-12-21 10:45:03.444root 11241100x8000000000000000417474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.622567570376e9c02021-12-21 10:45:03.444root 11241100x8000000000000000417475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53a8506ad14612f2021-12-21 10:45:03.444root 11241100x8000000000000000417476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b92fbb8c633108d32021-12-21 10:45:03.444root 11241100x8000000000000000417477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d7704a84abc4ae2021-12-21 10:45:03.444root 11241100x8000000000000000417478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b24fd0024cd5f542021-12-21 10:45:03.444root 11241100x8000000000000000417479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4bc774de947f82d2021-12-21 10:45:03.445root 11241100x8000000000000000417480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a77fe320da3cc0332021-12-21 10:45:03.445root 11241100x8000000000000000417481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9adecdb79bb58e0d2021-12-21 10:45:03.445root 11241100x8000000000000000417482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.591a0b3e8db5c1232021-12-21 10:45:03.445root 11241100x8000000000000000417483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f89c76da1c9f7962021-12-21 10:45:03.445root 11241100x8000000000000000417484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edbb79d341f6c3cb2021-12-21 10:45:03.943root 11241100x8000000000000000417485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.763b887eca7cf7192021-12-21 10:45:03.944root 11241100x8000000000000000417486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deb9899f11e043502021-12-21 10:45:03.944root 11241100x8000000000000000417487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a588275c0c98ff2021-12-21 10:45:03.944root 11241100x8000000000000000417488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca43fbee495cdb92021-12-21 10:45:03.944root 11241100x8000000000000000417489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be29f357e7b22d702021-12-21 10:45:03.944root 11241100x8000000000000000417490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3e6b433f84c22112021-12-21 10:45:03.945root 11241100x8000000000000000417491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.992d8993bb9708792021-12-21 10:45:03.945root 11241100x8000000000000000417492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba39c5226e7a4d62021-12-21 10:45:03.945root 11241100x8000000000000000417493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.992b8cdf1dcc71772021-12-21 10:45:03.945root 11241100x8000000000000000417494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40864f7e77ed1f412021-12-21 10:45:03.945root 11241100x8000000000000000417495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df4cf310bfb78952021-12-21 10:45:03.945root 11241100x8000000000000000417496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15825438c9a33f472021-12-21 10:45:03.945root 11241100x8000000000000000417497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1bab805664046a2021-12-21 10:45:03.946root 11241100x8000000000000000417498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b059f0e9c86b6f542021-12-21 10:45:03.946root 11241100x8000000000000000417499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dca009caddad45d2021-12-21 10:45:03.946root 11241100x8000000000000000417500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e1fcec3b61e314f2021-12-21 10:45:03.946root 11241100x8000000000000000417501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.885978504740e08b2021-12-21 10:45:03.946root 11241100x8000000000000000417502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72be36ee53cb41a42021-12-21 10:45:03.946root 11241100x8000000000000000417503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89485decf55fbc7a2021-12-21 10:45:04.443root 11241100x8000000000000000417504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.561b03c7e075586f2021-12-21 10:45:04.443root 11241100x8000000000000000417505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c6ab8f8663ea1dd2021-12-21 10:45:04.443root 11241100x8000000000000000417506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d4f83d2dadd35882021-12-21 10:45:04.443root 11241100x8000000000000000417507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57f51b055b1822f32021-12-21 10:45:04.444root 11241100x8000000000000000417508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58d3244b3d017102021-12-21 10:45:04.444root 11241100x8000000000000000417509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf86e3f75d6a89b2021-12-21 10:45:04.444root 11241100x8000000000000000417510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b9e3c421872ca12021-12-21 10:45:04.444root 11241100x8000000000000000417511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2f432958f304b82021-12-21 10:45:04.444root 11241100x8000000000000000417512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55a658d12dd47002021-12-21 10:45:04.444root 11241100x8000000000000000417513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed9e4d4891a83f002021-12-21 10:45:04.444root 11241100x8000000000000000417514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d646be96568e6c7b2021-12-21 10:45:04.444root 11241100x8000000000000000417515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d6910055a1ac58f2021-12-21 10:45:04.444root 11241100x8000000000000000417516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.058cac63bef34db62021-12-21 10:45:04.444root 11241100x8000000000000000417517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29c14af5d5f6a2c62021-12-21 10:45:04.444root 11241100x8000000000000000417518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e772b3fb8fec1d532021-12-21 10:45:04.444root 11241100x8000000000000000417519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c30bfe6fea64512c2021-12-21 10:45:04.444root 11241100x8000000000000000417520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12f29b5bf6adbc52021-12-21 10:45:04.444root 11241100x8000000000000000417521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dbb4f0a77f56c5e2021-12-21 10:45:04.444root 11241100x8000000000000000417522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab2d6e8131322e82021-12-21 10:45:04.943root 11241100x8000000000000000417523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aae2e74c0579a07b2021-12-21 10:45:04.943root 11241100x8000000000000000417524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48aecdf7e6e54bc62021-12-21 10:45:04.943root 11241100x8000000000000000417525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61af2219eae668d2021-12-21 10:45:04.943root 11241100x8000000000000000417526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b09f47e6f8c12b2a2021-12-21 10:45:04.944root 11241100x8000000000000000417527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bb0a25c41a4c6e92021-12-21 10:45:04.944root 11241100x8000000000000000417528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca80fb65972e35c2021-12-21 10:45:04.944root 11241100x8000000000000000417529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab0eddb3dc372b4a2021-12-21 10:45:04.944root 11241100x8000000000000000417530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ae5859f2e13e7f2021-12-21 10:45:04.944root 11241100x8000000000000000417531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ae9376845c60b62021-12-21 10:45:04.944root 11241100x8000000000000000417532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe08b27c8a888ad52021-12-21 10:45:04.944root 11241100x8000000000000000417533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.052b9c4ae54741822021-12-21 10:45:04.944root 11241100x8000000000000000417534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65ce7fc224ad01812021-12-21 10:45:04.944root 11241100x8000000000000000417535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.920e2081a1accad62021-12-21 10:45:04.944root 11241100x8000000000000000417536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c57b041a7b344da62021-12-21 10:45:04.944root 11241100x8000000000000000417537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.823c92f53a53e7b42021-12-21 10:45:04.944root 11241100x8000000000000000417538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e6995a2843c69252021-12-21 10:45:04.944root 11241100x8000000000000000417539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90dff32f3f94d24a2021-12-21 10:45:04.944root 11241100x8000000000000000417540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d8e82319b6165a2021-12-21 10:45:04.944root 11241100x8000000000000000417541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3342fb1edc72aef52021-12-21 10:45:05.443root 11241100x8000000000000000417542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eacd0a0029d933842021-12-21 10:45:05.443root 11241100x8000000000000000417543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde55249301355202021-12-21 10:45:05.443root 11241100x8000000000000000417544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe210fa5e026d0f2021-12-21 10:45:05.443root 11241100x8000000000000000417545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce82c47f88367bf72021-12-21 10:45:05.444root 11241100x8000000000000000417546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a7778226946d6d12021-12-21 10:45:05.444root 11241100x8000000000000000417547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.281e7da2db2d99152021-12-21 10:45:05.444root 11241100x8000000000000000417548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b55cc1b8f91d23942021-12-21 10:45:05.444root 11241100x8000000000000000417549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc0fe4c2bf4a0502021-12-21 10:45:05.444root 11241100x8000000000000000417550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2946df2c2e13ca12021-12-21 10:45:05.444root 11241100x8000000000000000417551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da603a729add8d42021-12-21 10:45:05.444root 11241100x8000000000000000417552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27226ae396b992e62021-12-21 10:45:05.444root 11241100x8000000000000000417553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a82b2395160545a2021-12-21 10:45:05.444root 11241100x8000000000000000417554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc527873e33c4ee42021-12-21 10:45:05.444root 11241100x8000000000000000417555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab72b4c7fa2f80a2021-12-21 10:45:05.444root 11241100x8000000000000000417556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d75f848b29ad5e5a2021-12-21 10:45:05.444root 11241100x8000000000000000417557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8edd0548e46bc1e52021-12-21 10:45:05.444root 11241100x8000000000000000417558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a7fe7772ae50842021-12-21 10:45:05.445root 11241100x8000000000000000417559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6884602a28fb8a292021-12-21 10:45:05.445root 11241100x8000000000000000417560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaba5d0d449e105b2021-12-21 10:45:05.943root 11241100x8000000000000000417561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb54d212984ebb62021-12-21 10:45:05.943root 11241100x8000000000000000417562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7fcd700d57fad282021-12-21 10:45:05.943root 11241100x8000000000000000417563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.634f5357a32535112021-12-21 10:45:05.943root 11241100x8000000000000000417564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e306c08f882bca712021-12-21 10:45:05.943root 11241100x8000000000000000417565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e117b632ddb9add2021-12-21 10:45:05.944root 11241100x8000000000000000417566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf6987978e3b14462021-12-21 10:45:05.944root 11241100x8000000000000000417567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3217cdbc2a49e5f72021-12-21 10:45:05.944root 11241100x8000000000000000417568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1099fa74728ce9c62021-12-21 10:45:05.944root 11241100x8000000000000000417569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.484e0d3a2664e1b72021-12-21 10:45:05.944root 11241100x8000000000000000417570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2091d02e9ba5b1062021-12-21 10:45:05.944root 11241100x8000000000000000417571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1218c16be1131c0a2021-12-21 10:45:05.944root 11241100x8000000000000000417572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e68382a678f7a3042021-12-21 10:45:05.944root 11241100x8000000000000000417573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc81c85f225b13b82021-12-21 10:45:05.944root 11241100x8000000000000000417574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c51827d0e1b0f1862021-12-21 10:45:05.944root 11241100x8000000000000000417575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.354c248944603f122021-12-21 10:45:05.944root 11241100x8000000000000000417576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc84289a0e1daf12021-12-21 10:45:05.944root 11241100x8000000000000000417577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d7693ebd4010312021-12-21 10:45:05.944root 11241100x8000000000000000417578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ec6ca66296648b2021-12-21 10:45:05.945root 11241100x8000000000000000417579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:06.343{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 10:45:06.343root 11241100x8000000000000000417580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:06.344{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84dbe024227757a02021-12-21 10:45:06.344root 11241100x8000000000000000417581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:06.344{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8835182841f8a012021-12-21 10:45:06.344root 11241100x8000000000000000417582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:06.344{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97eaa3878e880d212021-12-21 10:45:06.344root 11241100x8000000000000000417583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:06.344{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39a4ddcfa45f41222021-12-21 10:45:06.344root 11241100x8000000000000000417584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:06.344{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621b42c83284aada2021-12-21 10:45:06.344root 11241100x8000000000000000417585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:06.344{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caf08b97d12e8bad2021-12-21 10:45:06.344root 11241100x8000000000000000417586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:06.344{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.285f20aedd6846662021-12-21 10:45:06.344root 11241100x8000000000000000417587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:06.344{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7aa47bb5a27164f2021-12-21 10:45:06.344root 11241100x8000000000000000417588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:06.344{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c4d0d4da23d0ee62021-12-21 10:45:06.344root 11241100x8000000000000000417589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:06.344{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.807ec742d13009e32021-12-21 10:45:06.344root 11241100x8000000000000000417590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:06.344{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b03041d5d587cd2021-12-21 10:45:06.344root 11241100x8000000000000000417591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:06.344{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dcf37d41dc4769c2021-12-21 10:45:06.344root 11241100x8000000000000000417592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:06.344{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26dcafb798aad1f82021-12-21 10:45:06.344root 11241100x8000000000000000417593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:06.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2855ab1f54752192021-12-21 10:45:06.345root 11241100x8000000000000000417594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:06.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3707ae3f0d0f5a32021-12-21 10:45:06.345root 11241100x8000000000000000417595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:06.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bf207db692402992021-12-21 10:45:06.345root 11241100x8000000000000000417596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:06.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07587301f690db7a2021-12-21 10:45:06.345root 11241100x8000000000000000417597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:06.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2030f3ee18365f932021-12-21 10:45:06.345root 11241100x8000000000000000417598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:06.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.669b1c1e09cf9e242021-12-21 10:45:06.345root 11241100x8000000000000000417599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:06.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc7cfdcbfb68b4a82021-12-21 10:45:06.345root 11241100x8000000000000000417600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:06.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c92c3e6b1a372b22021-12-21 10:45:06.345root 11241100x8000000000000000417601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7765eb396a432b0f2021-12-21 10:45:06.693root 11241100x8000000000000000417602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b95f91954cf3ddb2021-12-21 10:45:06.693root 11241100x8000000000000000417603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.438c85cafd2d3ff22021-12-21 10:45:06.694root 11241100x8000000000000000417604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fccdcd4876c8943a2021-12-21 10:45:06.694root 11241100x8000000000000000417605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a24061a6a5ca5ba2021-12-21 10:45:06.694root 11241100x8000000000000000417606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f1b07ecb8f988be2021-12-21 10:45:06.694root 11241100x8000000000000000417607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d759ecad8cce4f82021-12-21 10:45:06.694root 11241100x8000000000000000417608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4b8d828473514c32021-12-21 10:45:06.694root 11241100x8000000000000000417609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc624a70567fe2122021-12-21 10:45:06.694root 11241100x8000000000000000417610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e716c3cb549d0e12021-12-21 10:45:06.694root 11241100x8000000000000000417611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b565ee626738d9862021-12-21 10:45:06.694root 11241100x8000000000000000417612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced315b6e4e0207e2021-12-21 10:45:06.694root 11241100x8000000000000000417613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.532298082e2b05c22021-12-21 10:45:06.694root 11241100x8000000000000000417614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e54d6f6de29c23222021-12-21 10:45:06.694root 11241100x8000000000000000417615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e71d8e1b6364f8662021-12-21 10:45:06.694root 11241100x8000000000000000417616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f21da64990c4f872021-12-21 10:45:06.694root 11241100x8000000000000000417617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75bade37902d50922021-12-21 10:45:06.694root 11241100x8000000000000000417618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a8f31d40d9c9312021-12-21 10:45:06.695root 11241100x8000000000000000417619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae84727083ae86bf2021-12-21 10:45:06.695root 11241100x8000000000000000417620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd5471d98df854602021-12-21 10:45:06.695root 11241100x8000000000000000417621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2306350e3f2882c82021-12-21 10:45:07.193root 11241100x8000000000000000417622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.484490681ea042a22021-12-21 10:45:07.193root 11241100x8000000000000000417623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b106eb36459942f42021-12-21 10:45:07.193root 11241100x8000000000000000417624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3680c9ed5a6f264e2021-12-21 10:45:07.194root 11241100x8000000000000000417625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d94c6fde71a0f3f2021-12-21 10:45:07.194root 11241100x8000000000000000417626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae91d8ac996b28d2021-12-21 10:45:07.194root 11241100x8000000000000000417627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44014a12321431da2021-12-21 10:45:07.194root 11241100x8000000000000000417628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15af5b68abbce5352021-12-21 10:45:07.194root 11241100x8000000000000000417629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec58471862b0a552021-12-21 10:45:07.194root 11241100x8000000000000000417630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0355e1f3e27deb32021-12-21 10:45:07.194root 11241100x8000000000000000417631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.365404c23f2559c52021-12-21 10:45:07.194root 11241100x8000000000000000417632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93eb135271923f892021-12-21 10:45:07.194root 11241100x8000000000000000417633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fae93ae27ef7a9b2021-12-21 10:45:07.194root 11241100x8000000000000000417634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d403e951806efbc2021-12-21 10:45:07.194root 11241100x8000000000000000417635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.930489c0a4afaf932021-12-21 10:45:07.195root 11241100x8000000000000000417636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9be25ca926849a512021-12-21 10:45:07.195root 11241100x8000000000000000417637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f2f9c0cab848abc2021-12-21 10:45:07.195root 11241100x8000000000000000417638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5926c6b05821a1292021-12-21 10:45:07.195root 11241100x8000000000000000417639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a1a97ff3e008652021-12-21 10:45:07.195root 11241100x8000000000000000417640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.663aaabdc227b0302021-12-21 10:45:07.195root 11241100x8000000000000000417641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35486f24611f453c2021-12-21 10:45:07.693root 11241100x8000000000000000417642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e6083a576807ee72021-12-21 10:45:07.693root 11241100x8000000000000000417643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d74836797c732812021-12-21 10:45:07.694root 11241100x8000000000000000417644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1d28111d02db7292021-12-21 10:45:07.694root 11241100x8000000000000000417645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.873d6b2e9f7c03612021-12-21 10:45:07.694root 11241100x8000000000000000417646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c9f857754c8cf32021-12-21 10:45:07.694root 11241100x8000000000000000417647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1a04996874aeb62021-12-21 10:45:07.694root 11241100x8000000000000000417648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b116fae5d887ee2021-12-21 10:45:07.694root 11241100x8000000000000000417649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e6ef0d77577f332021-12-21 10:45:07.694root 11241100x8000000000000000417650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c848ffd9cc4e8ffd2021-12-21 10:45:07.694root 11241100x8000000000000000417651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2776de988badf42021-12-21 10:45:07.694root 11241100x8000000000000000417652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16456713c7f50a92021-12-21 10:45:07.694root 11241100x8000000000000000417653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.036f8f02b48d8ee12021-12-21 10:45:07.695root 11241100x8000000000000000417654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a31928da07d7562021-12-21 10:45:07.695root 11241100x8000000000000000417655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e9699c098ad08a02021-12-21 10:45:07.695root 11241100x8000000000000000417656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b39fabf5aab4b512021-12-21 10:45:07.695root 11241100x8000000000000000417657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a108a2f10073dd12021-12-21 10:45:07.695root 11241100x8000000000000000417658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96cc1d90b7cec99d2021-12-21 10:45:07.695root 11241100x8000000000000000417659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.909f97ae2faf81b72021-12-21 10:45:07.695root 11241100x8000000000000000417660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe95c2bc3ba1c3b42021-12-21 10:45:07.695root 11241100x8000000000000000417661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff747be1a4fdd80c2021-12-21 10:45:08.193root 11241100x8000000000000000417662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.356a99225c8137a12021-12-21 10:45:08.193root 11241100x8000000000000000417663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b63bf06bfc83888a2021-12-21 10:45:08.193root 11241100x8000000000000000417664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff26112f9e3224bf2021-12-21 10:45:08.193root 11241100x8000000000000000417665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92bece2d982e4cd42021-12-21 10:45:08.193root 11241100x8000000000000000417666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d9a00958eafa59a2021-12-21 10:45:08.194root 11241100x8000000000000000417667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.819c9fbb7a700f9a2021-12-21 10:45:08.194root 11241100x8000000000000000417668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.723db18c4bca1ba42021-12-21 10:45:08.194root 11241100x8000000000000000417669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d02ac48e524435312021-12-21 10:45:08.194root 11241100x8000000000000000417670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5449fc5ec89c52b2021-12-21 10:45:08.194root 11241100x8000000000000000417671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f06661ae9cb0d32021-12-21 10:45:08.194root 11241100x8000000000000000417672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.105c0d3ccf71d1b52021-12-21 10:45:08.194root 11241100x8000000000000000417673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d4f6d4ca2f4da062021-12-21 10:45:08.194root 11241100x8000000000000000417674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99381f2dfe2ddf082021-12-21 10:45:08.194root 11241100x8000000000000000417675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75fa0f554a06e56e2021-12-21 10:45:08.194root 11241100x8000000000000000417676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c44e0c9c1d83ae552021-12-21 10:45:08.194root 11241100x8000000000000000417677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a04f368cf3eab1c2021-12-21 10:45:08.194root 11241100x8000000000000000417678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b172849077c2fa512021-12-21 10:45:08.195root 11241100x8000000000000000417679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69b1b6d94aceba92021-12-21 10:45:08.195root 11241100x8000000000000000417680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883fa3ae5e52dc062021-12-21 10:45:08.195root 11241100x8000000000000000417681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c04332f8897d9e2021-12-21 10:45:08.693root 11241100x8000000000000000417682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a773a17a2923e22021-12-21 10:45:08.693root 11241100x8000000000000000417683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78560ab050975f6b2021-12-21 10:45:08.693root 11241100x8000000000000000417684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52f7dc29ec0726e22021-12-21 10:45:08.693root 11241100x8000000000000000417685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619b8863f1f4bb792021-12-21 10:45:08.694root 11241100x8000000000000000417686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709c3f1ef43d1eea2021-12-21 10:45:08.694root 11241100x8000000000000000417687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e72ce2ffff3e6cc2021-12-21 10:45:08.694root 11241100x8000000000000000417688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b1ccb85fc0e4eb62021-12-21 10:45:08.694root 11241100x8000000000000000417689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4780a5ecbe965c492021-12-21 10:45:08.694root 11241100x8000000000000000417690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e31bcba6342a56b2021-12-21 10:45:08.694root 11241100x8000000000000000417691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ec39aac4d42ccb2021-12-21 10:45:08.694root 11241100x8000000000000000417692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d30e2b63b5a1eae2021-12-21 10:45:08.694root 11241100x8000000000000000417693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70864689b65182fb2021-12-21 10:45:08.694root 11241100x8000000000000000417694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4584ac189e579b32021-12-21 10:45:08.694root 11241100x8000000000000000417695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e2a468e264ccc92021-12-21 10:45:08.694root 11241100x8000000000000000417696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a5e2125fc6b296f2021-12-21 10:45:08.695root 11241100x8000000000000000417697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.388b38a7d93247f52021-12-21 10:45:08.695root 11241100x8000000000000000417698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.179ba8f61a553b122021-12-21 10:45:08.695root 11241100x8000000000000000417699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db5c2c66c709eb3c2021-12-21 10:45:08.695root 11241100x8000000000000000417700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b2ddfc9341854402021-12-21 10:45:08.695root 354300x8000000000000000417701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.010{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47548-false10.0.1.12-8000- 11241100x8000000000000000417702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.011{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb91266ceec1f2c42021-12-21 10:45:09.011root 11241100x8000000000000000417703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.011{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14b86aef4b6fafad2021-12-21 10:45:09.011root 11241100x8000000000000000417704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.011{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03733b8039a3358a2021-12-21 10:45:09.011root 11241100x8000000000000000417705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.011{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed5abadf7a824d322021-12-21 10:45:09.011root 11241100x8000000000000000417706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.011{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab44957fa9ff041a2021-12-21 10:45:09.011root 11241100x8000000000000000417707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.011{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3ace3fc9d32cb52021-12-21 10:45:09.011root 11241100x8000000000000000417708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.011{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f32daa3f7533ab52021-12-21 10:45:09.011root 11241100x8000000000000000417709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.011{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af950290ee345522021-12-21 10:45:09.011root 11241100x8000000000000000417710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.012{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f5d8e3d86babdb72021-12-21 10:45:09.012root 11241100x8000000000000000417711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.012{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e1caf28bb68a892021-12-21 10:45:09.012root 11241100x8000000000000000417712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.012{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67132c1176c3e3762021-12-21 10:45:09.012root 11241100x8000000000000000417713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.012{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c3c6201ffe9351a2021-12-21 10:45:09.012root 11241100x8000000000000000417714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.012{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d700a9e09dfd042021-12-21 10:45:09.012root 11241100x8000000000000000417715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.012{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5787d08aa479cd4b2021-12-21 10:45:09.012root 11241100x8000000000000000417716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.012{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd20a08700f61e652021-12-21 10:45:09.012root 11241100x8000000000000000417717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.012{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca44dee396fa64202021-12-21 10:45:09.012root 11241100x8000000000000000417718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.013{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.360a8e82c78126ab2021-12-21 10:45:09.013root 11241100x8000000000000000417719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.013{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e11967087405cd2021-12-21 10:45:09.013root 11241100x8000000000000000417720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.013{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37def58b9b8666d42021-12-21 10:45:09.013root 11241100x8000000000000000417721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.013{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d133d0e4acccb22021-12-21 10:45:09.013root 11241100x8000000000000000417722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.013{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c79e37ebdf2cb72021-12-21 10:45:09.013root 11241100x8000000000000000417723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.013{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2411cf70b29c3522021-12-21 10:45:09.013root 11241100x8000000000000000417724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.013{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38525928e82f16f62021-12-21 10:45:09.013root 11241100x8000000000000000417725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.013{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec568b3db929eba22021-12-21 10:45:09.013root 11241100x8000000000000000417726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.013{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bc54c6550435d8e2021-12-21 10:45:09.013root 11241100x8000000000000000417727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.014{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c41bab6fe58b0d12021-12-21 10:45:09.014root 11241100x8000000000000000417728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.014{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2fd5456c735e9072021-12-21 10:45:09.014root 11241100x8000000000000000417729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.014{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb64cdbaacaed2302021-12-21 10:45:09.014root 11241100x8000000000000000417730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.014{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf35995cad97a412021-12-21 10:45:09.014root 11241100x8000000000000000417731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.014{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d7acc419ceefd52021-12-21 10:45:09.014root 11241100x8000000000000000417732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.014{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c47926d9d65d022021-12-21 10:45:09.014root 11241100x8000000000000000417733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.014{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5fc7cf386996d5e2021-12-21 10:45:09.014root 11241100x8000000000000000417734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.014{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33367e377d9c03f82021-12-21 10:45:09.014root 23542300x8000000000000000417735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.215{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000417736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6730965fbb798a642021-12-21 10:45:09.443root 11241100x8000000000000000417737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed6ff5a2d39202cf2021-12-21 10:45:09.443root 11241100x8000000000000000417738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12596fe38920df232021-12-21 10:45:09.444root 11241100x8000000000000000417739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725965eb38c5716c2021-12-21 10:45:09.444root 11241100x8000000000000000417740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b1ce515f8d6e1d2021-12-21 10:45:09.444root 11241100x8000000000000000417741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b8819782ed502162021-12-21 10:45:09.444root 11241100x8000000000000000417742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05d0904e9b6ce74e2021-12-21 10:45:09.445root 11241100x8000000000000000417743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc194769e96143812021-12-21 10:45:09.445root 11241100x8000000000000000417744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39cf66fd72e0d0e22021-12-21 10:45:09.445root 11241100x8000000000000000417745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdce922f7d5897e52021-12-21 10:45:09.445root 11241100x8000000000000000417746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28209c31638cb1f2021-12-21 10:45:09.445root 11241100x8000000000000000417747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc94f181588a84f2021-12-21 10:45:09.445root 11241100x8000000000000000417748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80cfaa0f9458439c2021-12-21 10:45:09.445root 11241100x8000000000000000417749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.169d8bc2c9cff5e52021-12-21 10:45:09.445root 11241100x8000000000000000417750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e486c1b369ef979a2021-12-21 10:45:09.445root 11241100x8000000000000000417751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c40b1eebc30ed242021-12-21 10:45:09.445root 11241100x8000000000000000417752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d087261ab5bc0ce2021-12-21 10:45:09.445root 11241100x8000000000000000417753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6857e75ac31e9d32021-12-21 10:45:09.446root 11241100x8000000000000000417754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e17b77e97f3a5f1d2021-12-21 10:45:09.446root 11241100x8000000000000000417755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.017ede3050c704f22021-12-21 10:45:09.446root 11241100x8000000000000000417756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b2d502f3d7964c82021-12-21 10:45:09.446root 11241100x8000000000000000417757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91d6e7ddec405062021-12-21 10:45:09.446root 11241100x8000000000000000417758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0afeb23f7efcf53b2021-12-21 10:45:09.446root 11241100x8000000000000000417759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.873ea3d888817e272021-12-21 10:45:09.446root 11241100x8000000000000000417760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d25d999344cf0a072021-12-21 10:45:09.943root 11241100x8000000000000000417761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.220c41877144f5322021-12-21 10:45:09.943root 11241100x8000000000000000417762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63fa85ab537451a52021-12-21 10:45:09.943root 11241100x8000000000000000417763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3be6b82626cdb1982021-12-21 10:45:09.944root 11241100x8000000000000000417764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0f702312781e762021-12-21 10:45:09.944root 11241100x8000000000000000417765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ec56775834b8a22021-12-21 10:45:09.944root 11241100x8000000000000000417766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eadc0a8a64299ba02021-12-21 10:45:09.944root 11241100x8000000000000000417767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79af57ede3df79002021-12-21 10:45:09.944root 11241100x8000000000000000417768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68bc9665d9a0d6892021-12-21 10:45:09.944root 11241100x8000000000000000417769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa3320bc7dac62b72021-12-21 10:45:09.944root 11241100x8000000000000000417770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb552321846ff5352021-12-21 10:45:09.944root 11241100x8000000000000000417771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aafdd8a4b527a30b2021-12-21 10:45:09.944root 11241100x8000000000000000417772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e010185cd10cb912021-12-21 10:45:09.944root 11241100x8000000000000000417773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d877346056553d0d2021-12-21 10:45:09.944root 11241100x8000000000000000417774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f24da1203e85b722021-12-21 10:45:09.944root 11241100x8000000000000000417775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f813906604cac7252021-12-21 10:45:09.944root 11241100x8000000000000000417776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ed028bad217cf02021-12-21 10:45:09.944root 11241100x8000000000000000417777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c30157ed890fa82021-12-21 10:45:09.945root 11241100x8000000000000000417778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab43ab76e3e07002021-12-21 10:45:09.945root 11241100x8000000000000000417779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db451f89e05aa9ca2021-12-21 10:45:09.945root 11241100x8000000000000000417780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7789f4615104a982021-12-21 10:45:09.945root 11241100x8000000000000000417781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb1254dc1489bc602021-12-21 10:45:09.945root 11241100x8000000000000000417782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91122ce722a97d632021-12-21 10:45:10.443root 11241100x8000000000000000417783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6ef36a1daaa242e2021-12-21 10:45:10.443root 11241100x8000000000000000417784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc41b3b76a947c402021-12-21 10:45:10.444root 11241100x8000000000000000417785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f58f2bdbe137d3c2021-12-21 10:45:10.444root 11241100x8000000000000000417786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.132ece72d6f8b1a42021-12-21 10:45:10.444root 11241100x8000000000000000417787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25f50bb5a33d2aee2021-12-21 10:45:10.444root 11241100x8000000000000000417788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8f17e8735601c012021-12-21 10:45:10.444root 11241100x8000000000000000417789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cc31460740480d42021-12-21 10:45:10.444root 11241100x8000000000000000417790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf3a9c665ab9c1a42021-12-21 10:45:10.444root 11241100x8000000000000000417791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7852051a94367cc42021-12-21 10:45:10.444root 11241100x8000000000000000417792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b86ef0ffc1e94492021-12-21 10:45:10.444root 11241100x8000000000000000417793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c981bea731057642021-12-21 10:45:10.444root 11241100x8000000000000000417794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db7b361ff8ba5ff32021-12-21 10:45:10.444root 11241100x8000000000000000417795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1af50fac54756c62021-12-21 10:45:10.444root 11241100x8000000000000000417796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14a7f38c54949bc2021-12-21 10:45:10.445root 11241100x8000000000000000417797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c22fd842a456fc622021-12-21 10:45:10.445root 11241100x8000000000000000417798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61743d95993868072021-12-21 10:45:10.445root 11241100x8000000000000000417799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2edaf8b30581e1e12021-12-21 10:45:10.445root 11241100x8000000000000000417800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57002643941bafcb2021-12-21 10:45:10.445root 11241100x8000000000000000417801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d03c2599157c45bd2021-12-21 10:45:10.445root 11241100x8000000000000000417802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbaaf68b5c6356012021-12-21 10:45:10.445root 11241100x8000000000000000417803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c6f2630018d383f2021-12-21 10:45:10.446root 11241100x8000000000000000417804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af3668c414825ba82021-12-21 10:45:10.943root 11241100x8000000000000000417805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d65eff8b0660d22021-12-21 10:45:10.943root 11241100x8000000000000000417806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dfe2e29f5030ecd2021-12-21 10:45:10.943root 11241100x8000000000000000417807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1c97d1d02c27682021-12-21 10:45:10.943root 11241100x8000000000000000417808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64334e8e07f8ddcf2021-12-21 10:45:10.944root 11241100x8000000000000000417809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136a7783b05bd9d62021-12-21 10:45:10.944root 11241100x8000000000000000417810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.443d82ae2c065e812021-12-21 10:45:10.944root 11241100x8000000000000000417811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa11e13124706fe2021-12-21 10:45:10.944root 11241100x8000000000000000417812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.991d98c67a412ea02021-12-21 10:45:10.944root 11241100x8000000000000000417813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52f28e010bc6af4d2021-12-21 10:45:10.944root 11241100x8000000000000000417814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.929b545302c75f132021-12-21 10:45:10.944root 11241100x8000000000000000417815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da3fe652f1b495c2021-12-21 10:45:10.944root 11241100x8000000000000000417816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b112c7fb3e06902021-12-21 10:45:10.944root 11241100x8000000000000000417817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb2a501725be8a462021-12-21 10:45:10.944root 11241100x8000000000000000417818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4676abb86f837cbe2021-12-21 10:45:10.944root 11241100x8000000000000000417819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7120825d36cd3fdd2021-12-21 10:45:10.944root 11241100x8000000000000000417820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.727143d61adfa9dc2021-12-21 10:45:10.944root 11241100x8000000000000000417821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab9dff1289ee48d42021-12-21 10:45:10.944root 11241100x8000000000000000417822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d34021d13b2e212021-12-21 10:45:10.944root 11241100x8000000000000000417823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd3a760fce531212021-12-21 10:45:10.944root 11241100x8000000000000000417824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f36442f9096ab62021-12-21 10:45:10.945root 11241100x8000000000000000417825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cbe64d8e7f22dbf2021-12-21 10:45:10.945root 11241100x8000000000000000417826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb26f6bc4eee5cf32021-12-21 10:45:11.443root 11241100x8000000000000000417827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72952b3d7bc709f12021-12-21 10:45:11.443root 11241100x8000000000000000417828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f328e4ac0c51e02021-12-21 10:45:11.444root 11241100x8000000000000000417829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a82d5621174d73f2021-12-21 10:45:11.444root 11241100x8000000000000000417830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e961f49b2551262021-12-21 10:45:11.444root 11241100x8000000000000000417831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e67d1b4bca99932021-12-21 10:45:11.444root 11241100x8000000000000000417832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c3efe651928ca1d2021-12-21 10:45:11.444root 11241100x8000000000000000417833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf8b7d53ac51d4952021-12-21 10:45:11.444root 11241100x8000000000000000417834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4006841b3943d092021-12-21 10:45:11.444root 11241100x8000000000000000417835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ad72e2bf914b6bb2021-12-21 10:45:11.444root 11241100x8000000000000000417836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23de9698e5f81a502021-12-21 10:45:11.444root 11241100x8000000000000000417837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44301494b059dc1a2021-12-21 10:45:11.444root 11241100x8000000000000000417838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc88ada4c7a07282021-12-21 10:45:11.444root 11241100x8000000000000000417839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7083edc3eabe00b32021-12-21 10:45:11.444root 11241100x8000000000000000417840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1566aaa2e9852a82021-12-21 10:45:11.444root 11241100x8000000000000000417841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfbf07acde8369132021-12-21 10:45:11.444root 11241100x8000000000000000417842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d0315e562122b7b2021-12-21 10:45:11.444root 11241100x8000000000000000417843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82f978e02c320d302021-12-21 10:45:11.445root 11241100x8000000000000000417844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59cb31d18bffafb12021-12-21 10:45:11.445root 11241100x8000000000000000417845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.838659bf880642f62021-12-21 10:45:11.445root 11241100x8000000000000000417846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903d408eef208a0c2021-12-21 10:45:11.445root 11241100x8000000000000000417847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd5adea8b19ffa2b2021-12-21 10:45:11.445root 11241100x8000000000000000417848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.657dd304c82e76612021-12-21 10:45:11.943root 11241100x8000000000000000417849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.783f7eb80b82df5b2021-12-21 10:45:11.943root 11241100x8000000000000000417850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c24aba32c169e9952021-12-21 10:45:11.943root 11241100x8000000000000000417851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3006bfc4f18334222021-12-21 10:45:11.943root 11241100x8000000000000000417852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b1ed0eb181cae82021-12-21 10:45:11.943root 11241100x8000000000000000417853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e634a7683f662f2021-12-21 10:45:11.943root 11241100x8000000000000000417854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e573a3ec4c837fae2021-12-21 10:45:11.943root 11241100x8000000000000000417855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e57cc50db4650562021-12-21 10:45:11.944root 11241100x8000000000000000417856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49087af8650d8afb2021-12-21 10:45:11.944root 11241100x8000000000000000417857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49e2a61d236e6cb2021-12-21 10:45:11.944root 11241100x8000000000000000417858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15fa325ad6de92f72021-12-21 10:45:11.944root 11241100x8000000000000000417859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df467fc0148228b2021-12-21 10:45:11.944root 11241100x8000000000000000417860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57980908a70d65122021-12-21 10:45:11.944root 11241100x8000000000000000417861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a51a5596ad8af502021-12-21 10:45:11.944root 11241100x8000000000000000417862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f1a9d76fb4a3572021-12-21 10:45:11.944root 11241100x8000000000000000417863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31fd606a7d7d9ae42021-12-21 10:45:11.944root 11241100x8000000000000000417864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb726cb7c41eeb92021-12-21 10:45:11.944root 11241100x8000000000000000417865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec274952e54427122021-12-21 10:45:11.945root 11241100x8000000000000000417866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90166fd39877163f2021-12-21 10:45:11.945root 11241100x8000000000000000417867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89dd5a4e67b781482021-12-21 10:45:11.945root 11241100x8000000000000000417868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db50a31358ee88a2021-12-21 10:45:11.945root 11241100x8000000000000000417869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce2e5cc09d78dc992021-12-21 10:45:11.945root 11241100x8000000000000000417870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24f876ca3ee948822021-12-21 10:45:11.945root 11241100x8000000000000000417871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc33fc284dc4f6e62021-12-21 10:45:11.945root 11241100x8000000000000000417872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6469ad5e16a439f02021-12-21 10:45:11.945root 11241100x8000000000000000417873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b6e7bb1a4af58ba2021-12-21 10:45:11.945root 11241100x8000000000000000417874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ab8b7776b8fb6b2021-12-21 10:45:11.945root 11241100x8000000000000000417875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d963937405588d5c2021-12-21 10:45:11.945root 11241100x8000000000000000417876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.592ebd33923dd6962021-12-21 10:45:11.945root 11241100x8000000000000000417877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c4e995ef8744702021-12-21 10:45:12.443root 11241100x8000000000000000417878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.797f2bc838f8050d2021-12-21 10:45:12.443root 11241100x8000000000000000417879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55867ee858db47b72021-12-21 10:45:12.443root 11241100x8000000000000000417880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.406e33b18f9dc47e2021-12-21 10:45:12.443root 11241100x8000000000000000417881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46c24de71fa3e8202021-12-21 10:45:12.444root 11241100x8000000000000000417882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f6818cb8e7084ca2021-12-21 10:45:12.444root 11241100x8000000000000000417883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a29691d9ee8be9d2021-12-21 10:45:12.444root 11241100x8000000000000000417884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e79ff2805f8426ef2021-12-21 10:45:12.444root 11241100x8000000000000000417885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6058f5b0655f79152021-12-21 10:45:12.444root 11241100x8000000000000000417886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.787eef15cfe3413b2021-12-21 10:45:12.444root 11241100x8000000000000000417887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c684c59c580c88d2021-12-21 10:45:12.446root 11241100x8000000000000000417888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a167f8e75c5c73e92021-12-21 10:45:12.446root 11241100x8000000000000000417889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:12.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0efe930579525ce62021-12-21 10:45:12.447root 11241100x8000000000000000417890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:12.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.324eb81897f202632021-12-21 10:45:12.447root 11241100x8000000000000000417891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:12.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd7a854faaca089c2021-12-21 10:45:12.447root 11241100x8000000000000000417892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:12.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1c1532580474a02021-12-21 10:45:12.447root 11241100x8000000000000000417893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:12.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15adeb0933026c62021-12-21 10:45:12.448root 11241100x8000000000000000417894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:12.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd84aad11ff033162021-12-21 10:45:12.448root 11241100x8000000000000000417895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:12.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c8e84bf2772edeb2021-12-21 10:45:12.448root 11241100x8000000000000000417896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:12.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1258e8a7d2f23e592021-12-21 10:45:12.448root 11241100x8000000000000000417897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:12.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e94e4a0dd212b62021-12-21 10:45:12.448root 11241100x8000000000000000417898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:12.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.447c9597a1ce99e52021-12-21 10:45:12.448root 11241100x8000000000000000417899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:12.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e9e938facf937772021-12-21 10:45:12.448root 11241100x8000000000000000417900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:12.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6105adba0ef7f5f02021-12-21 10:45:12.448root 11241100x8000000000000000417901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:12.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.172d49ce7bbb8a152021-12-21 10:45:12.448root 11241100x8000000000000000417902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:12.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3abff500d727aec82021-12-21 10:45:12.448root 11241100x8000000000000000417903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:12.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c651a96f47e0aa62021-12-21 10:45:12.449root 11241100x8000000000000000417904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:12.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd5885156b1295462021-12-21 10:45:12.449root 11241100x8000000000000000417905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:12.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.471f68a798637ffe2021-12-21 10:45:12.449root 11241100x8000000000000000417906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:12.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb958881e7ec4b12021-12-21 10:45:12.449root 11241100x8000000000000000417907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02e8b7b48a879d6e2021-12-21 10:45:12.943root 11241100x8000000000000000417908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3a854bd04235adb2021-12-21 10:45:12.943root 11241100x8000000000000000417909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6801f1ac2ba7b902021-12-21 10:45:12.943root 11241100x8000000000000000417910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b98c9c2b9e7a752021-12-21 10:45:12.943root 11241100x8000000000000000417911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608d7fb882ae01372021-12-21 10:45:12.944root 11241100x8000000000000000417912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.328601a53aaeded72021-12-21 10:45:12.944root 11241100x8000000000000000417913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a30e3e91c7069f312021-12-21 10:45:12.944root 11241100x8000000000000000417914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.814f68c7789c9e1f2021-12-21 10:45:12.944root 11241100x8000000000000000417915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.301874f47443d58e2021-12-21 10:45:12.944root 11241100x8000000000000000417916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df9c6399b8540baf2021-12-21 10:45:12.944root 11241100x8000000000000000417917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b773cd79f2a5c142021-12-21 10:45:12.944root 11241100x8000000000000000417918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0891e700fbf49f82021-12-21 10:45:12.944root 11241100x8000000000000000417919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1521c0b03a7f5752021-12-21 10:45:12.944root 11241100x8000000000000000417920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d08af98b13811c392021-12-21 10:45:12.944root 11241100x8000000000000000417921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93981da026ee1bb52021-12-21 10:45:12.944root 11241100x8000000000000000417922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a05984f1277106172021-12-21 10:45:12.944root 11241100x8000000000000000417923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed622947bbd16d22021-12-21 10:45:12.944root 11241100x8000000000000000417924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f9698700d0d6672021-12-21 10:45:12.944root 11241100x8000000000000000417925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.231727ba74dc31db2021-12-21 10:45:12.944root 11241100x8000000000000000417926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3675ff205f9214fe2021-12-21 10:45:12.944root 11241100x8000000000000000417927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8768921e5c7d7e952021-12-21 10:45:12.945root 11241100x8000000000000000417928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9025be7a2680b4022021-12-21 10:45:12.945root 11241100x8000000000000000417929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aaf197947ad9a302021-12-21 10:45:13.443root 11241100x8000000000000000417930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9416650b80ebc06e2021-12-21 10:45:13.443root 11241100x8000000000000000417931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f9884861e7f9a32021-12-21 10:45:13.443root 11241100x8000000000000000417932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bbd625c33edbc232021-12-21 10:45:13.444root 11241100x8000000000000000417933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db1060e852eb43702021-12-21 10:45:13.444root 11241100x8000000000000000417934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eeb93cab22ead102021-12-21 10:45:13.444root 11241100x8000000000000000417935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cdb3b86ea3af2ec2021-12-21 10:45:13.444root 11241100x8000000000000000417936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e2bd7bae48265e2021-12-21 10:45:13.444root 11241100x8000000000000000417937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e700a059db009d452021-12-21 10:45:13.444root 11241100x8000000000000000417938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d4642ceb19d7212021-12-21 10:45:13.444root 11241100x8000000000000000417939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daca887c36bbdf4c2021-12-21 10:45:13.444root 11241100x8000000000000000417940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0a9eee450e06e302021-12-21 10:45:13.444root 11241100x8000000000000000417941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1851f5056bf971382021-12-21 10:45:13.444root 11241100x8000000000000000417942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49954937834357ff2021-12-21 10:45:13.444root 11241100x8000000000000000417943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e27316babf1c3072021-12-21 10:45:13.445root 11241100x8000000000000000417944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db361562a5289e122021-12-21 10:45:13.445root 11241100x8000000000000000417945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c997895b2ca428e22021-12-21 10:45:13.445root 11241100x8000000000000000417946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd71a648ef4792c02021-12-21 10:45:13.445root 11241100x8000000000000000417947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbe6c6a86994a58d2021-12-21 10:45:13.445root 11241100x8000000000000000417948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7599e815955b36162021-12-21 10:45:13.445root 11241100x8000000000000000417949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ddda0a12997ba672021-12-21 10:45:13.445root 11241100x8000000000000000417950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc517ef079ad1002021-12-21 10:45:13.445root 11241100x8000000000000000417951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb18d46e897dfb7c2021-12-21 10:45:13.943root 11241100x8000000000000000417952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2db75d18f0fa76962021-12-21 10:45:13.943root 11241100x8000000000000000417953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7b209c101a19082021-12-21 10:45:13.943root 11241100x8000000000000000417954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e11bd6723a330c62021-12-21 10:45:13.944root 11241100x8000000000000000417955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95055c6e1c22bde52021-12-21 10:45:13.944root 11241100x8000000000000000417956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4eaa0be45bea83f2021-12-21 10:45:13.944root 11241100x8000000000000000417957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ace5d7228cf8cc2021-12-21 10:45:13.944root 11241100x8000000000000000417958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dd310683e65b9e72021-12-21 10:45:13.944root 11241100x8000000000000000417959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee74532cfd7854f92021-12-21 10:45:13.944root 11241100x8000000000000000417960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e5ef84a1fcd1742021-12-21 10:45:13.944root 11241100x8000000000000000417961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296246488a8e5eac2021-12-21 10:45:13.944root 11241100x8000000000000000417962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c80d6d58fe2fc8a62021-12-21 10:45:13.944root 11241100x8000000000000000417963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d1a7f56b7f520242021-12-21 10:45:13.944root 11241100x8000000000000000417964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b0f8030e8125d22021-12-21 10:45:13.944root 11241100x8000000000000000417965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ed823d9e24b84d72021-12-21 10:45:13.945root 11241100x8000000000000000417966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31aa7168ed295aeb2021-12-21 10:45:13.945root 11241100x8000000000000000417967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b475fc3bd8c6e4ae2021-12-21 10:45:13.945root 11241100x8000000000000000417968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:13.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3deed7d9eecce49b2021-12-21 10:45:13.947root 11241100x8000000000000000417969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:13.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1906b26c5b8b15b92021-12-21 10:45:13.947root 11241100x8000000000000000417970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:13.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074c81aac1c57a472021-12-21 10:45:13.947root 11241100x8000000000000000417971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:13.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7735f50ca9d3f222021-12-21 10:45:13.947root 11241100x8000000000000000417972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:13.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d2aaae2db8aa622021-12-21 10:45:13.947root 11241100x8000000000000000417973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:13.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.526a3904d441e2dd2021-12-21 10:45:13.947root 11241100x8000000000000000417974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:13.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b6098ffe27bccf72021-12-21 10:45:13.948root 11241100x8000000000000000417975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:13.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.298c9814ab8e05682021-12-21 10:45:13.948root 11241100x8000000000000000417976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:13.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1edbf79667c219c2021-12-21 10:45:13.948root 11241100x8000000000000000417977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:13.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af30d869421a88852021-12-21 10:45:13.948root 11241100x8000000000000000417978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:13.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.785cc438842dca382021-12-21 10:45:13.948root 11241100x8000000000000000417979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:13.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87106bf3d65219e2021-12-21 10:45:13.948root 11241100x8000000000000000417980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:13.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1860454ef9d8797e2021-12-21 10:45:13.948root 11241100x8000000000000000417981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:13.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f05496c99089a4d52021-12-21 10:45:13.948root 11241100x8000000000000000417982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:13.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8623ad453c834f32021-12-21 10:45:13.948root 11241100x8000000000000000417983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:13.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de4951f2b2b325512021-12-21 10:45:13.949root 11241100x8000000000000000417984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:13.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17500d4d47b601f92021-12-21 10:45:13.949root 11241100x8000000000000000417985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:13.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d093084e5ddca5072021-12-21 10:45:13.949root 354300x8000000000000000417986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.082{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47550-false10.0.1.12-8000- 11241100x8000000000000000417987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c03018c0c54cd92021-12-21 10:45:14.443root 11241100x8000000000000000417988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.094349daec4893602021-12-21 10:45:14.443root 11241100x8000000000000000417989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6368ee26fa4e9c82021-12-21 10:45:14.443root 11241100x8000000000000000417990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b018de1822d1602021-12-21 10:45:14.443root 11241100x8000000000000000417991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d73fb80dbf96eb3d2021-12-21 10:45:14.443root 11241100x8000000000000000417992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7824a4f164979b02021-12-21 10:45:14.443root 11241100x8000000000000000417993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d3368f2833b0612021-12-21 10:45:14.444root 11241100x8000000000000000417994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f128ee73ec158a2021-12-21 10:45:14.444root 11241100x8000000000000000417995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa2c43b1fd4476242021-12-21 10:45:14.444root 11241100x8000000000000000417996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b60f0ae9a29fb77b2021-12-21 10:45:14.444root 11241100x8000000000000000417997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4885b252cb25ea72021-12-21 10:45:14.444root 11241100x8000000000000000417998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd935bf532ad3022021-12-21 10:45:14.444root 11241100x8000000000000000417999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e12aafdf5e1ce952021-12-21 10:45:14.444root 11241100x8000000000000000418000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91f0510b1f945eb92021-12-21 10:45:14.444root 11241100x8000000000000000418001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a34a7ed657423f42021-12-21 10:45:14.444root 11241100x8000000000000000418002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df77aca58bbdd9282021-12-21 10:45:14.444root 11241100x8000000000000000418003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.337ec270f13b74b12021-12-21 10:45:14.444root 11241100x8000000000000000418004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b09a849544117c52021-12-21 10:45:14.445root 11241100x8000000000000000418005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac513d0064ee7e62021-12-21 10:45:14.445root 11241100x8000000000000000418006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f54cc699350d0c012021-12-21 10:45:14.445root 11241100x8000000000000000418007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d1e5b35cedc31542021-12-21 10:45:14.445root 11241100x8000000000000000418008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e7e304992a3e6032021-12-21 10:45:14.445root 11241100x8000000000000000418009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df2e406ed4ed66992021-12-21 10:45:14.445root 11241100x8000000000000000418010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0dfa24b04b588e2021-12-21 10:45:14.445root 11241100x8000000000000000418011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d8a6bae8b4ba5ae2021-12-21 10:45:14.446root 11241100x8000000000000000418012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df1ccd5cac32e02b2021-12-21 10:45:14.446root 11241100x8000000000000000418013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d6008fbc5288eae2021-12-21 10:45:14.446root 11241100x8000000000000000418014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da0db46c405bb8722021-12-21 10:45:14.446root 11241100x8000000000000000418015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d56138aa6e4bfb242021-12-21 10:45:14.446root 11241100x8000000000000000418016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.403b909771aa181e2021-12-21 10:45:14.446root 11241100x8000000000000000418017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e548bed29485c922021-12-21 10:45:14.446root 11241100x8000000000000000418018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c81f0d705298082021-12-21 10:45:14.446root 11241100x8000000000000000418019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60f70aaf64c75f592021-12-21 10:45:14.446root 11241100x8000000000000000418020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a70eb805a1e85242021-12-21 10:45:14.447root 11241100x8000000000000000418021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc8c5a2e4138a562021-12-21 10:45:14.447root 11241100x8000000000000000418022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377f1cb06b372c512021-12-21 10:45:14.943root 11241100x8000000000000000418023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d5885ca5b2c6412021-12-21 10:45:14.943root 11241100x8000000000000000418024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d9dd3685756fa02021-12-21 10:45:14.943root 11241100x8000000000000000418025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e87fe32f708e1e2021-12-21 10:45:14.943root 11241100x8000000000000000418026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde29b265f1ea3332021-12-21 10:45:14.943root 11241100x8000000000000000418027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12c78e3eabe62a62021-12-21 10:45:14.943root 11241100x8000000000000000418028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1d34fc4046e85522021-12-21 10:45:14.943root 11241100x8000000000000000418029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41e5fa99851e953a2021-12-21 10:45:14.943root 11241100x8000000000000000418030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31dc398f548466842021-12-21 10:45:14.944root 11241100x8000000000000000418031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d0bcf73b15a9c22021-12-21 10:45:14.944root 11241100x8000000000000000418032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4834a52a00f4b212021-12-21 10:45:14.944root 11241100x8000000000000000418033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9781d1c5c8d5af742021-12-21 10:45:14.944root 11241100x8000000000000000418034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ffeee627673255b2021-12-21 10:45:14.944root 11241100x8000000000000000418035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bf0b66c5b7b9ec52021-12-21 10:45:14.944root 11241100x8000000000000000418036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be7261f9c385654f2021-12-21 10:45:14.944root 11241100x8000000000000000418037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51aac7a38beff8602021-12-21 10:45:14.944root 11241100x8000000000000000418038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0233698e057c1a42021-12-21 10:45:14.944root 11241100x8000000000000000418039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01c8e7bc9ac682c12021-12-21 10:45:14.945root 11241100x8000000000000000418040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc1eda043b542742021-12-21 10:45:14.945root 11241100x8000000000000000418041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb803fee947a19ea2021-12-21 10:45:14.945root 11241100x8000000000000000418042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74819d6abb3a97992021-12-21 10:45:14.945root 11241100x8000000000000000418043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ea2e85c3f718672021-12-21 10:45:14.945root 11241100x8000000000000000418044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a02af9a313837b2021-12-21 10:45:14.945root 11241100x8000000000000000418045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce0ba1bf82d18bb2021-12-21 10:45:14.945root 11241100x8000000000000000418046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.806584990344e6822021-12-21 10:45:14.945root 11241100x8000000000000000418047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f28e0ccdd2492f2021-12-21 10:45:14.945root 11241100x8000000000000000418048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd8fbde6360254e2021-12-21 10:45:14.945root 11241100x8000000000000000418049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c0c5a45533d0762021-12-21 10:45:14.945root 11241100x8000000000000000418050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc75b71e20f6a7622021-12-21 10:45:14.946root 11241100x8000000000000000418051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e120ea4766ad4e2021-12-21 10:45:14.946root 11241100x8000000000000000418052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae2e7b73e066c9d22021-12-21 10:45:14.946root 11241100x8000000000000000418053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca52a350832ef4a2021-12-21 10:45:14.946root 11241100x8000000000000000418054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed19e8b937d72972021-12-21 10:45:14.946root 11241100x8000000000000000418055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6725a9080caefca2021-12-21 10:45:14.946root 11241100x8000000000000000418056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7deeba80bde329802021-12-21 10:45:15.443root 11241100x8000000000000000418057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595c2096d2867c502021-12-21 10:45:15.443root 11241100x8000000000000000418058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a713e7f5662263802021-12-21 10:45:15.443root 11241100x8000000000000000418059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c9e9ee7bceced012021-12-21 10:45:15.443root 11241100x8000000000000000418060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff0b336b86d2bef82021-12-21 10:45:15.444root 11241100x8000000000000000418061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f6b710894e088fa2021-12-21 10:45:15.444root 11241100x8000000000000000418062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8f529c6f9448bbe2021-12-21 10:45:15.444root 11241100x8000000000000000418063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e8b9164552a858c2021-12-21 10:45:15.444root 11241100x8000000000000000418064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69f42f808dd4ca12021-12-21 10:45:15.444root 11241100x8000000000000000418065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43280095f8603f592021-12-21 10:45:15.444root 11241100x8000000000000000418066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e2526ee207713912021-12-21 10:45:15.444root 11241100x8000000000000000418067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2323ec84d03067942021-12-21 10:45:15.444root 11241100x8000000000000000418068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.620056150fdaf5862021-12-21 10:45:15.444root 11241100x8000000000000000418069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16851ecb7ed950952021-12-21 10:45:15.444root 11241100x8000000000000000418070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c1275d72c42bf32021-12-21 10:45:15.444root 11241100x8000000000000000418071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.780e3b8361d4c6672021-12-21 10:45:15.444root 11241100x8000000000000000418072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8cee29dfca94c82021-12-21 10:45:15.444root 11241100x8000000000000000418073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.694663f8f673cc402021-12-21 10:45:15.444root 11241100x8000000000000000418074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab50e37142a95c562021-12-21 10:45:15.444root 11241100x8000000000000000418075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d5c6cab824ab032021-12-21 10:45:15.445root 11241100x8000000000000000418076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b32d719c7e70bfda2021-12-21 10:45:15.445root 11241100x8000000000000000418077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19c35e17c264aa1a2021-12-21 10:45:15.445root 11241100x8000000000000000418078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b963eff13ec9a62021-12-21 10:45:15.445root 11241100x8000000000000000418079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5400e03ad5cf6ac2021-12-21 10:45:15.943root 11241100x8000000000000000418080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.675c9789079d5fa22021-12-21 10:45:15.943root 11241100x8000000000000000418081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce9b8745acda1c7c2021-12-21 10:45:15.943root 11241100x8000000000000000418082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63e7422a80ca64712021-12-21 10:45:15.943root 11241100x8000000000000000418083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d873733015c9472021-12-21 10:45:15.943root 11241100x8000000000000000418084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c27889b5cdc665a2021-12-21 10:45:15.944root 11241100x8000000000000000418085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d31a92fe9e24b2d2021-12-21 10:45:15.944root 11241100x8000000000000000418086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb57f9bee58c3b72021-12-21 10:45:15.944root 11241100x8000000000000000418087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eefc826b75ad9f22021-12-21 10:45:15.944root 11241100x8000000000000000418088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3bff4435cfe94722021-12-21 10:45:15.944root 11241100x8000000000000000418089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc2d1c5d67e69e72021-12-21 10:45:15.944root 11241100x8000000000000000418090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80725aaa33ae12692021-12-21 10:45:15.944root 11241100x8000000000000000418091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a23eab785cb93e42021-12-21 10:45:15.944root 11241100x8000000000000000418092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748ed920d427f1bc2021-12-21 10:45:15.944root 11241100x8000000000000000418093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1187e2f54a160b2021-12-21 10:45:15.944root 11241100x8000000000000000418094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32516a57a6d1db2c2021-12-21 10:45:15.944root 11241100x8000000000000000418095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde1a61e72b403cd2021-12-21 10:45:15.944root 11241100x8000000000000000418096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8263bffa1491dfd42021-12-21 10:45:15.944root 11241100x8000000000000000418097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6182a71123e599ff2021-12-21 10:45:15.945root 11241100x8000000000000000418098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c59822ee52a1043b2021-12-21 10:45:15.945root 11241100x8000000000000000418099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6200b50a98c422592021-12-21 10:45:15.945root 11241100x8000000000000000418100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c854ac502b629ec12021-12-21 10:45:15.945root 11241100x8000000000000000418101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c03d0d48f8b7952021-12-21 10:45:15.945root 11241100x8000000000000000418102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f26440ba33fe6c722021-12-21 10:45:16.443root 11241100x8000000000000000418103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d84b712a8ebd652021-12-21 10:45:16.443root 11241100x8000000000000000418104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfff044f462c6f902021-12-21 10:45:16.443root 11241100x8000000000000000418105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d58fcc29a43b5be2021-12-21 10:45:16.443root 11241100x8000000000000000418106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a657ff6a97a3bac42021-12-21 10:45:16.443root 11241100x8000000000000000418107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fc5ecd7e0c9c0b52021-12-21 10:45:16.443root 11241100x8000000000000000418108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e61352b5bd655b12021-12-21 10:45:16.443root 11241100x8000000000000000418109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3b9a43dce1462b2021-12-21 10:45:16.444root 11241100x8000000000000000418110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eec8f498f49696d2021-12-21 10:45:16.444root 11241100x8000000000000000418111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fad7bbb90728f1c2021-12-21 10:45:16.444root 11241100x8000000000000000418112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b4e98aec0d108b32021-12-21 10:45:16.444root 11241100x8000000000000000418113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa0589c3f3eb69a2021-12-21 10:45:16.444root 11241100x8000000000000000418114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a67d1ff46e1f792021-12-21 10:45:16.444root 11241100x8000000000000000418115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.416d556a3ac3474c2021-12-21 10:45:16.444root 11241100x8000000000000000418116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d1ac1bb0f90fbf2021-12-21 10:45:16.444root 11241100x8000000000000000418117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc339dedd4da8432021-12-21 10:45:16.444root 11241100x8000000000000000418118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d63f5251d4bc2462021-12-21 10:45:16.444root 11241100x8000000000000000418119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df1799b0890e6d2f2021-12-21 10:45:16.444root 11241100x8000000000000000418120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.697bac75519297812021-12-21 10:45:16.444root 11241100x8000000000000000418121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4afa333d41f8eade2021-12-21 10:45:16.445root 11241100x8000000000000000418122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7acd23a4e39d171f2021-12-21 10:45:16.445root 11241100x8000000000000000418123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db68bade01248e62021-12-21 10:45:16.445root 11241100x8000000000000000418124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6064acefdcb8a2ea2021-12-21 10:45:16.445root 11241100x8000000000000000418125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e66843c4b07610e2021-12-21 10:45:16.943root 11241100x8000000000000000418126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ef3f9762fd56c772021-12-21 10:45:16.943root 11241100x8000000000000000418127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c30aea95c2376c542021-12-21 10:45:16.943root 11241100x8000000000000000418128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2656d6beee55901d2021-12-21 10:45:16.943root 11241100x8000000000000000418129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdd177961d6dac6a2021-12-21 10:45:16.943root 11241100x8000000000000000418130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e6de07b28dab3b92021-12-21 10:45:16.943root 11241100x8000000000000000418131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ae391876b84e992021-12-21 10:45:16.943root 11241100x8000000000000000418132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cadd1751421f520e2021-12-21 10:45:16.943root 11241100x8000000000000000418133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a4478555b06e63e2021-12-21 10:45:16.943root 11241100x8000000000000000418134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf011add5ed2100b2021-12-21 10:45:16.944root 11241100x8000000000000000418135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d4b74a19e398b62021-12-21 10:45:16.944root 11241100x8000000000000000418136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c96c5080fbb17382021-12-21 10:45:16.944root 11241100x8000000000000000418137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430361b62d7ca3282021-12-21 10:45:16.944root 11241100x8000000000000000418138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3235ba59e03328072021-12-21 10:45:16.944root 11241100x8000000000000000418139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d4807a342cd6ade2021-12-21 10:45:16.944root 11241100x8000000000000000418140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac3d7946dbd240c2021-12-21 10:45:16.944root 11241100x8000000000000000418141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a7d6316efd82bc62021-12-21 10:45:16.944root 11241100x8000000000000000418142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e58b67ce8c64b3cc2021-12-21 10:45:16.944root 11241100x8000000000000000418143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.123f5cbd1461fc252021-12-21 10:45:16.944root 11241100x8000000000000000418144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e08cef2c4679962021-12-21 10:45:16.944root 11241100x8000000000000000418145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f30a51ae662859b2021-12-21 10:45:16.944root 11241100x8000000000000000418146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15334924beb85b6c2021-12-21 10:45:16.945root 11241100x8000000000000000418147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e3aad22a6402252021-12-21 10:45:16.945root 11241100x8000000000000000418148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae07556a218ad202021-12-21 10:45:16.945root 11241100x8000000000000000418149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a069a457c6a1c7c62021-12-21 10:45:16.945root 11241100x8000000000000000418150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a3678976ca6b8e62021-12-21 10:45:16.945root 11241100x8000000000000000418151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e8faf90255168da2021-12-21 10:45:16.945root 11241100x8000000000000000418152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e7692d122be7fc2021-12-21 10:45:16.945root 11241100x8000000000000000418153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea07fdb4c1ec9792021-12-21 10:45:17.443root 11241100x8000000000000000418154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde096ccc045d4bc2021-12-21 10:45:17.443root 11241100x8000000000000000418155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76520fef6fb487a02021-12-21 10:45:17.443root 11241100x8000000000000000418156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a4bd0b5adfd93d32021-12-21 10:45:17.443root 11241100x8000000000000000418157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e8b118512d836b2021-12-21 10:45:17.444root 11241100x8000000000000000418158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1de2c9b8ed4e35bb2021-12-21 10:45:17.444root 11241100x8000000000000000418159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b1e5027a476b1d2021-12-21 10:45:17.444root 11241100x8000000000000000418160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ea13411afebf8e2021-12-21 10:45:17.444root 11241100x8000000000000000418161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa1374e19ef72a982021-12-21 10:45:17.444root 11241100x8000000000000000418162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f551be5d20d8862021-12-21 10:45:17.444root 11241100x8000000000000000418163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d90e2e63a0e7261c2021-12-21 10:45:17.444root 11241100x8000000000000000418164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.613d5f331122881b2021-12-21 10:45:17.444root 11241100x8000000000000000418165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e4493658e14cac12021-12-21 10:45:17.444root 11241100x8000000000000000418166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4f22a2551dcbc352021-12-21 10:45:17.444root 11241100x8000000000000000418167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e523bafb048f167b2021-12-21 10:45:17.444root 11241100x8000000000000000418168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4303b3e9b95c94b92021-12-21 10:45:17.445root 11241100x8000000000000000418169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91da469d332bbb742021-12-21 10:45:17.445root 11241100x8000000000000000418170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67d475b7f06571b2021-12-21 10:45:17.445root 11241100x8000000000000000418171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85718232109461672021-12-21 10:45:17.445root 11241100x8000000000000000418172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548603ca450311ca2021-12-21 10:45:17.445root 11241100x8000000000000000418173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caac2c425146097b2021-12-21 10:45:17.445root 11241100x8000000000000000418174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.623ae25d733228e82021-12-21 10:45:17.445root 11241100x8000000000000000418175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d14a76b2e65ae6132021-12-21 10:45:17.446root 11241100x8000000000000000418176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ac8f07eb0ab5ed52021-12-21 10:45:17.943root 11241100x8000000000000000418177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c56d725fa71d9442021-12-21 10:45:17.943root 11241100x8000000000000000418178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89c93b8414d8b59d2021-12-21 10:45:17.943root 11241100x8000000000000000418179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f6c243e649ec6f2021-12-21 10:45:17.943root 11241100x8000000000000000418180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0651a0ac2dd2b16c2021-12-21 10:45:17.943root 11241100x8000000000000000418181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cabf2f7c4d58fed62021-12-21 10:45:17.943root 11241100x8000000000000000418182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ade25b881ccd0c2d2021-12-21 10:45:17.944root 11241100x8000000000000000418183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c1e6bb5d3184942021-12-21 10:45:17.944root 11241100x8000000000000000418184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.198077c3fdb30a762021-12-21 10:45:17.944root 11241100x8000000000000000418185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0994c6b58bb22cb02021-12-21 10:45:17.944root 11241100x8000000000000000418186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e5f067836b3b2ca2021-12-21 10:45:17.944root 11241100x8000000000000000418187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.356b51b2453b8e772021-12-21 10:45:17.944root 11241100x8000000000000000418188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07d12e22e748e1652021-12-21 10:45:17.944root 11241100x8000000000000000418189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e43304d911b1e252021-12-21 10:45:17.944root 11241100x8000000000000000418190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e86ba49a02d1981d2021-12-21 10:45:17.944root 11241100x8000000000000000418191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bc809126f00fe382021-12-21 10:45:17.944root 11241100x8000000000000000418192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a973c6c7bf1a1f3a2021-12-21 10:45:17.945root 11241100x8000000000000000418193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.284f2c079a2f20a82021-12-21 10:45:17.945root 11241100x8000000000000000418194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.832cf4af512fc9772021-12-21 10:45:17.945root 11241100x8000000000000000418195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.056ee76b9d9911c52021-12-21 10:45:17.945root 11241100x8000000000000000418196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c1df8533158ef442021-12-21 10:45:17.945root 11241100x8000000000000000418197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b70d5fce9f8d72a2021-12-21 10:45:17.945root 11241100x8000000000000000418198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db4749005968ddaf2021-12-21 10:45:17.945root 11241100x8000000000000000418199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6774e5997cb42bf42021-12-21 10:45:18.443root 11241100x8000000000000000418200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d17e43c40a6ae8cd2021-12-21 10:45:18.443root 11241100x8000000000000000418201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.686e73a6e55454072021-12-21 10:45:18.443root 11241100x8000000000000000418202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d476f5231c9c0152021-12-21 10:45:18.443root 11241100x8000000000000000418203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77bc21ce65bf08122021-12-21 10:45:18.443root 11241100x8000000000000000418204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a024ad06a60789272021-12-21 10:45:18.443root 11241100x8000000000000000418205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69ad7d315b0702a72021-12-21 10:45:18.443root 11241100x8000000000000000418206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a123bf8d235e432021-12-21 10:45:18.444root 11241100x8000000000000000418207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edd6e724873241bd2021-12-21 10:45:18.444root 11241100x8000000000000000418208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4171c6b2401b79532021-12-21 10:45:18.444root 11241100x8000000000000000418209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d847b83bb55dc282021-12-21 10:45:18.444root 11241100x8000000000000000418210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71593cb8f2948632021-12-21 10:45:18.444root 11241100x8000000000000000418211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83c75af87a550e502021-12-21 10:45:18.444root 11241100x8000000000000000418212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b94f9b4f780f82a2021-12-21 10:45:18.444root 11241100x8000000000000000418213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f678ab8e42a295782021-12-21 10:45:18.444root 11241100x8000000000000000418214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f5d5363a5028ab2021-12-21 10:45:18.444root 11241100x8000000000000000418215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2959d4e884bba31c2021-12-21 10:45:18.444root 11241100x8000000000000000418216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e764d1c864e80c3d2021-12-21 10:45:18.444root 11241100x8000000000000000418217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcbfd283dad90df42021-12-21 10:45:18.445root 11241100x8000000000000000418218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.762fe7b669f49e492021-12-21 10:45:18.445root 11241100x8000000000000000418219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0fe889ce32e9b642021-12-21 10:45:18.445root 11241100x8000000000000000418220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c99ba82f722db1d2021-12-21 10:45:18.445root 11241100x8000000000000000418221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d65d38da1b82eb2021-12-21 10:45:18.445root 11241100x8000000000000000418222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3433808f954bed62021-12-21 10:45:18.445root 11241100x8000000000000000418223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd7ea6bb893053422021-12-21 10:45:18.943root 11241100x8000000000000000418224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e249fd02d876c0a2021-12-21 10:45:18.943root 11241100x8000000000000000418225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e23938b13ca180a2021-12-21 10:45:18.943root 11241100x8000000000000000418226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c4375c754eaecfd2021-12-21 10:45:18.943root 11241100x8000000000000000418227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.230fa5f22c0b163f2021-12-21 10:45:18.944root 11241100x8000000000000000418228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce5c7e793de639c2021-12-21 10:45:18.944root 11241100x8000000000000000418229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd07b817ae7dd702021-12-21 10:45:18.944root 11241100x8000000000000000418230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b63bdc75e5bca032021-12-21 10:45:18.944root 11241100x8000000000000000418231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4682935f5ca9b092021-12-21 10:45:18.944root 11241100x8000000000000000418232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a7020baf65818362021-12-21 10:45:18.944root 11241100x8000000000000000418233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c75fb05828bece822021-12-21 10:45:18.944root 11241100x8000000000000000418234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc8367293f435922021-12-21 10:45:18.944root 11241100x8000000000000000418235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c70f709e1d8f3d2021-12-21 10:45:18.944root 11241100x8000000000000000418236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7afbdbc1be12f6312021-12-21 10:45:18.944root 11241100x8000000000000000418237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.293b5f94fe52f8612021-12-21 10:45:18.945root 11241100x8000000000000000418238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de7fa7eaa606363b2021-12-21 10:45:18.945root 11241100x8000000000000000418239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8e7964ee057d4812021-12-21 10:45:18.945root 11241100x8000000000000000418240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e760ba66647c282021-12-21 10:45:18.945root 11241100x8000000000000000418241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83f252ecdad4d32b2021-12-21 10:45:18.945root 11241100x8000000000000000418242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60c9cdc3eb04e9392021-12-21 10:45:18.945root 11241100x8000000000000000418243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c79d363962a4dbf2021-12-21 10:45:18.945root 11241100x8000000000000000418244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de513b247dfb0ed22021-12-21 10:45:18.945root 11241100x8000000000000000418245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.073af8babba12b402021-12-21 10:45:18.945root 11241100x8000000000000000418246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.220c0c73b5426ffd2021-12-21 10:45:18.945root 354300x8000000000000000418247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:19.238{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47552-false10.0.1.12-8000- 11241100x8000000000000000418248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:19.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.774403b0fe7eefd92021-12-21 10:45:19.238root 11241100x8000000000000000418249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:19.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f103e80d745beb02021-12-21 10:45:19.239root 11241100x8000000000000000418250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:19.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69945371e56a7f6d2021-12-21 10:45:19.239root 11241100x8000000000000000418251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:19.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e98a58db8059632021-12-21 10:45:19.239root 11241100x8000000000000000418252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:19.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ed783a19aa66c42021-12-21 10:45:19.239root 11241100x8000000000000000418253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:19.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267def57c00eb0452021-12-21 10:45:19.239root 11241100x8000000000000000418254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:19.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f2ee55e767a85712021-12-21 10:45:19.239root 11241100x8000000000000000418255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:19.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85514ebd16b9c8762021-12-21 10:45:19.240root 11241100x8000000000000000418256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:19.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80745913216d14072021-12-21 10:45:19.240root 11241100x8000000000000000418257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:19.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91415e54f4cc64062021-12-21 10:45:19.240root 11241100x8000000000000000418258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:19.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e27909cd10e2a3e52021-12-21 10:45:19.240root 11241100x8000000000000000418259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:19.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b3873814a78d0b12021-12-21 10:45:19.240root 11241100x8000000000000000418260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:19.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f7a6a583f68637a2021-12-21 10:45:19.240root 11241100x8000000000000000418261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:19.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6be8b87240ea9972021-12-21 10:45:19.240root 11241100x8000000000000000418262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:19.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d91e0db7de609402021-12-21 10:45:19.240root 11241100x8000000000000000418263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:19.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf159ae42df0c6c32021-12-21 10:45:19.240root 11241100x8000000000000000418264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:19.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85a8e948091e284d2021-12-21 10:45:19.240root 11241100x8000000000000000418265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:19.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3511065ad02ee9b92021-12-21 10:45:19.240root 11241100x8000000000000000418266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:19.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01aaad60d060de5a2021-12-21 10:45:19.240root 11241100x8000000000000000418267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:19.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5648f5a445c55e682021-12-21 10:45:19.240root 11241100x8000000000000000418268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:19.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d2a7aab73287132021-12-21 10:45:19.240root 11241100x8000000000000000418269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:19.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e92e3695fe0bca3c2021-12-21 10:45:19.240root 11241100x8000000000000000418270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:19.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27fccda1097303fd2021-12-21 10:45:19.241root 11241100x8000000000000000418271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:19.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f3b1776c810e892021-12-21 10:45:19.241root 11241100x8000000000000000418272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:19.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adb4fba651593b292021-12-21 10:45:19.241root 11241100x8000000000000000418273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:19.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.207d19133ccb89e92021-12-21 10:45:19.241root 11241100x8000000000000000418274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:19.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46470ade80b3e59c2021-12-21 10:45:19.241root 11241100x8000000000000000418275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:19.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6968e70fc4a84902021-12-21 10:45:19.241root 11241100x8000000000000000418276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b41de3cab9d73b92021-12-21 10:45:19.693root 11241100x8000000000000000418277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70db22d21343d3692021-12-21 10:45:19.693root 11241100x8000000000000000418278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95fe89d38a8426b32021-12-21 10:45:19.693root 11241100x8000000000000000418279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a2c37f5f7a05c12021-12-21 10:45:19.693root 11241100x8000000000000000418280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a499b7601f7a3ef2021-12-21 10:45:19.693root 11241100x8000000000000000418281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.294904f072d382d72021-12-21 10:45:19.693root 11241100x8000000000000000418282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e264f09098540e2021-12-21 10:45:19.693root 11241100x8000000000000000418283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f04ebdd2c268ec3a2021-12-21 10:45:19.694root 11241100x8000000000000000418284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27143207ba0765742021-12-21 10:45:19.694root 11241100x8000000000000000418285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c67d5c78dac9d782021-12-21 10:45:19.694root 11241100x8000000000000000418286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae7e095f6a62a45b2021-12-21 10:45:19.694root 11241100x8000000000000000418287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82820fc0a245106c2021-12-21 10:45:19.694root 11241100x8000000000000000418288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba30223b1ef4e742021-12-21 10:45:19.694root 11241100x8000000000000000418289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b452d4136a9927d2021-12-21 10:45:19.694root 11241100x8000000000000000418290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e0a070ae0bf3da2021-12-21 10:45:19.694root 11241100x8000000000000000418291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.784c7dda73dca23f2021-12-21 10:45:19.694root 11241100x8000000000000000418292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc72ed8e4f448892021-12-21 10:45:19.694root 11241100x8000000000000000418293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18e346a58c510dc2021-12-21 10:45:19.694root 11241100x8000000000000000418294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a988b116541a48562021-12-21 10:45:19.694root 11241100x8000000000000000418295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f897966a8cc8ad2021-12-21 10:45:19.694root 11241100x8000000000000000418296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f55594dbd67f2e2021-12-21 10:45:19.694root 11241100x8000000000000000418297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d24e9dfd88a956122021-12-21 10:45:19.695root 11241100x8000000000000000418298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e3b25501de26f22021-12-21 10:45:19.695root 11241100x8000000000000000418299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d45f79e0c422cd32021-12-21 10:45:19.695root 11241100x8000000000000000418300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b125983cde94f7e02021-12-21 10:45:20.193root 11241100x8000000000000000418301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118f12228d91b5fa2021-12-21 10:45:20.193root 11241100x8000000000000000418302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec46975a07ff2362021-12-21 10:45:20.193root 11241100x8000000000000000418303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9370487ccb2e0baf2021-12-21 10:45:20.193root 11241100x8000000000000000418304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f1fc9b0177a00c2021-12-21 10:45:20.193root 11241100x8000000000000000418305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c0d6221a9c2f3132021-12-21 10:45:20.194root 11241100x8000000000000000418306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b41bc86d2ddc5002021-12-21 10:45:20.194root 11241100x8000000000000000418307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02773d4cdfb577b52021-12-21 10:45:20.194root 11241100x8000000000000000418308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46b5aad1007ed832021-12-21 10:45:20.194root 11241100x8000000000000000418309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b2f243e57ebc45f2021-12-21 10:45:20.194root 11241100x8000000000000000418310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba497966474c2a892021-12-21 10:45:20.194root 11241100x8000000000000000418311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d70c9a375facf172021-12-21 10:45:20.194root 11241100x8000000000000000418312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd620fa1f5622d422021-12-21 10:45:20.194root 11241100x8000000000000000418313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8cae92bd71c000f2021-12-21 10:45:20.194root 11241100x8000000000000000418314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc1404075484428a2021-12-21 10:45:20.194root 11241100x8000000000000000418315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a26e30c3ad3b51e2021-12-21 10:45:20.194root 11241100x8000000000000000418316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aec0da6dc8f53382021-12-21 10:45:20.194root 11241100x8000000000000000418317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d76db9c4075dd8802021-12-21 10:45:20.194root 11241100x8000000000000000418318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b4ac82921454c7d2021-12-21 10:45:20.194root 11241100x8000000000000000418319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1f8dc025b98d6b72021-12-21 10:45:20.194root 11241100x8000000000000000418320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4258cef25515f602021-12-21 10:45:20.194root 11241100x8000000000000000418321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a11c996f31fe5b752021-12-21 10:45:20.195root 11241100x8000000000000000418322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb1d41f67d4d94452021-12-21 10:45:20.195root 11241100x8000000000000000418323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d32b81b256d4f5e2021-12-21 10:45:20.195root 11241100x8000000000000000418324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c656b9cfc5603d0e2021-12-21 10:45:20.693root 11241100x8000000000000000418325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015ade5355eec6f12021-12-21 10:45:20.693root 11241100x8000000000000000418326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8605cd7abb603ebe2021-12-21 10:45:20.693root 11241100x8000000000000000418327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba9f3c3785fee0762021-12-21 10:45:20.693root 11241100x8000000000000000418328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0043e8484715a6912021-12-21 10:45:20.693root 11241100x8000000000000000418329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf11932068eea1b82021-12-21 10:45:20.693root 11241100x8000000000000000418330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acbdd50026f8f6f22021-12-21 10:45:20.693root 11241100x8000000000000000418331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95923a8759b615fd2021-12-21 10:45:20.694root 11241100x8000000000000000418332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d8706a634387f72021-12-21 10:45:20.694root 11241100x8000000000000000418333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde6757ebd481e192021-12-21 10:45:20.694root 11241100x8000000000000000418334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a771e3d2ef670162021-12-21 10:45:20.694root 11241100x8000000000000000418335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d35f068de2160d2021-12-21 10:45:20.694root 11241100x8000000000000000418336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71fc3fe58d1732252021-12-21 10:45:20.694root 11241100x8000000000000000418337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bd070161b3a25d02021-12-21 10:45:20.694root 11241100x8000000000000000418338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c8b65c662a73c082021-12-21 10:45:20.694root 11241100x8000000000000000418339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e198ce71005b2622021-12-21 10:45:20.694root 11241100x8000000000000000418340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc3cbbfde160d20d2021-12-21 10:45:20.694root 11241100x8000000000000000418341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d34522a3c2aaac2021-12-21 10:45:20.694root 11241100x8000000000000000418342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c94fd9560babbfcb2021-12-21 10:45:20.694root 11241100x8000000000000000418343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c7bfcd44d3214d12021-12-21 10:45:20.694root 11241100x8000000000000000418344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f8b28a8c1de7e02021-12-21 10:45:20.694root 11241100x8000000000000000418345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c5e7670fedbd762021-12-21 10:45:20.695root 11241100x8000000000000000418346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.710fd9008c4d958a2021-12-21 10:45:20.695root 11241100x8000000000000000418347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f93304a0cdb2ae92021-12-21 10:45:20.695root 11241100x8000000000000000418348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5087b15bf9d6528f2021-12-21 10:45:21.193root 11241100x8000000000000000418349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.535a00a25fccdc042021-12-21 10:45:21.193root 11241100x8000000000000000418350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe302776a2bbf342021-12-21 10:45:21.193root 11241100x8000000000000000418351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b9f632a86e96802021-12-21 10:45:21.193root 11241100x8000000000000000418352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a0ac614e58785dd2021-12-21 10:45:21.193root 11241100x8000000000000000418353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dbf267cba9cc2e92021-12-21 10:45:21.194root 11241100x8000000000000000418354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b08d625acdc9a092021-12-21 10:45:21.194root 11241100x8000000000000000418355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37593209f3baff662021-12-21 10:45:21.194root 11241100x8000000000000000418356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3158a35ec9d8d042021-12-21 10:45:21.194root 11241100x8000000000000000418357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6318aee77ef06da82021-12-21 10:45:21.194root 11241100x8000000000000000418358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c66cffb8afa677722021-12-21 10:45:21.194root 11241100x8000000000000000418359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.241aa195d7df4ce02021-12-21 10:45:21.194root 11241100x8000000000000000418360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4e485b5d8b9890b2021-12-21 10:45:21.194root 11241100x8000000000000000418361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.977619da27fa07902021-12-21 10:45:21.194root 11241100x8000000000000000418362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.656c03a4a041cbc12021-12-21 10:45:21.194root 11241100x8000000000000000418363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a8bc28893adc42e2021-12-21 10:45:21.194root 11241100x8000000000000000418364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c512961991cf002021-12-21 10:45:21.194root 11241100x8000000000000000418365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e04213becd68482021-12-21 10:45:21.194root 11241100x8000000000000000418366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd6e80b2cdd425b32021-12-21 10:45:21.194root 11241100x8000000000000000418367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35960f714753294e2021-12-21 10:45:21.194root 11241100x8000000000000000418368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.765629e0610647b12021-12-21 10:45:21.194root 11241100x8000000000000000418369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0bde0e10d53ff672021-12-21 10:45:21.195root 11241100x8000000000000000418370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d23352181eba5d2021-12-21 10:45:21.195root 11241100x8000000000000000418371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f48ac358470a4702021-12-21 10:45:21.195root 11241100x8000000000000000418372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d21c9d07380e83a2021-12-21 10:45:21.693root 11241100x8000000000000000418373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d31fb36b47387432021-12-21 10:45:21.693root 11241100x8000000000000000418374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.396b311a44d3bb692021-12-21 10:45:21.693root 11241100x8000000000000000418375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50bd8f56e12a98dc2021-12-21 10:45:21.693root 11241100x8000000000000000418376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b9558a33e6ef1eb2021-12-21 10:45:21.693root 11241100x8000000000000000418377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c36278a5f35b22232021-12-21 10:45:21.693root 11241100x8000000000000000418378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a2ea98bfe0cbedf2021-12-21 10:45:21.693root 11241100x8000000000000000418379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51e319e5e2dcff312021-12-21 10:45:21.693root 11241100x8000000000000000418380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98229ce4a196813e2021-12-21 10:45:21.693root 11241100x8000000000000000418381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a538da23f0a0ded32021-12-21 10:45:21.693root 11241100x8000000000000000418382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9223cd5f210a8732021-12-21 10:45:21.693root 11241100x8000000000000000418383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20e96dbebade3a712021-12-21 10:45:21.693root 11241100x8000000000000000418384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.005a494a4cd7411d2021-12-21 10:45:21.694root 11241100x8000000000000000418385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a0ade36d7b832082021-12-21 10:45:21.694root 11241100x8000000000000000418386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6cb7396e0675802021-12-21 10:45:21.694root 11241100x8000000000000000418387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eff0e8936d014e972021-12-21 10:45:21.694root 11241100x8000000000000000418388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf459e2a06af49b52021-12-21 10:45:21.694root 11241100x8000000000000000418389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4364ce4ed69e8452021-12-21 10:45:21.694root 11241100x8000000000000000418390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f816960e4ffd0e22021-12-21 10:45:21.694root 11241100x8000000000000000418391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7990613179fb4812021-12-21 10:45:21.694root 11241100x8000000000000000418392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab21c1d08376cbb82021-12-21 10:45:21.694root 11241100x8000000000000000418393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d7dec647ad972e2021-12-21 10:45:21.694root 11241100x8000000000000000418394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7747f083c0d6baf22021-12-21 10:45:21.694root 11241100x8000000000000000418395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf064d37e29695d72021-12-21 10:45:21.694root 11241100x8000000000000000418396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e3a3b0102cdd1ea2021-12-21 10:45:22.193root 11241100x8000000000000000418397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef4ba75f9299d4eb2021-12-21 10:45:22.193root 11241100x8000000000000000418398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf58d86e66c702e2021-12-21 10:45:22.193root 11241100x8000000000000000418399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31f0b7ec2dd485122021-12-21 10:45:22.193root 11241100x8000000000000000418400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3192b4d393203ba72021-12-21 10:45:22.193root 11241100x8000000000000000418401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:22.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7bfa90ae9404a32021-12-21 10:45:22.194root 11241100x8000000000000000418402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:22.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe73da4e96b76d82021-12-21 10:45:22.194root 11241100x8000000000000000418403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:22.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a0b0ad07bd71d8a2021-12-21 10:45:22.194root 11241100x8000000000000000418404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:22.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c070244fa58c20c2021-12-21 10:45:22.194root 11241100x8000000000000000418405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:22.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.728ad8fc06b7ce852021-12-21 10:45:22.194root 11241100x8000000000000000418406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:22.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e20b83df5d4dea4e2021-12-21 10:45:22.194root 11241100x8000000000000000418407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:22.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc55d45ba8320322021-12-21 10:45:22.194root 11241100x8000000000000000418408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:22.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828c154b5047d6dd2021-12-21 10:45:22.194root 11241100x8000000000000000418409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:22.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f683a537c8b97f202021-12-21 10:45:22.194root 11241100x8000000000000000418410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:22.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e7cb4ee4a94016a2021-12-21 10:45:22.194root 11241100x8000000000000000418411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:22.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f52cf65746b615242021-12-21 10:45:22.194root 11241100x8000000000000000418412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:22.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a31f5c2c79020ab32021-12-21 10:45:22.194root 11241100x8000000000000000418413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:22.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d43a99aa2031582021-12-21 10:45:22.194root 11241100x8000000000000000418414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:22.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ac98e56222b0d52021-12-21 10:45:22.194root 11241100x8000000000000000418415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:22.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88dbed40b4a001252021-12-21 10:45:22.194root 11241100x8000000000000000418416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:22.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15bf0baee0f038d82021-12-21 10:45:22.195root 11241100x8000000000000000418417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:22.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52e1f8355ee0af172021-12-21 10:45:22.195root 11241100x8000000000000000418418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:22.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea212bbb3f01bd0c2021-12-21 10:45:22.195root 11241100x8000000000000000418419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:22.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c6538146c28a052021-12-21 10:45:22.195root 11241100x8000000000000000418420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.405d0b36611fce582021-12-21 10:45:22.693root 11241100x8000000000000000418421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46bc1e9d192269132021-12-21 10:45:22.693root 11241100x8000000000000000418422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e3987d6167997102021-12-21 10:45:22.693root 11241100x8000000000000000418423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ebbb16a95634b72021-12-21 10:45:22.693root 11241100x8000000000000000418424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d479df549743ff372021-12-21 10:45:22.693root 11241100x8000000000000000418425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6d92066db5994e2021-12-21 10:45:22.693root 11241100x8000000000000000418426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf3091fcb13288ce2021-12-21 10:45:22.693root 11241100x8000000000000000418427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82707afbc31064a52021-12-21 10:45:22.694root 11241100x8000000000000000418428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c41260f75db7ca482021-12-21 10:45:22.694root 11241100x8000000000000000418429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac5459d960116e9b2021-12-21 10:45:22.694root 11241100x8000000000000000418430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce3ba608853afb82021-12-21 10:45:22.694root 11241100x8000000000000000418431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae9844b7157bb1452021-12-21 10:45:22.694root 11241100x8000000000000000418432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c677db99ab875ab12021-12-21 10:45:22.694root 11241100x8000000000000000418433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cdd1d3290a627f22021-12-21 10:45:22.694root 11241100x8000000000000000418434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c948e8769c20db162021-12-21 10:45:22.694root 11241100x8000000000000000418435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37596c94dcaf5a22021-12-21 10:45:22.694root 11241100x8000000000000000418436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba2dd072be13e362021-12-21 10:45:22.694root 11241100x8000000000000000418437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.852d4e44e987e1852021-12-21 10:45:22.694root 11241100x8000000000000000418438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc2cb5c0a23bfbb2021-12-21 10:45:22.695root 11241100x8000000000000000418439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c87c2f73cd8029f2021-12-21 10:45:22.695root 11241100x8000000000000000418440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42dfc9b95c33b7ca2021-12-21 10:45:22.695root 11241100x8000000000000000418441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0015d70aff7427952021-12-21 10:45:22.695root 11241100x8000000000000000418442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d70165ff0be4a82021-12-21 10:45:22.695root 11241100x8000000000000000418443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a6c021d82c09e502021-12-21 10:45:22.695root 11241100x8000000000000000418444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33bf4c34b21f55812021-12-21 10:45:23.193root 11241100x8000000000000000418445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83c7bbbde4feea8e2021-12-21 10:45:23.193root 11241100x8000000000000000418446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ef25b60f670b432021-12-21 10:45:23.193root 11241100x8000000000000000418447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa6af5000243bbf2021-12-21 10:45:23.193root 11241100x8000000000000000418448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d33ecb2dd9487ee12021-12-21 10:45:23.193root 11241100x8000000000000000418449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2632e775d68a07082021-12-21 10:45:23.193root 11241100x8000000000000000418450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc76003b4dd292642021-12-21 10:45:23.193root 11241100x8000000000000000418451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4780760154d8b9c2021-12-21 10:45:23.193root 11241100x8000000000000000418452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f1829d26dba88e12021-12-21 10:45:23.193root 11241100x8000000000000000418453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ef0f80e3a1b36822021-12-21 10:45:23.193root 11241100x8000000000000000418454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58fe2a817482cb212021-12-21 10:45:23.193root 11241100x8000000000000000418455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b017a3b9daefcd22021-12-21 10:45:23.193root 11241100x8000000000000000418456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.736fb8f10ec75e382021-12-21 10:45:23.193root 11241100x8000000000000000418457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:23.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ceb5b462bc723f82021-12-21 10:45:23.193root 11241100x8000000000000000418458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7a40fc70a1200272021-12-21 10:45:23.194root 11241100x8000000000000000418459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37677c465f8bbeb22021-12-21 10:45:23.194root 11241100x8000000000000000418460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccad96ca215cfd232021-12-21 10:45:23.194root 11241100x8000000000000000418461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb44d9c66ea84a22021-12-21 10:45:23.194root 11241100x8000000000000000418462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47c0a35da766a7b2021-12-21 10:45:23.194root 11241100x8000000000000000418463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec2935b063ed8e32021-12-21 10:45:23.194root 11241100x8000000000000000418464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d4ec18882ca541d2021-12-21 10:45:23.194root 11241100x8000000000000000418465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96ef0ec6d53ddc612021-12-21 10:45:23.194root 11241100x8000000000000000418466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.168a47973614d5ce2021-12-21 10:45:23.194root 11241100x8000000000000000418467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:23.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc03f99549a95022021-12-21 10:45:23.194root 11241100x8000000000000000418468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e9dbc9cf716c2922021-12-21 10:45:23.693root 11241100x8000000000000000418469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:23.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d94f60b5b69b9de52021-12-21 10:45:23.693root 11241100x8000000000000000418470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc1ff4c3daf1cfd2021-12-21 10:45:23.694root 11241100x8000000000000000418471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b09623c4a07e64092021-12-21 10:45:23.694root 11241100x8000000000000000418472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf6e29917191cdf2021-12-21 10:45:23.694root 11241100x8000000000000000418473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:23.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.675144195c8f9f182021-12-21 10:45:23.694root 11241100x8000000000000000418474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7597a5748cef34aa2021-12-21 10:45:23.695root 11241100x8000000000000000418475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ecf0d0c2a1ea0f32021-12-21 10:45:23.695root 11241100x8000000000000000418476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a672351f2226e4d2021-12-21 10:45:23.695root 11241100x8000000000000000418477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe6bc17365a54e52021-12-21 10:45:23.695root 11241100x8000000000000000418478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:23.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c60c84b45f6803202021-12-21 10:45:23.695root 11241100x8000000000000000418479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.817d8c8fd4dfc7d32021-12-21 10:45:23.696root 11241100x8000000000000000418480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f099a7b5a1eb99372021-12-21 10:45:23.696root 11241100x8000000000000000418481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:23.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2b293c0ba455d852021-12-21 10:45:23.696root 11241100x8000000000000000418482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:23.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7f2ec6169e61282021-12-21 10:45:23.697root 11241100x8000000000000000418483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:23.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2121cea7abe7c5a82021-12-21 10:45:23.697root 11241100x8000000000000000418484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:23.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee83660a1bf38ae2021-12-21 10:45:23.697root 11241100x8000000000000000418485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:23.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a849e053c88178fc2021-12-21 10:45:23.697root 11241100x8000000000000000418486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:23.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e4dcab62b023ef2021-12-21 10:45:23.698root 11241100x8000000000000000418487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:23.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5340d27c64d1ee92021-12-21 10:45:23.698root 11241100x8000000000000000418488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:23.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69f4c5eebb3d67c2021-12-21 10:45:23.698root 11241100x8000000000000000418489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:23.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900dd1f1facbb1912021-12-21 10:45:23.698root 11241100x8000000000000000418490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:23.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f3633864a5d713b2021-12-21 10:45:23.698root 11241100x8000000000000000418491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:23.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c784ae919ae8282021-12-21 10:45:23.699root 11241100x8000000000000000418492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:23.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f057734e0e142e732021-12-21 10:45:23.699root 11241100x8000000000000000418493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:24.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b46fba7609038fe2021-12-21 10:45:24.193root 11241100x8000000000000000418494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:24.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6facd9b71aba082a2021-12-21 10:45:24.194root 11241100x8000000000000000418495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:24.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e62d595396c546c02021-12-21 10:45:24.194root 11241100x8000000000000000418496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:24.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43896f0a536077c42021-12-21 10:45:24.195root 11241100x8000000000000000418497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:24.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa4582ac9fe89ab2021-12-21 10:45:24.195root 11241100x8000000000000000418498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:24.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b016463231c2bd2021-12-21 10:45:24.195root 11241100x8000000000000000418499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63249f3f8f7557642021-12-21 10:45:24.196root 11241100x8000000000000000418500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d17dea2a8f0a8a2021-12-21 10:45:24.196root 11241100x8000000000000000418501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e54f048f584df13d2021-12-21 10:45:24.196root 11241100x8000000000000000418502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ad956fcc3fc0562021-12-21 10:45:24.196root 11241100x8000000000000000418503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc13001f528fdc6b2021-12-21 10:45:24.196root 11241100x8000000000000000418504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f010d6f390eee6182021-12-21 10:45:24.196root 11241100x8000000000000000418505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:24.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e6c0fd562d60742021-12-21 10:45:24.196root 11241100x8000000000000000418506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:24.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.778b867ad8b76a9d2021-12-21 10:45:24.197root 11241100x8000000000000000418507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:24.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0877e412736a35222021-12-21 10:45:24.197root 11241100x8000000000000000418508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:24.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba856d276209bcad2021-12-21 10:45:24.197root 11241100x8000000000000000418509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:24.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e7431070ab8ef92021-12-21 10:45:24.197root 11241100x8000000000000000418510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:24.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10e41577473a22372021-12-21 10:45:24.197root 11241100x8000000000000000418511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:24.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19c1d7469ff1245c2021-12-21 10:45:24.197root 11241100x8000000000000000418512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:24.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e71b4c6a1b386612021-12-21 10:45:24.197root 11241100x8000000000000000418513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:24.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1415185ee51bbf2021-12-21 10:45:24.197root 11241100x8000000000000000418514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:24.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.597de9d1798760692021-12-21 10:45:24.197root 11241100x8000000000000000418515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:24.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ffcd615a3031ceb2021-12-21 10:45:24.197root 11241100x8000000000000000418516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:24.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6305b3a7169c8e562021-12-21 10:45:24.197root 11241100x8000000000000000418517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.602be34bfbf1df7a2021-12-21 10:45:24.693root 11241100x8000000000000000418518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5be960d96b36ee92021-12-21 10:45:24.693root 11241100x8000000000000000418519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.751c22a77303d9df2021-12-21 10:45:24.693root 11241100x8000000000000000418520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da7152beb8f4e4b42021-12-21 10:45:24.693root 11241100x8000000000000000418521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9af6a98e900f02412021-12-21 10:45:24.693root 11241100x8000000000000000418522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f3a2a464e83acc2021-12-21 10:45:24.693root 11241100x8000000000000000418523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b19171622af05212021-12-21 10:45:24.693root 11241100x8000000000000000418524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d4ef0dc0810c3322021-12-21 10:45:24.693root 11241100x8000000000000000418525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2799297676d12f122021-12-21 10:45:24.693root 11241100x8000000000000000418526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.707ff7b70b917d2d2021-12-21 10:45:24.693root 11241100x8000000000000000418527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.751f85688dbe4ce52021-12-21 10:45:24.693root 11241100x8000000000000000418528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ff62cfec760760d2021-12-21 10:45:24.693root 11241100x8000000000000000418529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:24.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fadccbc10d6c67ad2021-12-21 10:45:24.693root 11241100x8000000000000000418530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96a322ce0b313f32021-12-21 10:45:24.694root 11241100x8000000000000000418531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4bb472083049ce2021-12-21 10:45:24.694root 11241100x8000000000000000418532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653c4e5dfd3420202021-12-21 10:45:24.694root 11241100x8000000000000000418533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc473944c06b4152021-12-21 10:45:24.694root 11241100x8000000000000000418534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f72ebb3a15d8088d2021-12-21 10:45:24.694root 11241100x8000000000000000418535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9594f646d0c7ccdb2021-12-21 10:45:24.694root 11241100x8000000000000000418536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac0e09f05af97b12021-12-21 10:45:24.694root 11241100x8000000000000000418537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d641b05d09e97f502021-12-21 10:45:24.694root 11241100x8000000000000000418538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9158b4d7cd9288892021-12-21 10:45:24.694root 11241100x8000000000000000418539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64374e14875b74a2021-12-21 10:45:24.694root 11241100x8000000000000000418540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:24.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0414ff2421ece1e12021-12-21 10:45:24.694root 154100x8000000000000000418541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:24.759{ec2b6afe-b044-61c1-e8e6-31b96a550000}9766/bin/ls-----ls --color=auto/home/ubuntuubuntu{ec2b6afe-aacb-61c1-e803-000000000000}10006no level-{ec2b6afe-aacb-61c1-0834-fdd63c560000}5677/bin/bash-bashubuntu 534500x8000000000000000418542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:24.760{ec2b6afe-b044-61c1-e8e6-31b96a550000}9766/bin/lsubuntu 11241100x8000000000000000418543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea4503567c006f5f2021-12-21 10:45:25.193root 11241100x8000000000000000418544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548f46298a4d0ee12021-12-21 10:45:25.193root 11241100x8000000000000000418545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0545b0ec367c4d8f2021-12-21 10:45:25.193root 11241100x8000000000000000418546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba2985c50915fb82021-12-21 10:45:25.193root 11241100x8000000000000000418547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae6583b343e2cbd2021-12-21 10:45:25.193root 11241100x8000000000000000418548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04cbe522ef93378d2021-12-21 10:45:25.193root 11241100x8000000000000000418549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa63d4b8db1093de2021-12-21 10:45:25.193root 11241100x8000000000000000418550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7356618caea276132021-12-21 10:45:25.193root 11241100x8000000000000000418551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17fea4ab45e66bcb2021-12-21 10:45:25.193root 11241100x8000000000000000418552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6832fd68f5e46dba2021-12-21 10:45:25.193root 11241100x8000000000000000418553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aae3f7e4748458882021-12-21 10:45:25.193root 11241100x8000000000000000418554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:25.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7fdd6a99a7be9f12021-12-21 10:45:25.193root 11241100x8000000000000000418555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88445829859aee482021-12-21 10:45:25.194root 11241100x8000000000000000418556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce8ff83d76b8df52021-12-21 10:45:25.194root 11241100x8000000000000000418557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4023d7a1a50951f42021-12-21 10:45:25.194root 11241100x8000000000000000418558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff0d7b0f107ebd82021-12-21 10:45:25.194root 11241100x8000000000000000418559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23407bdc6a0cf5242021-12-21 10:45:25.194root 11241100x8000000000000000418560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.705d1674a773e0062021-12-21 10:45:25.194root 11241100x8000000000000000418561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:25.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.034438cf549a04992021-12-21 10:45:25.194root 11241100x8000000000000000418562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:25.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e020f74778375a3a2021-12-21 10:45:25.195root 11241100x8000000000000000418563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:25.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e430e830a48840162021-12-21 10:45:25.195root 11241100x8000000000000000418564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:25.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f118e9964ad0b7fc2021-12-21 10:45:25.195root 11241100x8000000000000000418565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:25.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55449c037f41998b2021-12-21 10:45:25.195root 11241100x8000000000000000418566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:25.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0313e02055583212021-12-21 10:45:25.195root 11241100x8000000000000000418567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:25.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.995682ffca1926382021-12-21 10:45:25.195root 11241100x8000000000000000418568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e27c112f42fbfb422021-12-21 10:45:25.196root 11241100x8000000000000000418569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82209a1f3b5f771f2021-12-21 10:45:25.196root 11241100x8000000000000000418570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0313bd4058cbc202021-12-21 10:45:25.196root 11241100x8000000000000000418571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:25.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff81e5f1e3189a1d2021-12-21 10:45:25.196root 354300x8000000000000000418572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:25.221{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-34618-false10.0.1.12-8089- 354300x8000000000000000418573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:25.235{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47556-false10.0.1.12-8000- 11241100x8000000000000000418574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5f0734f198ef3dc2021-12-21 10:45:25.693root 11241100x8000000000000000418575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d80bad17a556baa2021-12-21 10:45:25.693root 11241100x8000000000000000418576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ade48228da781e092021-12-21 10:45:25.693root 11241100x8000000000000000418577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10dbdd0bcea269072021-12-21 10:45:25.694root 11241100x8000000000000000418578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7905dd8bf60f4002021-12-21 10:45:25.694root 11241100x8000000000000000418579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4e752ff18d0573c2021-12-21 10:45:25.694root 11241100x8000000000000000418580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89689184a51b14922021-12-21 10:45:25.694root 11241100x8000000000000000418581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f799bfa5aef81cc2021-12-21 10:45:25.694root 11241100x8000000000000000418582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb975bff1fbb3ccc2021-12-21 10:45:25.694root 11241100x8000000000000000418583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1e420bc967a08b82021-12-21 10:45:25.694root 11241100x8000000000000000418584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd308f025077928d2021-12-21 10:45:25.694root 11241100x8000000000000000418585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3579aa4211b8c2ad2021-12-21 10:45:25.694root 11241100x8000000000000000418586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac8771dab9c94af72021-12-21 10:45:25.694root 11241100x8000000000000000418587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ae8756bb4a05bd2021-12-21 10:45:25.694root 11241100x8000000000000000418588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea770ca987e01f472021-12-21 10:45:25.695root 11241100x8000000000000000418589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.397cc459091d07032021-12-21 10:45:25.695root 11241100x8000000000000000418590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c87857fe27e9182021-12-21 10:45:25.695root 11241100x8000000000000000418591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04453043baf1c82e2021-12-21 10:45:25.695root 11241100x8000000000000000418592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e383efdf63f1f92021-12-21 10:45:25.695root 11241100x8000000000000000418593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8a32955b381ad82021-12-21 10:45:25.695root 11241100x8000000000000000418594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a2c6ca45ccb3362021-12-21 10:45:25.695root 11241100x8000000000000000418595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f4eed7bba0b54812021-12-21 10:45:25.695root 11241100x8000000000000000418596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92faa32e5a6199ac2021-12-21 10:45:25.695root 11241100x8000000000000000418597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.321bac2aa0b7ab7e2021-12-21 10:45:25.695root 11241100x8000000000000000418598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c66e38e679f42e12021-12-21 10:45:25.695root 11241100x8000000000000000418599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:25.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c40605590ef71b4d2021-12-21 10:45:25.696root 11241100x8000000000000000418600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:25.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1edd9771268e60b2021-12-21 10:45:25.696root 11241100x8000000000000000418601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:25.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d88f4dbbfa7cb97a2021-12-21 10:45:25.696root 11241100x8000000000000000418602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:26.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.817189ef2311deb62021-12-21 10:45:26.193root 11241100x8000000000000000418603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560e467c49dabe332021-12-21 10:45:26.194root 11241100x8000000000000000418604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c45cc956a5b84532021-12-21 10:45:26.194root 11241100x8000000000000000418605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6558b50003c8dd462021-12-21 10:45:26.194root 11241100x8000000000000000418606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ca32d6b77452882021-12-21 10:45:26.194root 11241100x8000000000000000418607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca9bb05050e69fa2021-12-21 10:45:26.194root 11241100x8000000000000000418608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c95ee249f4c3ecb2021-12-21 10:45:26.194root 11241100x8000000000000000418609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b56621c8242faf2021-12-21 10:45:26.194root 11241100x8000000000000000418610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa8bcbb696e33752021-12-21 10:45:26.194root 11241100x8000000000000000418611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7896860ec5e54a302021-12-21 10:45:26.194root 11241100x8000000000000000418612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d080b0802df27bf2021-12-21 10:45:26.194root 11241100x8000000000000000418613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae077e38cdf6cfc2021-12-21 10:45:26.194root 11241100x8000000000000000418614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b2dbc153f7073172021-12-21 10:45:26.194root 11241100x8000000000000000418615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad146347178641552021-12-21 10:45:26.194root 11241100x8000000000000000418616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95d3b7b361b17cf02021-12-21 10:45:26.195root 11241100x8000000000000000418617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a678c6f1e68d6aac2021-12-21 10:45:26.195root 11241100x8000000000000000418618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e774d4683a06ec12021-12-21 10:45:26.195root 11241100x8000000000000000418619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d6b4948ea339e182021-12-21 10:45:26.195root 11241100x8000000000000000418620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9401543aa0aea9fb2021-12-21 10:45:26.195root 11241100x8000000000000000418621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13bbdd57b75b22a82021-12-21 10:45:26.195root 11241100x8000000000000000418622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a6ce9f2959617f2021-12-21 10:45:26.195root 11241100x8000000000000000418623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f4e2f8cfffd850a2021-12-21 10:45:26.195root 11241100x8000000000000000418624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41969de8d3982c582021-12-21 10:45:26.195root 11241100x8000000000000000418625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b10ebb225fcaa92021-12-21 10:45:26.195root 11241100x8000000000000000418626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c8a83ce0816adb22021-12-21 10:45:26.195root 11241100x8000000000000000418627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649790591f167da42021-12-21 10:45:26.195root 11241100x8000000000000000418628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fb652032ce911ff2021-12-21 10:45:26.195root 11241100x8000000000000000418629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.152199b0f83718cd2021-12-21 10:45:26.196root 11241100x8000000000000000418630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7054d0e57e83a4a52021-12-21 10:45:26.693root 11241100x8000000000000000418631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1cc64c384208a122021-12-21 10:45:26.693root 11241100x8000000000000000418632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e4317a123ce0f352021-12-21 10:45:26.693root 11241100x8000000000000000418633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:26.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c5893fa4b9a25c2021-12-21 10:45:26.693root 11241100x8000000000000000418634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d287bd13556ee22021-12-21 10:45:26.694root 11241100x8000000000000000418635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f825bbf007efcf2021-12-21 10:45:26.694root 11241100x8000000000000000418636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42a11632b98e577c2021-12-21 10:45:26.694root 11241100x8000000000000000418637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1632f1e735e18cc42021-12-21 10:45:26.694root 11241100x8000000000000000418638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf02fef20e7573ec2021-12-21 10:45:26.694root 11241100x8000000000000000418639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e505efe581cba6b82021-12-21 10:45:26.694root 11241100x8000000000000000418640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d41457fec9f5a32021-12-21 10:45:26.694root 11241100x8000000000000000418641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3cea8ed336800f32021-12-21 10:45:26.694root 11241100x8000000000000000418642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96fc60e6f383cf772021-12-21 10:45:26.694root 11241100x8000000000000000418643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7076388e783f29b42021-12-21 10:45:26.694root 11241100x8000000000000000418644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc43e2ee70cb00392021-12-21 10:45:26.695root 11241100x8000000000000000418645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d17116d51435df722021-12-21 10:45:26.695root 11241100x8000000000000000418646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53cab672ca9bb9fd2021-12-21 10:45:26.695root 11241100x8000000000000000418647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8834eb5b1cb47e592021-12-21 10:45:26.695root 11241100x8000000000000000418648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4f47ed609a70042021-12-21 10:45:26.695root 11241100x8000000000000000418649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66a71f17d5e65c952021-12-21 10:45:26.695root 11241100x8000000000000000418650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833226db1394285d2021-12-21 10:45:26.695root 11241100x8000000000000000418651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c1545698ea596d62021-12-21 10:45:26.695root 11241100x8000000000000000418652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcb7f9909d1d07c22021-12-21 10:45:26.695root 11241100x8000000000000000418653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:26.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bbf870aab84c3aa2021-12-21 10:45:26.696root 11241100x8000000000000000418654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:26.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e600638449e3d8922021-12-21 10:45:26.696root 11241100x8000000000000000418655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:26.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ddbc9a98a5c8862021-12-21 10:45:26.696root 11241100x8000000000000000418656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:26.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb68a2ef19d4862c2021-12-21 10:45:26.696root 11241100x8000000000000000418657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:26.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08f7d28e363fff072021-12-21 10:45:26.696root 11241100x8000000000000000418658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a2f17e58f861782021-12-21 10:45:27.193root 11241100x8000000000000000418659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c970a4d0dfb199142021-12-21 10:45:27.193root 11241100x8000000000000000418660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49d34cf8a4d64ddc2021-12-21 10:45:27.193root 11241100x8000000000000000418661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:27.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed828104ad48b8772021-12-21 10:45:27.193root 11241100x8000000000000000418662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd38002c3c4cc1de2021-12-21 10:45:27.194root 11241100x8000000000000000418663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce6f42e085711e72021-12-21 10:45:27.194root 11241100x8000000000000000418664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c80006a5480118f2021-12-21 10:45:27.194root 11241100x8000000000000000418665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c9468fd5b71e0f2021-12-21 10:45:27.194root 11241100x8000000000000000418666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.570f1ab3f47f9d0c2021-12-21 10:45:27.194root 11241100x8000000000000000418667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c43f4035d0d98a2d2021-12-21 10:45:27.194root 11241100x8000000000000000418668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be510e9738f057f2021-12-21 10:45:27.194root 11241100x8000000000000000418669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb721f886677d9402021-12-21 10:45:27.194root 11241100x8000000000000000418670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4b26a5b96ac942b2021-12-21 10:45:27.194root 11241100x8000000000000000418671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f97f36f8b262772021-12-21 10:45:27.194root 11241100x8000000000000000418672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:27.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4770b267c5e34eb2021-12-21 10:45:27.194root 11241100x8000000000000000418673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c26394a3191e9a6c2021-12-21 10:45:27.195root 11241100x8000000000000000418674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49797d71749fe4212021-12-21 10:45:27.195root 11241100x8000000000000000418675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e0352df2a557bf2021-12-21 10:45:27.195root 11241100x8000000000000000418676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f72231b2e89133ff2021-12-21 10:45:27.195root 11241100x8000000000000000418677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90fbdfc37fefbb7b2021-12-21 10:45:27.195root 11241100x8000000000000000418678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eed579d61b5bdb32021-12-21 10:45:27.195root 11241100x8000000000000000418679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.998c67a19cb466d22021-12-21 10:45:27.195root 11241100x8000000000000000418680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ac3556d91db32222021-12-21 10:45:27.195root 11241100x8000000000000000418681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f53e79f7145560592021-12-21 10:45:27.195root 11241100x8000000000000000418682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:27.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.746084115881ed012021-12-21 10:45:27.195root 11241100x8000000000000000418683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:27.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8080c77ba6415b032021-12-21 10:45:27.196root 11241100x8000000000000000418684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:27.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eccbb68c596944a32021-12-21 10:45:27.196root 11241100x8000000000000000418685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:27.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.635190c7f0cae4ad2021-12-21 10:45:27.196root 11241100x8000000000000000418686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.259c74905d10864d2021-12-21 10:45:27.693root 11241100x8000000000000000418687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dcf9a18ac521d392021-12-21 10:45:27.693root 11241100x8000000000000000418688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40f5be18749ef8802021-12-21 10:45:27.693root 11241100x8000000000000000418689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ce68e3f8a921b72021-12-21 10:45:27.693root 11241100x8000000000000000418690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a26ebcb9968dfe132021-12-21 10:45:27.693root 11241100x8000000000000000418691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85a541c3bb5c45512021-12-21 10:45:27.693root 11241100x8000000000000000418692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:27.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd991940e68449bf2021-12-21 10:45:27.693root 11241100x8000000000000000418693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.213565a184e603b82021-12-21 10:45:27.694root 11241100x8000000000000000418694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5d6cb0c4a6c0d5e2021-12-21 10:45:27.694root 11241100x8000000000000000418695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a18b6f43dccf81752021-12-21 10:45:27.694root 11241100x8000000000000000418696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b713d3d298c65ee32021-12-21 10:45:27.694root 11241100x8000000000000000418697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da0a1590730afef52021-12-21 10:45:27.694root 11241100x8000000000000000418698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f0afb7289a30152021-12-21 10:45:27.694root 11241100x8000000000000000418699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd26ac585de23c422021-12-21 10:45:27.694root 11241100x8000000000000000418700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79bd96dca056f9f02021-12-21 10:45:27.694root 11241100x8000000000000000418701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa87d930accc236b2021-12-21 10:45:27.694root 11241100x8000000000000000418702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:27.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eda5486d14121922021-12-21 10:45:27.694root 11241100x8000000000000000418703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bada9fbdf09b4cb2021-12-21 10:45:27.695root 11241100x8000000000000000418704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.367da82f259e06c52021-12-21 10:45:27.695root 11241100x8000000000000000418705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba47b10c248a64412021-12-21 10:45:27.695root 11241100x8000000000000000418706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f31802645c19b95e2021-12-21 10:45:27.695root 11241100x8000000000000000418707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c93271416f0e0482021-12-21 10:45:27.695root 11241100x8000000000000000418708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8228b078fd4019322021-12-21 10:45:27.695root 11241100x8000000000000000418709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.246e98839ded0f9c2021-12-21 10:45:27.695root 11241100x8000000000000000418710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05d0e1b7bf9690182021-12-21 10:45:27.695root 11241100x8000000000000000418711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4c51004cb60cc952021-12-21 10:45:27.695root 11241100x8000000000000000418712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d6300f79b0419232021-12-21 10:45:27.695root 11241100x8000000000000000418713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:27.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eefcd6209ee494b22021-12-21 10:45:27.695root 11241100x8000000000000000418714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fa39f10c1b2bbb42021-12-21 10:45:27.696root 11241100x8000000000000000418715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:27.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39eddb1d97f684e92021-12-21 10:45:27.696root 11241100x8000000000000000418716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748162b691e1ef1c2021-12-21 10:45:28.192root 11241100x8000000000000000418717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b04d72a29304902021-12-21 10:45:28.193root 11241100x8000000000000000418718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10e95151845f8f5d2021-12-21 10:45:28.193root 11241100x8000000000000000418719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b9c9057e68711c2021-12-21 10:45:28.193root 11241100x8000000000000000418720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2f1959302c299e22021-12-21 10:45:28.193root 11241100x8000000000000000418721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee0544a33e346be2021-12-21 10:45:28.193root 11241100x8000000000000000418722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.789759a1bb1fe2012021-12-21 10:45:28.193root 11241100x8000000000000000418723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc7598fcf0d9a5222021-12-21 10:45:28.193root 11241100x8000000000000000418724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9ba50fe5b03e4c2021-12-21 10:45:28.193root 11241100x8000000000000000418725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dbc8fb0e2c859612021-12-21 10:45:28.193root 11241100x8000000000000000418726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.459cd0a60a97f6f72021-12-21 10:45:28.194root 11241100x8000000000000000418727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d10d90e34fe53fc22021-12-21 10:45:28.194root 11241100x8000000000000000418728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d5f08aafb15f662021-12-21 10:45:28.194root 11241100x8000000000000000418729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb4512c6a200cf02021-12-21 10:45:28.194root 11241100x8000000000000000418730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a02e714e9409a7372021-12-21 10:45:28.194root 11241100x8000000000000000418731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.375b2879a29ee9612021-12-21 10:45:28.194root 11241100x8000000000000000418732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea02f8df24843132021-12-21 10:45:28.194root 11241100x8000000000000000418733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b52c91645eac11fd2021-12-21 10:45:28.194root 11241100x8000000000000000418734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b09b8dfab278ba2021-12-21 10:45:28.194root 11241100x8000000000000000418735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c311163ad2a76b2021-12-21 10:45:28.194root 11241100x8000000000000000418736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7440f32a7c310fd2021-12-21 10:45:28.194root 11241100x8000000000000000418737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb474c9346e649592021-12-21 10:45:28.194root 11241100x8000000000000000418738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f4d69bb3fa576762021-12-21 10:45:28.195root 11241100x8000000000000000418739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d705258081c3252021-12-21 10:45:28.195root 11241100x8000000000000000418740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a638ab8170a079c52021-12-21 10:45:28.195root 11241100x8000000000000000418741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5f48a643359627e2021-12-21 10:45:28.195root 11241100x8000000000000000418742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eaf2d1a67e5d28c2021-12-21 10:45:28.195root 11241100x8000000000000000418743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c07f3e911320b82021-12-21 10:45:28.195root 11241100x8000000000000000418744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee0a2f5a58e7433f2021-12-21 10:45:28.195root 11241100x8000000000000000418745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a03d284b2c024c2021-12-21 10:45:28.195root 11241100x8000000000000000418746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e2d7a7e55956062021-12-21 10:45:28.195root 11241100x8000000000000000418747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c31a794b65914212021-12-21 10:45:28.196root 11241100x8000000000000000418748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69abcc24ba5b4af92021-12-21 10:45:28.693root 11241100x8000000000000000418749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.098dcac0188686f72021-12-21 10:45:28.693root 11241100x8000000000000000418750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5305a418a9d0812021-12-21 10:45:28.693root 11241100x8000000000000000418751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c54f565a41be132f2021-12-21 10:45:28.693root 11241100x8000000000000000418752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eea1b2781cef3852021-12-21 10:45:28.693root 11241100x8000000000000000418753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af4d5dbc60dca692021-12-21 10:45:28.693root 11241100x8000000000000000418754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09e40da7e6eb50762021-12-21 10:45:28.694root 11241100x8000000000000000418755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b1c16a8e817b432021-12-21 10:45:28.694root 11241100x8000000000000000418756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea0097a9321f3292021-12-21 10:45:28.694root 11241100x8000000000000000418757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ca32ac4981fa8d2021-12-21 10:45:28.694root 11241100x8000000000000000418758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ac9509ad4e19032021-12-21 10:45:28.694root 11241100x8000000000000000418759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.959f0ca0963fb2492021-12-21 10:45:28.694root 11241100x8000000000000000418760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82bf78df8fbf2ae82021-12-21 10:45:28.694root 11241100x8000000000000000418761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fac02f09e421c0732021-12-21 10:45:28.694root 11241100x8000000000000000418762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.930d2e078c993a9b2021-12-21 10:45:28.694root 11241100x8000000000000000418763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e38f4b7048c11f2021-12-21 10:45:28.694root 11241100x8000000000000000418764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d905cd29cfcb5fa42021-12-21 10:45:28.694root 11241100x8000000000000000418765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dcf968855e8fcbd2021-12-21 10:45:28.695root 11241100x8000000000000000418766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f51ea07867d0392021-12-21 10:45:28.695root 11241100x8000000000000000418767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b607558bd115ca52021-12-21 10:45:28.695root 11241100x8000000000000000418768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cd6fbb90fa58f302021-12-21 10:45:28.695root 11241100x8000000000000000418769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b59d3524e005ae2b2021-12-21 10:45:28.695root 11241100x8000000000000000418770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b451a681ad0e74152021-12-21 10:45:28.695root 11241100x8000000000000000418771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d773e33d6088592021-12-21 10:45:28.695root 11241100x8000000000000000418772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db8d1eddc751ce72021-12-21 10:45:28.695root 11241100x8000000000000000418773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f597cfbbc63451102021-12-21 10:45:28.695root 11241100x8000000000000000418774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab6fca48ab5211c12021-12-21 10:45:28.695root 11241100x8000000000000000418775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f0e755b124a0dd52021-12-21 10:45:28.695root 11241100x8000000000000000418776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63c5d607eed862f82021-12-21 10:45:28.696root 11241100x8000000000000000418777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20da935b155b34362021-12-21 10:45:28.696root 11241100x8000000000000000418778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f6f0acddd55d14b2021-12-21 10:45:28.696root 11241100x8000000000000000418779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:28.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.421cfb70a2082d482021-12-21 10:45:28.696root 11241100x8000000000000000418780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab68caa87e02c7272021-12-21 10:45:29.193root 11241100x8000000000000000418781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d47c72f02f2acbd2021-12-21 10:45:29.193root 11241100x8000000000000000418782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.568d1a2a037d899b2021-12-21 10:45:29.193root 11241100x8000000000000000418783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e7f4a57723282a72021-12-21 10:45:29.193root 11241100x8000000000000000418784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49d9ccd5e66b54522021-12-21 10:45:29.193root 11241100x8000000000000000418785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db82575c6a39e6062021-12-21 10:45:29.193root 11241100x8000000000000000418786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:29.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30d00cd48b4eb8a72021-12-21 10:45:29.193root 11241100x8000000000000000418787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.679c8bb66bb2d2e72021-12-21 10:45:29.194root 11241100x8000000000000000418788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac07efc4851237c2021-12-21 10:45:29.194root 11241100x8000000000000000418789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a102a9d68b55c092021-12-21 10:45:29.194root 11241100x8000000000000000418790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.688c83e3a8e7bc7c2021-12-21 10:45:29.194root 11241100x8000000000000000418791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7cfbf49b027b6de2021-12-21 10:45:29.194root 11241100x8000000000000000418792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53f32fee1801652d2021-12-21 10:45:29.194root 11241100x8000000000000000418793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4e394b2cfffa9c2021-12-21 10:45:29.194root 11241100x8000000000000000418794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dfb16ef5f2b9c712021-12-21 10:45:29.194root 11241100x8000000000000000418795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2197c7fc569c30222021-12-21 10:45:29.194root 11241100x8000000000000000418796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:29.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbcb4d81c26e6fa72021-12-21 10:45:29.194root 11241100x8000000000000000418797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b08850e8f3ef0f22021-12-21 10:45:29.195root 11241100x8000000000000000418798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.426da7855f71503e2021-12-21 10:45:29.195root 11241100x8000000000000000418799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9881774f842ce9b02021-12-21 10:45:29.195root 11241100x8000000000000000418800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca1b2ca91d479552021-12-21 10:45:29.195root 11241100x8000000000000000418801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da029cb1e9895ee12021-12-21 10:45:29.195root 11241100x8000000000000000418802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b648931b74e7f222021-12-21 10:45:29.195root 11241100x8000000000000000418803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f05275db6e796c072021-12-21 10:45:29.195root 11241100x8000000000000000418804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c3ce729ccd650e2021-12-21 10:45:29.195root 11241100x8000000000000000418805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:29.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dccafacc49ab3e942021-12-21 10:45:29.195root 11241100x8000000000000000418806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:29.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f563eca280b5692021-12-21 10:45:29.196root 11241100x8000000000000000418807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:29.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dc9d20439b0e50d2021-12-21 10:45:29.196root 11241100x8000000000000000418808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:29.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aab5993fa9d63302021-12-21 10:45:29.196root 11241100x8000000000000000418809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:29.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf60f31c032bd8f2021-12-21 10:45:29.693root 11241100x8000000000000000418810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a54b64eb205b59342021-12-21 10:45:29.694root 11241100x8000000000000000418811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddbb8a8f71e39b4e2021-12-21 10:45:29.694root 11241100x8000000000000000418812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8543fb319479d6752021-12-21 10:45:29.694root 11241100x8000000000000000418813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0023aff5843ccbe2021-12-21 10:45:29.694root 11241100x8000000000000000418814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e7d071ed83abd922021-12-21 10:45:29.694root 11241100x8000000000000000418815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d51000ab4fde4fa2021-12-21 10:45:29.694root 11241100x8000000000000000418816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031a5b91da053f5f2021-12-21 10:45:29.694root 11241100x8000000000000000418817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38219420fda9d5402021-12-21 10:45:29.694root 11241100x8000000000000000418818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:29.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e255855e711dfbf2021-12-21 10:45:29.694root 11241100x8000000000000000418819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5efa110ae04797d2021-12-21 10:45:29.695root 11241100x8000000000000000418820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32d0758f4c415612021-12-21 10:45:29.695root 11241100x8000000000000000418821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7500c929a45bca242021-12-21 10:45:29.695root 11241100x8000000000000000418822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4001685a4dfcf43b2021-12-21 10:45:29.695root 11241100x8000000000000000418823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a71ad451900fcea52021-12-21 10:45:29.695root 11241100x8000000000000000418824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45bc670d99a542ca2021-12-21 10:45:29.695root 11241100x8000000000000000418825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cdbf7ecf44fac6c2021-12-21 10:45:29.695root 11241100x8000000000000000418826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b23624fdb0dfd4952021-12-21 10:45:29.695root 11241100x8000000000000000418827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:29.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ab355dd6fa94662021-12-21 10:45:29.695root 11241100x8000000000000000418828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:29.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.347aedf49b1a3f492021-12-21 10:45:29.696root 11241100x8000000000000000418829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:29.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44bca2c82185b6762021-12-21 10:45:29.696root 11241100x8000000000000000418830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:29.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef75bc25465cc29e2021-12-21 10:45:29.696root 11241100x8000000000000000418831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:29.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb4366bb80a21732021-12-21 10:45:29.696root 11241100x8000000000000000418832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:29.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09dc8d8436b4e4b72021-12-21 10:45:29.696root 11241100x8000000000000000418833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:29.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.664a955d110ae95a2021-12-21 10:45:29.696root 11241100x8000000000000000418834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:29.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e9fbebc625602dc2021-12-21 10:45:29.696root 11241100x8000000000000000418835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:29.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.043ec0578a09f8ec2021-12-21 10:45:29.696root 11241100x8000000000000000418836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:29.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f3e12a1c6a39102021-12-21 10:45:29.696root 11241100x8000000000000000418837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f28c860eec558512021-12-21 10:45:30.193root 11241100x8000000000000000418838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c780cfefa06e3f52021-12-21 10:45:30.193root 11241100x8000000000000000418839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebe82e9cfa6c19492021-12-21 10:45:30.193root 11241100x8000000000000000418840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:30.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca2e5533d99bce52021-12-21 10:45:30.193root 11241100x8000000000000000418841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58980e5b995bbfa02021-12-21 10:45:30.194root 11241100x8000000000000000418842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da039637e7edf93c2021-12-21 10:45:30.194root 11241100x8000000000000000418843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe8b052214bdbe72021-12-21 10:45:30.194root 11241100x8000000000000000418844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d1b4e45b7e401e2021-12-21 10:45:30.194root 11241100x8000000000000000418845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9eb8f0f6f2bee32021-12-21 10:45:30.194root 11241100x8000000000000000418846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e7f2ea1f592d372021-12-21 10:45:30.194root 11241100x8000000000000000418847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b7a749c5764cca2021-12-21 10:45:30.194root 11241100x8000000000000000418848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:30.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d739012b4167462021-12-21 10:45:30.194root 11241100x8000000000000000418849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:30.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42346c82ef839ff62021-12-21 10:45:30.195root 11241100x8000000000000000418850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:30.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c800f8d418619f2021-12-21 10:45:30.195root 11241100x8000000000000000418851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:30.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93a7b94789e596e82021-12-21 10:45:30.195root 11241100x8000000000000000418852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:30.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be2ad05a9c029aaa2021-12-21 10:45:30.195root 11241100x8000000000000000418853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:30.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca123fb804dac832021-12-21 10:45:30.195root 11241100x8000000000000000418854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:30.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c9a33e76a0f0f32021-12-21 10:45:30.195root 11241100x8000000000000000418855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:30.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db184a7fca6f20672021-12-21 10:45:30.195root 11241100x8000000000000000418856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:30.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08db3d0d2226d9ef2021-12-21 10:45:30.195root 11241100x8000000000000000418857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:30.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd1d388f393d84502021-12-21 10:45:30.195root 11241100x8000000000000000418858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:30.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81c18c204cdedd442021-12-21 10:45:30.195root 11241100x8000000000000000418859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:30.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903df65b3d7b33f82021-12-21 10:45:30.196root 11241100x8000000000000000418860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:30.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.194a13e91fa8ffa32021-12-21 10:45:30.196root 11241100x8000000000000000418861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:30.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce0881370432707a2021-12-21 10:45:30.196root 11241100x8000000000000000418862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:30.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a539ecee1e2e37062021-12-21 10:45:30.196root 11241100x8000000000000000418863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:30.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb022711ba717322021-12-21 10:45:30.196root 11241100x8000000000000000418864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:30.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb74b4b5e85fb352021-12-21 10:45:30.196root 11241100x8000000000000000418865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b035a55ef6bc483d2021-12-21 10:45:30.693root 11241100x8000000000000000418866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e31e4d4e11d916e92021-12-21 10:45:30.693root 11241100x8000000000000000418867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.119c538ff83beb262021-12-21 10:45:30.693root 11241100x8000000000000000418868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:30.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c5f8ee1abda4a3e2021-12-21 10:45:30.693root 11241100x8000000000000000418869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f208aabea2f1f892021-12-21 10:45:30.694root 11241100x8000000000000000418870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aba4ccce56f27ab2021-12-21 10:45:30.694root 11241100x8000000000000000418871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c2eb914006062fd2021-12-21 10:45:30.694root 11241100x8000000000000000418872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76424dad509848cf2021-12-21 10:45:30.694root 11241100x8000000000000000418873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba901775534b0a12021-12-21 10:45:30.694root 11241100x8000000000000000418874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc2deeced0719162021-12-21 10:45:30.694root 11241100x8000000000000000418875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ea592a082da7792021-12-21 10:45:30.694root 11241100x8000000000000000418876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec45dd5b02d169a2021-12-21 10:45:30.694root 11241100x8000000000000000418877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c8e886a9eba8542021-12-21 10:45:30.694root 11241100x8000000000000000418878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:30.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eca9bc9df7c70aa2021-12-21 10:45:30.694root 11241100x8000000000000000418879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb6887e76e4f0ca82021-12-21 10:45:30.695root 11241100x8000000000000000418880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4709574c872901a62021-12-21 10:45:30.695root 11241100x8000000000000000418881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881fab2e2f9374d12021-12-21 10:45:30.695root 11241100x8000000000000000418882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9441b37da47d0b432021-12-21 10:45:30.695root 11241100x8000000000000000418883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c079a8fc1cd8281b2021-12-21 10:45:30.695root 11241100x8000000000000000418884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61f44dc229d54e212021-12-21 10:45:30.695root 11241100x8000000000000000418885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62197cd3dce696d52021-12-21 10:45:30.695root 11241100x8000000000000000418886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:30.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2178afe98ea79efa2021-12-21 10:45:30.695root 11241100x8000000000000000418887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36fddc4d98ff8da02021-12-21 10:45:30.696root 11241100x8000000000000000418888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.317baa814bb62c1b2021-12-21 10:45:30.696root 11241100x8000000000000000418889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e7832ec55876832021-12-21 10:45:30.696root 11241100x8000000000000000418890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0313dfe198ec59fe2021-12-21 10:45:30.696root 11241100x8000000000000000418891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c04aafd5cf34322021-12-21 10:45:30.696root 11241100x8000000000000000418892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:30.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca9331784230ee12021-12-21 10:45:30.696root 354300x8000000000000000418893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.020{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47558-false10.0.1.12-8000- 11241100x8000000000000000418894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.021{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c497bf1130b31d7a2021-12-21 10:45:31.021root 11241100x8000000000000000418895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.021{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba735245ffd299122021-12-21 10:45:31.021root 11241100x8000000000000000418896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.021{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ef66ff4572a01b2021-12-21 10:45:31.021root 11241100x8000000000000000418897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.021{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d64f4a26bef77fe62021-12-21 10:45:31.021root 11241100x8000000000000000418898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.021{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7229279fdaa6cd262021-12-21 10:45:31.021root 11241100x8000000000000000418899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.021{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05c3c7a9af7c6e9d2021-12-21 10:45:31.021root 11241100x8000000000000000418900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.021{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dc8a1e46ded41a12021-12-21 10:45:31.021root 11241100x8000000000000000418901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.021{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b10c34d716915c52021-12-21 10:45:31.021root 11241100x8000000000000000418902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.022{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b84ef33d1308552021-12-21 10:45:31.022root 11241100x8000000000000000418903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.022{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b16e1f2be6273f2021-12-21 10:45:31.022root 11241100x8000000000000000418904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.022{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4fc7f88ed6323572021-12-21 10:45:31.022root 11241100x8000000000000000418905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.022{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24243324017c3df62021-12-21 10:45:31.022root 11241100x8000000000000000418906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.022{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.749bf9475735b4882021-12-21 10:45:31.022root 11241100x8000000000000000418907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.022{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dc9040a00b424dd2021-12-21 10:45:31.022root 11241100x8000000000000000418908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.022{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53a200a23757f9802021-12-21 10:45:31.022root 11241100x8000000000000000418909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.022{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2fcd0f70a3adf452021-12-21 10:45:31.022root 11241100x8000000000000000418910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.022{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13eb0103bb76f1812021-12-21 10:45:31.022root 11241100x8000000000000000418911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.023{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d9fcd8170b82032021-12-21 10:45:31.023root 11241100x8000000000000000418912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.023{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae6f3fdddf2dfacf2021-12-21 10:45:31.023root 11241100x8000000000000000418913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.023{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.197f3e0bd3edd3c52021-12-21 10:45:31.023root 11241100x8000000000000000418914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.023{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d229cbe881bc806d2021-12-21 10:45:31.023root 11241100x8000000000000000418915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.023{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b62f7c8438313c0f2021-12-21 10:45:31.023root 11241100x8000000000000000418916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.023{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8162cc2d93b17e042021-12-21 10:45:31.023root 11241100x8000000000000000418917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.023{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b80af8f8ebccaffa2021-12-21 10:45:31.023root 11241100x8000000000000000418918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.023{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baefbff367e8f1712021-12-21 10:45:31.023root 11241100x8000000000000000418919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.023{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64921a442db835402021-12-21 10:45:31.023root 11241100x8000000000000000418920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.024{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57cb428f10a64fb72021-12-21 10:45:31.024root 11241100x8000000000000000418921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.024{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01dc01aac38c80d62021-12-21 10:45:31.024root 11241100x8000000000000000418922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.024{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6982f19ef0525b9a2021-12-21 10:45:31.024root 11241100x8000000000000000418923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.024{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.592b2be6864079652021-12-21 10:45:31.024root 11241100x8000000000000000418924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.024{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4439d1b82c636d42021-12-21 10:45:31.024root 11241100x8000000000000000418925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.024{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf951a34a8c3e0ac2021-12-21 10:45:31.024root 11241100x8000000000000000418926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.024{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ea8c865f2a932a2021-12-21 10:45:31.024root 11241100x8000000000000000418927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.024{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d35bbe74da2bd5692021-12-21 10:45:31.024root 11241100x8000000000000000418928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.024{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.459289527b1b1eed2021-12-21 10:45:31.024root 11241100x8000000000000000418929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.024{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92932780a31ae9c52021-12-21 10:45:31.024root 11241100x8000000000000000418930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.024{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1010ee044bebbb6e2021-12-21 10:45:31.024root 11241100x8000000000000000418931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.025{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfaa988fd945884a2021-12-21 10:45:31.025root 11241100x8000000000000000418932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.025{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f794a4efd1d4c99e2021-12-21 10:45:31.025root 11241100x8000000000000000418933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.025{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68db4432ff2d5d862021-12-21 10:45:31.025root 11241100x8000000000000000418934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.025{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9646562c81823452021-12-21 10:45:31.025root 11241100x8000000000000000418935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0de5604e635f5a92021-12-21 10:45:31.443root 11241100x8000000000000000418936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b325908113119aea2021-12-21 10:45:31.443root 11241100x8000000000000000418937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7969ec251dc88fb42021-12-21 10:45:31.443root 11241100x8000000000000000418938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d259bdd39327233e2021-12-21 10:45:31.444root 11241100x8000000000000000418939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1efde43046c6f3ee2021-12-21 10:45:31.444root 11241100x8000000000000000418940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8900487d834503a92021-12-21 10:45:31.444root 11241100x8000000000000000418941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d0671a7169db4e62021-12-21 10:45:31.444root 11241100x8000000000000000418942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb9affb56b170e522021-12-21 10:45:31.445root 11241100x8000000000000000418943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cc4a486d48355272021-12-21 10:45:31.445root 11241100x8000000000000000418944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa394a0b4a4f170b2021-12-21 10:45:31.445root 11241100x8000000000000000418945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf1c29c378937d22021-12-21 10:45:31.445root 11241100x8000000000000000418946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c8458f779814a02021-12-21 10:45:31.445root 11241100x8000000000000000418947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.869040688d30e7ac2021-12-21 10:45:31.446root 11241100x8000000000000000418948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a69489cd9d451802021-12-21 10:45:31.446root 11241100x8000000000000000418949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c04174869f2ec70b2021-12-21 10:45:31.446root 11241100x8000000000000000418950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf8a4ced6f5ef432021-12-21 10:45:31.446root 11241100x8000000000000000418951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.153f4761b10ce7d02021-12-21 10:45:31.446root 11241100x8000000000000000418952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac18b3fc60355e6a2021-12-21 10:45:31.446root 11241100x8000000000000000418953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c98dd6fec254e972021-12-21 10:45:31.446root 11241100x8000000000000000418954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f574897555eb2cfc2021-12-21 10:45:31.446root 11241100x8000000000000000418955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.511deae337cfc5bd2021-12-21 10:45:31.446root 11241100x8000000000000000418956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cef4d67e7e8ebec2021-12-21 10:45:31.447root 11241100x8000000000000000418957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ac789718da4f7b92021-12-21 10:45:31.447root 11241100x8000000000000000418958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46528b922b88964b2021-12-21 10:45:31.447root 11241100x8000000000000000418959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc1ae4288286381a2021-12-21 10:45:31.447root 11241100x8000000000000000418960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c0a5f8dda4c7ff82021-12-21 10:45:31.447root 11241100x8000000000000000418961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8feeeb8b13cd5f2a2021-12-21 10:45:31.448root 11241100x8000000000000000418962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b56b0b539f511b2021-12-21 10:45:31.448root 11241100x8000000000000000418963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3587428d049c82252021-12-21 10:45:31.448root 11241100x8000000000000000418964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b7a8f650ae2ebe2021-12-21 10:45:31.943root 11241100x8000000000000000418965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eba820fbbcbf07c32021-12-21 10:45:31.943root 11241100x8000000000000000418966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2df8912426180f2021-12-21 10:45:31.943root 11241100x8000000000000000418967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bffb01a6e24ee02f2021-12-21 10:45:31.943root 11241100x8000000000000000418968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677990fb5ff410fe2021-12-21 10:45:31.944root 11241100x8000000000000000418969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd6f0aa7d56f6a742021-12-21 10:45:31.944root 11241100x8000000000000000418970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18c7d353ccca0062021-12-21 10:45:31.944root 11241100x8000000000000000418971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e28de1b25a65059c2021-12-21 10:45:31.945root 11241100x8000000000000000418972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.424e383a86f859ff2021-12-21 10:45:31.945root 11241100x8000000000000000418973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.426271e95739db1b2021-12-21 10:45:31.945root 11241100x8000000000000000418974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7098d35ea35a79ce2021-12-21 10:45:31.945root 11241100x8000000000000000418975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63857ae9d1be014f2021-12-21 10:45:31.945root 11241100x8000000000000000418976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad541eb1e6a6b3b2021-12-21 10:45:31.945root 11241100x8000000000000000418977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08eaea4c04d4bc182021-12-21 10:45:31.945root 11241100x8000000000000000418978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55d3dc70d95353a2021-12-21 10:45:31.945root 11241100x8000000000000000418979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.797f72d920dc92de2021-12-21 10:45:31.945root 11241100x8000000000000000418980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42087fa61b7d857f2021-12-21 10:45:31.945root 11241100x8000000000000000418981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6453ed665e9047c2021-12-21 10:45:31.945root 11241100x8000000000000000418982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b943277505bda55a2021-12-21 10:45:31.946root 11241100x8000000000000000418983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5c89460c6f378a82021-12-21 10:45:31.946root 11241100x8000000000000000418984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8954ee201150842021-12-21 10:45:31.946root 11241100x8000000000000000418985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d388f3708e00d66b2021-12-21 10:45:31.946root 11241100x8000000000000000418986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0637f3be8badb512021-12-21 10:45:31.946root 11241100x8000000000000000418987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a63365b970625e432021-12-21 10:45:31.946root 11241100x8000000000000000418988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d25fcf5b8a51fad72021-12-21 10:45:31.946root 11241100x8000000000000000418989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d342158bc0e2723b2021-12-21 10:45:31.946root 11241100x8000000000000000418990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.499be64c9659242a2021-12-21 10:45:31.946root 11241100x8000000000000000418991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.337278dbd08b55d22021-12-21 10:45:31.946root 11241100x8000000000000000418992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.630e05c1a3bb9f652021-12-21 10:45:31.946root 11241100x8000000000000000418993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a47679121a386abc2021-12-21 10:45:32.443root 11241100x8000000000000000418994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee3229f437f326b82021-12-21 10:45:32.443root 11241100x8000000000000000418995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ede7baea5920692021-12-21 10:45:32.443root 11241100x8000000000000000418996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.840cea2e18b65bad2021-12-21 10:45:32.444root 11241100x8000000000000000418997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70cbabe589b48e402021-12-21 10:45:32.444root 11241100x8000000000000000418998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2173f4832a1804512021-12-21 10:45:32.444root 11241100x8000000000000000418999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07cad76235b993bc2021-12-21 10:45:32.444root 11241100x8000000000000000419000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c3e160a5b6e02ba2021-12-21 10:45:32.444root 11241100x8000000000000000419001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff3a984edf0be07d2021-12-21 10:45:32.444root 11241100x8000000000000000419002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaf5a60bcc42fe612021-12-21 10:45:32.444root 11241100x8000000000000000419003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b913f5d92ce1884f2021-12-21 10:45:32.444root 11241100x8000000000000000419004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e54ae74e5023612021-12-21 10:45:32.444root 11241100x8000000000000000419005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14448b93eed5d6472021-12-21 10:45:32.444root 11241100x8000000000000000419006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb67e0cacd4aaaf2021-12-21 10:45:32.444root 11241100x8000000000000000419007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c1eebc7cc998352021-12-21 10:45:32.445root 11241100x8000000000000000419008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc3a6cb0b6924102021-12-21 10:45:32.445root 11241100x8000000000000000419009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.647f648bc458f5ef2021-12-21 10:45:32.445root 11241100x8000000000000000419010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95ac7f2926fa43bb2021-12-21 10:45:32.445root 11241100x8000000000000000419011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb4e19059f0386c2021-12-21 10:45:32.445root 11241100x8000000000000000419012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fcf6aaff02725772021-12-21 10:45:32.445root 11241100x8000000000000000419013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1010afa08e223bc2021-12-21 10:45:32.445root 11241100x8000000000000000419014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bf06d8f865985722021-12-21 10:45:32.445root 11241100x8000000000000000419015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88edc9d0554d5ff82021-12-21 10:45:32.445root 11241100x8000000000000000419016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e1cdc1805268f02021-12-21 10:45:32.445root 11241100x8000000000000000419017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07b2422220bab5e92021-12-21 10:45:32.445root 11241100x8000000000000000419018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:32.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ac846361e59ec52021-12-21 10:45:32.446root 11241100x8000000000000000419019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:32.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c29bab95b4ad5db2021-12-21 10:45:32.446root 11241100x8000000000000000419020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:32.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f500e7ff5893b85f2021-12-21 10:45:32.446root 11241100x8000000000000000419021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:32.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb156e0c525d08b2021-12-21 10:45:32.446root 11241100x8000000000000000419022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7711344c013ff0b2021-12-21 10:45:32.943root 11241100x8000000000000000419023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f236cc2d496712842021-12-21 10:45:32.943root 11241100x8000000000000000419024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fdd5b4f6784ed1c2021-12-21 10:45:32.943root 11241100x8000000000000000419025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f65fda87887d7602021-12-21 10:45:32.943root 11241100x8000000000000000419026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2278da64fa511a132021-12-21 10:45:32.943root 11241100x8000000000000000419027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed1a0f6d6bc24242021-12-21 10:45:32.943root 11241100x8000000000000000419028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9075d46643cd082021-12-21 10:45:32.943root 11241100x8000000000000000419029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e61ee2b34ded7d2021-12-21 10:45:32.943root 11241100x8000000000000000419030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9318c8a262337c0f2021-12-21 10:45:32.943root 11241100x8000000000000000419031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2a1eaceefcc56e2021-12-21 10:45:32.943root 11241100x8000000000000000419032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d352fad138241c2021-12-21 10:45:32.943root 11241100x8000000000000000419033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.271bd944f52e849c2021-12-21 10:45:32.943root 11241100x8000000000000000419034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4df568e26d27e2d2021-12-21 10:45:32.944root 11241100x8000000000000000419035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f730430959a769a82021-12-21 10:45:32.944root 11241100x8000000000000000419036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581837522fa4ecaf2021-12-21 10:45:32.944root 11241100x8000000000000000419037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87acf0bc71efe8b42021-12-21 10:45:32.944root 11241100x8000000000000000419038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2907cb01395ed1642021-12-21 10:45:32.944root 11241100x8000000000000000419039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136972f5137ce3a62021-12-21 10:45:32.944root 11241100x8000000000000000419040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3722e696511e3d192021-12-21 10:45:32.944root 11241100x8000000000000000419041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.210c2566d268de2d2021-12-21 10:45:32.944root 11241100x8000000000000000419042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d003b8f49afb61d2021-12-21 10:45:32.944root 11241100x8000000000000000419043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82f264c64ab04f392021-12-21 10:45:32.944root 11241100x8000000000000000419044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9684e625e0f1db02021-12-21 10:45:32.944root 11241100x8000000000000000419045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce77e6d994c647392021-12-21 10:45:32.944root 11241100x8000000000000000419046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d76ab5a8f09169e82021-12-21 10:45:32.944root 11241100x8000000000000000419047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e18d6d02f440dd2021-12-21 10:45:32.944root 11241100x8000000000000000419048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df386cb637138efc2021-12-21 10:45:32.944root 11241100x8000000000000000419049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be57cec47bf58a112021-12-21 10:45:32.944root 11241100x8000000000000000419050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5045f9ca4bacc232021-12-21 10:45:32.945root 11241100x8000000000000000419051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57efbb07a572d4062021-12-21 10:45:33.443root 11241100x8000000000000000419052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0c4042c63177db22021-12-21 10:45:33.443root 11241100x8000000000000000419053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.413c8502892d711d2021-12-21 10:45:33.443root 11241100x8000000000000000419054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9adce7eaa69075072021-12-21 10:45:33.443root 11241100x8000000000000000419055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b1a8b4a55c437372021-12-21 10:45:33.444root 11241100x8000000000000000419056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f16bbe6b7b58d7012021-12-21 10:45:33.444root 11241100x8000000000000000419057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.497109e0cb1edb892021-12-21 10:45:33.444root 11241100x8000000000000000419058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195678b7950116292021-12-21 10:45:33.444root 11241100x8000000000000000419059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18214d3f38e600652021-12-21 10:45:33.444root 11241100x8000000000000000419060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.840962c3598770762021-12-21 10:45:33.444root 11241100x8000000000000000419061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.806f25cdbc6c30e92021-12-21 10:45:33.444root 11241100x8000000000000000419062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.650e89277532b6142021-12-21 10:45:33.444root 11241100x8000000000000000419063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a280d6ab4c1eb8762021-12-21 10:45:33.444root 11241100x8000000000000000419064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4015768d1e435092021-12-21 10:45:33.444root 11241100x8000000000000000419065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c297efdc4ee15b2021-12-21 10:45:33.444root 11241100x8000000000000000419066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea9236cd4da206762021-12-21 10:45:33.444root 11241100x8000000000000000419067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5425470983c3cb002021-12-21 10:45:33.444root 11241100x8000000000000000419068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaafa0d2eb1d679f2021-12-21 10:45:33.445root 11241100x8000000000000000419069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec382b2e5e3266c52021-12-21 10:45:33.445root 11241100x8000000000000000419070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f4d8876fe4a3bba2021-12-21 10:45:33.445root 11241100x8000000000000000419071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7329f320fd59bc2b2021-12-21 10:45:33.445root 11241100x8000000000000000419072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115fa650d08ad74a2021-12-21 10:45:33.445root 11241100x8000000000000000419073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a0858ba29481be52021-12-21 10:45:33.445root 11241100x8000000000000000419074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b72b4f826f57702021-12-21 10:45:33.445root 11241100x8000000000000000419075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.550135d0e48f84572021-12-21 10:45:33.445root 11241100x8000000000000000419076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52c8419510f5cc222021-12-21 10:45:33.445root 11241100x8000000000000000419077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd480872fdc9eb52021-12-21 10:45:33.445root 11241100x8000000000000000419078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3ccf9a13068478a2021-12-21 10:45:33.446root 11241100x8000000000000000419079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd279bdf21df9fc02021-12-21 10:45:33.446root 11241100x8000000000000000419080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5099340f1a054422021-12-21 10:45:33.943root 11241100x8000000000000000419081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fd4c8b53c546d4b2021-12-21 10:45:33.943root 11241100x8000000000000000419082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.231320e37f5ab53f2021-12-21 10:45:33.943root 11241100x8000000000000000419083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d194902858d2609e2021-12-21 10:45:33.943root 11241100x8000000000000000419084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e106895b336f502021-12-21 10:45:33.943root 11241100x8000000000000000419085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c55e20b7ef49512021-12-21 10:45:33.943root 11241100x8000000000000000419086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac33958f9a85b8992021-12-21 10:45:33.943root 11241100x8000000000000000419087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ac73c5981e56c3e2021-12-21 10:45:33.943root 11241100x8000000000000000419088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e51a940e33ace3b92021-12-21 10:45:33.943root 11241100x8000000000000000419089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c649af61083a0e5c2021-12-21 10:45:33.943root 11241100x8000000000000000419090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c40cab32bd71d02021-12-21 10:45:33.944root 11241100x8000000000000000419091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4aee37990a66e0b2021-12-21 10:45:33.944root 11241100x8000000000000000419092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.776587d34ce7ed272021-12-21 10:45:33.944root 11241100x8000000000000000419093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d3b7f999815ce622021-12-21 10:45:33.944root 11241100x8000000000000000419094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ffc3d1adedcedd62021-12-21 10:45:33.944root 11241100x8000000000000000419095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9cf24e6ff173c462021-12-21 10:45:33.944root 11241100x8000000000000000419096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0712514fb66f1ffa2021-12-21 10:45:33.944root 11241100x8000000000000000419097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed788b34349c9e402021-12-21 10:45:33.944root 11241100x8000000000000000419098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f32a6db466e6252021-12-21 10:45:33.944root 11241100x8000000000000000419099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2146dd5aa6e696542021-12-21 10:45:33.945root 11241100x8000000000000000419100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6237e3d0380ef6a82021-12-21 10:45:33.945root 11241100x8000000000000000419101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a120d22c305cce452021-12-21 10:45:33.945root 11241100x8000000000000000419102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a77349e714ae22c92021-12-21 10:45:33.945root 11241100x8000000000000000419103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e9b809c53016002021-12-21 10:45:33.945root 11241100x8000000000000000419104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f113235fd312c82021-12-21 10:45:33.945root 11241100x8000000000000000419105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55232d890d71eb3d2021-12-21 10:45:33.945root 11241100x8000000000000000419106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a2e4b53583ce642021-12-21 10:45:33.945root 11241100x8000000000000000419107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.204e648c0ff919ff2021-12-21 10:45:33.945root 11241100x8000000000000000419108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ddd7cfc83037b662021-12-21 10:45:33.945root 11241100x8000000000000000419109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e140fc38593dedbc2021-12-21 10:45:33.945root 11241100x8000000000000000419110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f048863389cf7cb2021-12-21 10:45:33.945root 11241100x8000000000000000419111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d67c9b70d6a03aa2021-12-21 10:45:33.945root 11241100x8000000000000000419112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af2215cb85593b262021-12-21 10:45:33.945root 11241100x8000000000000000419113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ceaf4c41dd3c5c2021-12-21 10:45:33.946root 11241100x8000000000000000419114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c923358f43f41492021-12-21 10:45:33.946root 11241100x8000000000000000419115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86da05405394a7df2021-12-21 10:45:33.946root 11241100x8000000000000000419116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc1d29b0f5fcfdb32021-12-21 10:45:33.946root 154100x8000000000000000419117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.327{ec2b6afe-b04e-61c1-68d4-5fc484550000}9767/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 11241100x8000000000000000419118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c38f96daf7b78dd2021-12-21 10:45:34.328root 11241100x8000000000000000419119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83055deff30ed8f02021-12-21 10:45:34.329root 11241100x8000000000000000419120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7739e62ef08834062021-12-21 10:45:34.329root 11241100x8000000000000000419121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85038a9a75c6a8642021-12-21 10:45:34.329root 11241100x8000000000000000419122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6fbfd9d390aa57e2021-12-21 10:45:34.329root 11241100x8000000000000000419123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b51f321fb02c80612021-12-21 10:45:34.329root 11241100x8000000000000000419124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7db91406ddb8fc2021-12-21 10:45:34.329root 11241100x8000000000000000419125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bea2258f3fe4c912021-12-21 10:45:34.329root 11241100x8000000000000000419126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52cc753ae8c92a252021-12-21 10:45:34.329root 11241100x8000000000000000419127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.972150ef87b3b8282021-12-21 10:45:34.329root 11241100x8000000000000000419128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d6c481a13b678ea2021-12-21 10:45:34.329root 11241100x8000000000000000419129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc143c13370903302021-12-21 10:45:34.330root 11241100x8000000000000000419130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a60ec9b364280352021-12-21 10:45:34.330root 11241100x8000000000000000419131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ccf5baab7215fd22021-12-21 10:45:34.330root 11241100x8000000000000000419132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e15e27969faa871b2021-12-21 10:45:34.330root 11241100x8000000000000000419133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f611cc31dbe0e52021-12-21 10:45:34.330root 11241100x8000000000000000419134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2db855889624cd92021-12-21 10:45:34.330root 11241100x8000000000000000419135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d154087edf4a7cb2021-12-21 10:45:34.330root 11241100x8000000000000000419136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d59ecd271b597ff2021-12-21 10:45:34.330root 11241100x8000000000000000419137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b0ff50ddb666642021-12-21 10:45:34.330root 11241100x8000000000000000419138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e33f2365581bb99b2021-12-21 10:45:34.331root 11241100x8000000000000000419139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea5da76a555afb12021-12-21 10:45:34.331root 11241100x8000000000000000419140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f83cfe70b67369ee2021-12-21 10:45:34.331root 11241100x8000000000000000419141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f16a40cea828a72021-12-21 10:45:34.332root 11241100x8000000000000000419142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e63754864f7a8b2021-12-21 10:45:34.332root 11241100x8000000000000000419143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15829692537acb1a2021-12-21 10:45:34.332root 11241100x8000000000000000419144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b05eb0e6fe2c9a8c2021-12-21 10:45:34.332root 11241100x8000000000000000419145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c5716a655b1126d2021-12-21 10:45:34.332root 11241100x8000000000000000419146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.488598b90c12ab3f2021-12-21 10:45:34.332root 11241100x8000000000000000419147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36abd6f1ce370d1d2021-12-21 10:45:34.332root 11241100x8000000000000000419148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.358838c58b7ec3ac2021-12-21 10:45:34.332root 11241100x8000000000000000419149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0337bd58ccb64a1b2021-12-21 10:45:34.332root 11241100x8000000000000000419150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.333{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e68935a7780db9602021-12-21 10:45:34.333root 11241100x8000000000000000419151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.333{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17727191dc41c3612021-12-21 10:45:34.333root 11241100x8000000000000000419152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.333{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93a2ebb16ffed6b12021-12-21 10:45:34.333root 11241100x8000000000000000419153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.333{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e659489987eaf22021-12-21 10:45:34.333root 11241100x8000000000000000419154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.333{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f8fe3b47a223a202021-12-21 10:45:34.333root 11241100x8000000000000000419155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.333{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04eadc5940e0f86f2021-12-21 10:45:34.333root 11241100x8000000000000000419156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.333{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec22f69b6ed9fec2021-12-21 10:45:34.333root 11241100x8000000000000000419157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.333{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7beb2bbfbe136bfa2021-12-21 10:45:34.333root 11241100x8000000000000000419158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.333{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.402fb47e827983f42021-12-21 10:45:34.333root 11241100x8000000000000000419159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.334{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.571afddf843e65502021-12-21 10:45:34.334root 11241100x8000000000000000419160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.334{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa42cb4cd03358832021-12-21 10:45:34.334root 11241100x8000000000000000419161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.334{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b137a89c9e9617a82021-12-21 10:45:34.334root 11241100x8000000000000000419162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.334{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e7ac3a8b7900b7a2021-12-21 10:45:34.334root 11241100x8000000000000000419163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.334{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c7cc5974c141df2021-12-21 10:45:34.334root 11241100x8000000000000000419164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.334{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf37e3f895a245df2021-12-21 10:45:34.334root 11241100x8000000000000000419165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.335{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e71b78718723e1892021-12-21 10:45:34.335root 11241100x8000000000000000419166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.335{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f2d414499674ff2021-12-21 10:45:34.335root 11241100x8000000000000000419167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.335{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe212ae6409f637c2021-12-21 10:45:34.335root 11241100x8000000000000000419168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.335{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be3810d6a00c23dd2021-12-21 10:45:34.335root 534500x8000000000000000419169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.342{ec2b6afe-b04e-61c1-68d4-5fc484550000}9767/bin/psroot 11241100x8000000000000000419170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4094f9e4431689c2021-12-21 10:45:34.693root 11241100x8000000000000000419171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.864c5bd03ad1e0162021-12-21 10:45:34.693root 11241100x8000000000000000419172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b64c72ea339edec22021-12-21 10:45:34.693root 11241100x8000000000000000419173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a956a1389e447c12021-12-21 10:45:34.693root 11241100x8000000000000000419174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ddacb1ac3acfe612021-12-21 10:45:34.693root 11241100x8000000000000000419175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a928e2f9f638502021-12-21 10:45:34.693root 11241100x8000000000000000419176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db69402fd9a419fe2021-12-21 10:45:34.693root 11241100x8000000000000000419177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6508add19fd391f2021-12-21 10:45:34.693root 11241100x8000000000000000419178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23b51a2cb99bc6f2021-12-21 10:45:34.694root 11241100x8000000000000000419179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b40bdc255930a5b2021-12-21 10:45:34.694root 11241100x8000000000000000419180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f09ff814f9163b2021-12-21 10:45:34.694root 11241100x8000000000000000419181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a310360266adcaf2021-12-21 10:45:34.694root 11241100x8000000000000000419182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdcf2e67001f22d32021-12-21 10:45:34.694root 11241100x8000000000000000419183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c193fee55540c5d2021-12-21 10:45:34.694root 11241100x8000000000000000419184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89df210e2e0289df2021-12-21 10:45:34.694root 11241100x8000000000000000419185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa916d465bb72192021-12-21 10:45:34.694root 11241100x8000000000000000419186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecf6a1bcd7841dcf2021-12-21 10:45:34.694root 11241100x8000000000000000419187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f7a1d550aa43612021-12-21 10:45:34.694root 11241100x8000000000000000419188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.384b8589572a7f6e2021-12-21 10:45:34.695root 11241100x8000000000000000419189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e70cf776aef588362021-12-21 10:45:34.695root 11241100x8000000000000000419190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e85106843bc7982021-12-21 10:45:34.695root 11241100x8000000000000000419191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24ee0b34107280322021-12-21 10:45:34.695root 11241100x8000000000000000419192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.043490c18f33ba302021-12-21 10:45:34.695root 11241100x8000000000000000419193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4947a8f62cb697662021-12-21 10:45:34.695root 11241100x8000000000000000419194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89ff2c5e7f8b499a2021-12-21 10:45:34.695root 11241100x8000000000000000419195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25dff419b3265cc12021-12-21 10:45:34.695root 11241100x8000000000000000419196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b84abbe66d9ca2152021-12-21 10:45:34.696root 11241100x8000000000000000419197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff751394ac3105cb2021-12-21 10:45:34.696root 11241100x8000000000000000419198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d284749f282ae1f72021-12-21 10:45:34.696root 11241100x8000000000000000419199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.582dd9b5239596462021-12-21 10:45:34.696root 11241100x8000000000000000419200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e9181d804bbb0c32021-12-21 10:45:34.696root 11241100x8000000000000000419201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce1b341925bcaba2021-12-21 10:45:34.697root 11241100x8000000000000000419202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a83a6424594739482021-12-21 10:45:34.697root 11241100x8000000000000000419203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c009e562152fc24c2021-12-21 10:45:34.697root 11241100x8000000000000000419204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfcaed264b7bfae62021-12-21 10:45:34.697root 11241100x8000000000000000419205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75eda86e16807fe62021-12-21 10:45:34.697root 11241100x8000000000000000419206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08f638d21b0b2392021-12-21 10:45:34.698root 11241100x8000000000000000419207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:34.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff951ba3372ee7832021-12-21 10:45:34.698root 11241100x8000000000000000419208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13990f6f93d1ae962021-12-21 10:45:35.193root 11241100x8000000000000000419209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf43a9d2df6060612021-12-21 10:45:35.194root 11241100x8000000000000000419210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.558c618d47b7f4642021-12-21 10:45:35.194root 11241100x8000000000000000419211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84cc888a0f9f23e42021-12-21 10:45:35.194root 11241100x8000000000000000419212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f654dca708ec02e72021-12-21 10:45:35.194root 11241100x8000000000000000419213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bdbe5e9efc8d8042021-12-21 10:45:35.194root 11241100x8000000000000000419214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e20e97cad1eda52021-12-21 10:45:35.194root 11241100x8000000000000000419215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d06fe7e9853e36092021-12-21 10:45:35.194root 11241100x8000000000000000419216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f99b665c38ed7f42021-12-21 10:45:35.194root 11241100x8000000000000000419217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2592fda37f2d7c2021-12-21 10:45:35.194root 11241100x8000000000000000419218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e42b3c4483023592021-12-21 10:45:35.195root 11241100x8000000000000000419219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.093f7dadb22fb3082021-12-21 10:45:35.195root 11241100x8000000000000000419220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc3874bd4db80f32021-12-21 10:45:35.195root 11241100x8000000000000000419221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d96fe957b3df452021-12-21 10:45:35.195root 11241100x8000000000000000419222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.792985d98d4815ea2021-12-21 10:45:35.195root 11241100x8000000000000000419223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf709d1a6c56c672021-12-21 10:45:35.195root 11241100x8000000000000000419224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08a207f7cf80b2932021-12-21 10:45:35.195root 11241100x8000000000000000419225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.000c6a15b28e101d2021-12-21 10:45:35.195root 11241100x8000000000000000419226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0a733a62a3ab752021-12-21 10:45:35.196root 11241100x8000000000000000419227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28066aa575178542021-12-21 10:45:35.196root 11241100x8000000000000000419228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f70640024b65eb2021-12-21 10:45:35.196root 11241100x8000000000000000419229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac2166351ed74692021-12-21 10:45:35.196root 11241100x8000000000000000419230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb0fd398668d8f12021-12-21 10:45:35.196root 11241100x8000000000000000419231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95010857ed14a4ea2021-12-21 10:45:35.196root 11241100x8000000000000000419232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e6797739a063d72021-12-21 10:45:35.196root 11241100x8000000000000000419233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.841ebab51833074a2021-12-21 10:45:35.196root 11241100x8000000000000000419234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9384444d260a1eaf2021-12-21 10:45:35.196root 11241100x8000000000000000419235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.045f03f83710a8142021-12-21 10:45:35.196root 11241100x8000000000000000419236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3293b803209b2c0a2021-12-21 10:45:35.196root 11241100x8000000000000000419237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.434a3f5691cc0af32021-12-21 10:45:35.197root 11241100x8000000000000000419238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd0e37593932b20c2021-12-21 10:45:35.197root 11241100x8000000000000000419239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458f7e10eb335c202021-12-21 10:45:35.693root 11241100x8000000000000000419240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58fea064516a93842021-12-21 10:45:35.693root 11241100x8000000000000000419241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb399a62d9cb3a0d2021-12-21 10:45:35.693root 11241100x8000000000000000419242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1ae421729e463a42021-12-21 10:45:35.693root 11241100x8000000000000000419243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a63d2a5e4a509c2021-12-21 10:45:35.693root 11241100x8000000000000000419244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca6d0dd3cc436242021-12-21 10:45:35.694root 11241100x8000000000000000419245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83923d05a010597b2021-12-21 10:45:35.694root 11241100x8000000000000000419246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aadf6c127d4e63d2021-12-21 10:45:35.694root 11241100x8000000000000000419247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41f022167163035d2021-12-21 10:45:35.694root 11241100x8000000000000000419248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.039226a2d8b0a8d32021-12-21 10:45:35.694root 11241100x8000000000000000419249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.179a9d6c805f30db2021-12-21 10:45:35.694root 11241100x8000000000000000419250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2000dc50dedc0bd22021-12-21 10:45:35.694root 11241100x8000000000000000419251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf9d11d2799504e2021-12-21 10:45:35.694root 11241100x8000000000000000419252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f8bb474cca9069f2021-12-21 10:45:35.694root 11241100x8000000000000000419253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31754961487786672021-12-21 10:45:35.694root 11241100x8000000000000000419254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e60ea02ee97ff202021-12-21 10:45:35.694root 11241100x8000000000000000419255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ea4a8be7cf2a1f2021-12-21 10:45:35.694root 11241100x8000000000000000419256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c31a34aa13d3bcf2021-12-21 10:45:35.694root 11241100x8000000000000000419257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac852e13cbd63542021-12-21 10:45:35.695root 11241100x8000000000000000419258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adf1dfa3de8fbd4a2021-12-21 10:45:35.695root 11241100x8000000000000000419259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b0f4a22c46578d92021-12-21 10:45:35.695root 11241100x8000000000000000419260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0719da3d5abdf3d2021-12-21 10:45:35.695root 11241100x8000000000000000419261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.784a13884b1af40a2021-12-21 10:45:35.695root 11241100x8000000000000000419262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68eef6dbede2341c2021-12-21 10:45:35.695root 11241100x8000000000000000419263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e067b0612ef34522021-12-21 10:45:35.695root 11241100x8000000000000000419264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f452792d240fd2082021-12-21 10:45:35.695root 11241100x8000000000000000419265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b622fa2bea51302021-12-21 10:45:35.695root 11241100x8000000000000000419266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601e04419880ae372021-12-21 10:45:35.695root 11241100x8000000000000000419267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e68f948ffd5634f32021-12-21 10:45:35.696root 11241100x8000000000000000419268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d6b820516c735fd2021-12-21 10:45:35.696root 11241100x8000000000000000419269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a397d4d79a51ed382021-12-21 10:45:35.696root 11241100x8000000000000000419270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad1d14b732ac88dd2021-12-21 10:45:36.193root 11241100x8000000000000000419271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3846a99eb4ac30652021-12-21 10:45:36.193root 11241100x8000000000000000419272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267772826be5e5552021-12-21 10:45:36.193root 11241100x8000000000000000419273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30834e155d17beff2021-12-21 10:45:36.194root 11241100x8000000000000000419274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d11b485508539252021-12-21 10:45:36.194root 11241100x8000000000000000419275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e6366f27245fab2021-12-21 10:45:36.194root 11241100x8000000000000000419276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ab0b067c34083352021-12-21 10:45:36.194root 11241100x8000000000000000419277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e159d934db28362021-12-21 10:45:36.194root 11241100x8000000000000000419278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b39fa692a526188d2021-12-21 10:45:36.194root 11241100x8000000000000000419279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1e48ca1bfafc13c2021-12-21 10:45:36.194root 11241100x8000000000000000419280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c428ee9a8758bdf2021-12-21 10:45:36.194root 11241100x8000000000000000419281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ad2123c8f7189a2021-12-21 10:45:36.195root 11241100x8000000000000000419282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4947921bf9a1a302021-12-21 10:45:36.195root 11241100x8000000000000000419283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.077007c3533144dd2021-12-21 10:45:36.195root 11241100x8000000000000000419284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca99fc6736763b12021-12-21 10:45:36.195root 11241100x8000000000000000419285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86fa8e92236cbb502021-12-21 10:45:36.195root 11241100x8000000000000000419286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f82523210941b02021-12-21 10:45:36.195root 11241100x8000000000000000419287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5851c9a1d01fbcd62021-12-21 10:45:36.195root 11241100x8000000000000000419288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325dc803f2feff532021-12-21 10:45:36.195root 11241100x8000000000000000419289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b71b8daaee7a8272021-12-21 10:45:36.195root 11241100x8000000000000000419290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42cfca7ee2674eca2021-12-21 10:45:36.196root 11241100x8000000000000000419291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91877c2b164edee82021-12-21 10:45:36.196root 11241100x8000000000000000419292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c210e78ca0de07b2021-12-21 10:45:36.196root 11241100x8000000000000000419293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f52896a1efe312ee2021-12-21 10:45:36.196root 11241100x8000000000000000419294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc5c611431cf7ac2021-12-21 10:45:36.196root 11241100x8000000000000000419295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d3bddc212323eb2021-12-21 10:45:36.196root 11241100x8000000000000000419296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6072b643cce980032021-12-21 10:45:36.196root 11241100x8000000000000000419297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f10e55fafd826e92021-12-21 10:45:36.196root 11241100x8000000000000000419298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf9a7cebdb162032021-12-21 10:45:36.196root 11241100x8000000000000000419299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55515e7a6a6b45ec2021-12-21 10:45:36.196root 11241100x8000000000000000419300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edec6330a64291a52021-12-21 10:45:36.197root 354300x8000000000000000419301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.211{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47560-false10.0.1.12-8000- 11241100x8000000000000000419302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.343{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 10:45:36.343root 11241100x8000000000000000419303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.255e0c664bddcf602021-12-21 10:45:36.693root 11241100x8000000000000000419304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7358be82c4a45ab82021-12-21 10:45:36.693root 11241100x8000000000000000419305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3b7efe4c5cfeb062021-12-21 10:45:36.693root 11241100x8000000000000000419306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.567372189d23cb322021-12-21 10:45:36.693root 11241100x8000000000000000419307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1efc52ef9d2bc7002021-12-21 10:45:36.693root 11241100x8000000000000000419308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595d62d6d918d2e52021-12-21 10:45:36.693root 11241100x8000000000000000419309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a9a8d0fe230f03e2021-12-21 10:45:36.693root 11241100x8000000000000000419310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7600a0f5ee56b6912021-12-21 10:45:36.693root 11241100x8000000000000000419311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce874aa85b435552021-12-21 10:45:36.693root 11241100x8000000000000000419312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c40fa97d7edcd5382021-12-21 10:45:36.693root 11241100x8000000000000000419313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9609af98f4b3f8fe2021-12-21 10:45:36.694root 11241100x8000000000000000419314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.461cd1fcf3a627452021-12-21 10:45:36.694root 11241100x8000000000000000419315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0865e10b54da273c2021-12-21 10:45:36.694root 11241100x8000000000000000419316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af8d85fdd5cfdbb2021-12-21 10:45:36.694root 11241100x8000000000000000419317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c9ee0ed1d94d6e42021-12-21 10:45:36.694root 11241100x8000000000000000419318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe8ae9fc91f42162021-12-21 10:45:36.694root 11241100x8000000000000000419319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.925b9c47a769385c2021-12-21 10:45:36.694root 11241100x8000000000000000419320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9adb142a0236e7f62021-12-21 10:45:36.694root 11241100x8000000000000000419321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62f5293db1d1dcbc2021-12-21 10:45:36.694root 11241100x8000000000000000419322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddb12805bf9574722021-12-21 10:45:36.694root 11241100x8000000000000000419323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8722ad26c02299af2021-12-21 10:45:36.695root 11241100x8000000000000000419324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f02fb6a6d2e3e6142021-12-21 10:45:36.695root 11241100x8000000000000000419325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290fb087560d1ac02021-12-21 10:45:36.695root 11241100x8000000000000000419326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e869aedbe780bb2021-12-21 10:45:36.695root 11241100x8000000000000000419327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa96f60a30a77de2021-12-21 10:45:36.695root 11241100x8000000000000000419328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe7ba479ac7569f12021-12-21 10:45:36.695root 11241100x8000000000000000419329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad6412b1f7434e72021-12-21 10:45:36.695root 11241100x8000000000000000419330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e38aac910016a022021-12-21 10:45:36.695root 11241100x8000000000000000419331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eed57a8d2b59bc12021-12-21 10:45:36.695root 11241100x8000000000000000419332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5bf73d9a943106d2021-12-21 10:45:36.695root 11241100x8000000000000000419333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90132cccffe4e9522021-12-21 10:45:36.695root 11241100x8000000000000000419334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a4a20f6d5d7aa432021-12-21 10:45:36.696root 11241100x8000000000000000419335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9679dc6e26bab722021-12-21 10:45:36.696root 11241100x8000000000000000419336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd79fdf577a42c042021-12-21 10:45:36.696root 11241100x8000000000000000419337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb31e9a6c7e396412021-12-21 10:45:36.699root 11241100x8000000000000000419338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:36.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8da6eee902e72b22021-12-21 10:45:36.699root 11241100x8000000000000000419339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.815b9b1a64b92afa2021-12-21 10:45:37.193root 11241100x8000000000000000419340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e183d8ae3e69c0ce2021-12-21 10:45:37.194root 11241100x8000000000000000419341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.448f97abfccf66372021-12-21 10:45:37.194root 11241100x8000000000000000419342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f5cf45777aa80a2021-12-21 10:45:37.194root 11241100x8000000000000000419343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ac8438fe1965ce2021-12-21 10:45:37.195root 11241100x8000000000000000419344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d63c863408004642021-12-21 10:45:37.195root 11241100x8000000000000000419345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc456f98852c8972021-12-21 10:45:37.195root 11241100x8000000000000000419346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eea13fb9c84d20f2021-12-21 10:45:37.195root 11241100x8000000000000000419347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ae3f54de0f75ad72021-12-21 10:45:37.195root 11241100x8000000000000000419348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab4cb84d7f8ca89d2021-12-21 10:45:37.196root 11241100x8000000000000000419349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.211d5740e65b933a2021-12-21 10:45:37.196root 11241100x8000000000000000419350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4a103dda1ac7fe2021-12-21 10:45:37.196root 11241100x8000000000000000419351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ea0c6db2063ca82021-12-21 10:45:37.196root 11241100x8000000000000000419352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45940063da7da78c2021-12-21 10:45:37.196root 11241100x8000000000000000419353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08fd3cf70279b8432021-12-21 10:45:37.196root 11241100x8000000000000000419354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ebc6a5f4fcc613d2021-12-21 10:45:37.196root 11241100x8000000000000000419355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f9b7f64230bb1892021-12-21 10:45:37.196root 11241100x8000000000000000419356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73434bd2d0262fb22021-12-21 10:45:37.197root 11241100x8000000000000000419357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4b4838655c1fd592021-12-21 10:45:37.197root 11241100x8000000000000000419358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac402a5e602181682021-12-21 10:45:37.197root 11241100x8000000000000000419359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d21411eebe93a832021-12-21 10:45:37.197root 11241100x8000000000000000419360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.119f5e636a0e48e52021-12-21 10:45:37.197root 11241100x8000000000000000419361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37d7ffea23d9e6102021-12-21 10:45:37.197root 11241100x8000000000000000419362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e41c5f9356fffd62021-12-21 10:45:37.197root 11241100x8000000000000000419363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e4cb6c85cf19d02021-12-21 10:45:37.197root 11241100x8000000000000000419364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ba0e4be020c66552021-12-21 10:45:37.198root 11241100x8000000000000000419365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6783d0e18a5d4392021-12-21 10:45:37.198root 11241100x8000000000000000419366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff438b38a623d6af2021-12-21 10:45:37.198root 11241100x8000000000000000419367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17e35f832e211c112021-12-21 10:45:37.198root 11241100x8000000000000000419368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f2f17472538d1422021-12-21 10:45:37.198root 11241100x8000000000000000419369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.273ff901abc490852021-12-21 10:45:37.198root 11241100x8000000000000000419370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc3e258c444a38f2021-12-21 10:45:37.198root 11241100x8000000000000000419371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c63f60001a312a82021-12-21 10:45:37.199root 11241100x8000000000000000419372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a57305e05609db2021-12-21 10:45:37.693root 11241100x8000000000000000419373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ecd8b08c6e4c612021-12-21 10:45:37.693root 11241100x8000000000000000419374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e83561d642a5332021-12-21 10:45:37.693root 11241100x8000000000000000419375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a5e20f2b129850c2021-12-21 10:45:37.693root 11241100x8000000000000000419376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2450e643c710e4182021-12-21 10:45:37.693root 11241100x8000000000000000419377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb3411d257c1a0a12021-12-21 10:45:37.694root 11241100x8000000000000000419378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7988ad74386232142021-12-21 10:45:37.694root 11241100x8000000000000000419379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbd604c68c3c03712021-12-21 10:45:37.694root 11241100x8000000000000000419380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec9da4e5faa9b732021-12-21 10:45:37.694root 11241100x8000000000000000419381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.886f562cb4586b5c2021-12-21 10:45:37.694root 11241100x8000000000000000419382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f568d0ebc62bef2021-12-21 10:45:37.694root 11241100x8000000000000000419383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f29f29062b45ffcb2021-12-21 10:45:37.694root 11241100x8000000000000000419384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb7720de33cea062021-12-21 10:45:37.695root 11241100x8000000000000000419385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eff86d37da70553a2021-12-21 10:45:37.695root 11241100x8000000000000000419386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbdd83fc294325762021-12-21 10:45:37.695root 11241100x8000000000000000419387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc4f7f5765ab30d2021-12-21 10:45:37.695root 11241100x8000000000000000419388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24f607e33ad132192021-12-21 10:45:37.695root 11241100x8000000000000000419389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.578e98ed4cc2105d2021-12-21 10:45:37.696root 11241100x8000000000000000419390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64dbfa4cea08facd2021-12-21 10:45:37.696root 11241100x8000000000000000419391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe2a977a9c4808e2021-12-21 10:45:37.696root 11241100x8000000000000000419392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.487d4303df1925252021-12-21 10:45:37.696root 11241100x8000000000000000419393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d62da73f348cf9b72021-12-21 10:45:37.696root 11241100x8000000000000000419394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4edb0035ae216b92021-12-21 10:45:37.696root 11241100x8000000000000000419395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb56e99f6303ed582021-12-21 10:45:37.696root 11241100x8000000000000000419396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.171d5115123660992021-12-21 10:45:37.696root 11241100x8000000000000000419397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d137a310f25324612021-12-21 10:45:37.696root 11241100x8000000000000000419398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.261bd88b90ec0a542021-12-21 10:45:37.697root 11241100x8000000000000000419399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fcb3990780732842021-12-21 10:45:37.697root 11241100x8000000000000000419400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63d6cbaaf0c159912021-12-21 10:45:37.697root 11241100x8000000000000000419401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4462b4183ddeae302021-12-21 10:45:37.697root 11241100x8000000000000000419402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ef4280e00c2d6b2021-12-21 10:45:37.697root 11241100x8000000000000000419403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f18ec967a6f6e312021-12-21 10:45:37.697root 11241100x8000000000000000419404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe6c14351ee57c4f2021-12-21 10:45:37.697root 11241100x8000000000000000419405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40a132d4c5d817a02021-12-21 10:45:37.698root 11241100x8000000000000000419406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28248db366a1b9c22021-12-21 10:45:37.698root 11241100x8000000000000000419407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b74e074703422cfa2021-12-21 10:45:37.698root 11241100x8000000000000000419408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:37.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d7a933358b194b2021-12-21 10:45:37.698root 11241100x8000000000000000419409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368c0edad3d2c2702021-12-21 10:45:38.193root 11241100x8000000000000000419410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28772f92cdbe6c5a2021-12-21 10:45:38.193root 11241100x8000000000000000419411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.977b8e4e5741aef22021-12-21 10:45:38.193root 11241100x8000000000000000419412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.724d6b42cb2309fb2021-12-21 10:45:38.193root 11241100x8000000000000000419413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98d035b039d5bd3c2021-12-21 10:45:38.193root 11241100x8000000000000000419414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d12579c79156e0d2021-12-21 10:45:38.193root 11241100x8000000000000000419415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f5875fb3c5d1cd2021-12-21 10:45:38.193root 11241100x8000000000000000419416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f5075883b9570c92021-12-21 10:45:38.193root 11241100x8000000000000000419417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.716936ec2b8b16ab2021-12-21 10:45:38.194root 11241100x8000000000000000419418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17b88c79304332982021-12-21 10:45:38.194root 11241100x8000000000000000419419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.affb39d0e87bce942021-12-21 10:45:38.194root 11241100x8000000000000000419420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a8f9616879abdc2021-12-21 10:45:38.194root 11241100x8000000000000000419421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1410e79dfc85cf5c2021-12-21 10:45:38.194root 11241100x8000000000000000419422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7aaeb5e4bf90c0c2021-12-21 10:45:38.194root 11241100x8000000000000000419423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c9d4e0423e465d2021-12-21 10:45:38.195root 11241100x8000000000000000419424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef909a9cdef427972021-12-21 10:45:38.195root 11241100x8000000000000000419425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4415fa34de1023a2021-12-21 10:45:38.195root 11241100x8000000000000000419426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13cbf74f72dc57922021-12-21 10:45:38.195root 11241100x8000000000000000419427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf25d4078115a3312021-12-21 10:45:38.195root 11241100x8000000000000000419428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35afc07e9162c3d82021-12-21 10:45:38.195root 11241100x8000000000000000419429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6096de9d5bf5cd2021-12-21 10:45:38.195root 11241100x8000000000000000419430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7990ea862c76cbf52021-12-21 10:45:38.195root 11241100x8000000000000000419431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b64a014a2f23f3492021-12-21 10:45:38.195root 11241100x8000000000000000419432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dc522666dfa7d442021-12-21 10:45:38.196root 11241100x8000000000000000419433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f32e36a719a71fcd2021-12-21 10:45:38.196root 11241100x8000000000000000419434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9306ecfbe240feb72021-12-21 10:45:38.196root 11241100x8000000000000000419435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccf60f7df89861962021-12-21 10:45:38.196root 11241100x8000000000000000419436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c399330ace7387b92021-12-21 10:45:38.196root 11241100x8000000000000000419437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa91bff203bcf0a2021-12-21 10:45:38.196root 11241100x8000000000000000419438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e539def1e003c0452021-12-21 10:45:38.196root 11241100x8000000000000000419439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53fa2f793c6b4ba92021-12-21 10:45:38.196root 11241100x8000000000000000419440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cde84c59047b7652021-12-21 10:45:38.196root 11241100x8000000000000000419441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac46f3e245f9bf52021-12-21 10:45:38.196root 11241100x8000000000000000419442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0598324eae5db2be2021-12-21 10:45:38.196root 11241100x8000000000000000419443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fef7c4d8f6a5d5f72021-12-21 10:45:38.196root 11241100x8000000000000000419444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe90f4c1d04b8972021-12-21 10:45:38.196root 11241100x8000000000000000419445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59280e4c5d793ac02021-12-21 10:45:38.196root 11241100x8000000000000000419446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.109be9aaf5e314ef2021-12-21 10:45:38.196root 11241100x8000000000000000419447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60feeded4eb562d82021-12-21 10:45:38.197root 11241100x8000000000000000419448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d3d136e33d4cc7f2021-12-21 10:45:38.197root 11241100x8000000000000000419449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb675f69d6f55a82021-12-21 10:45:38.197root 11241100x8000000000000000419450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9a1ca22dd02c9d2021-12-21 10:45:38.197root 11241100x8000000000000000419451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb1aeadb7985ba12021-12-21 10:45:38.198root 11241100x8000000000000000419452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2187ca00ded8e88c2021-12-21 10:45:38.198root 11241100x8000000000000000419453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ecd636ee259ed22021-12-21 10:45:38.198root 11241100x8000000000000000419454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b3ec91a50d6d90b2021-12-21 10:45:38.198root 11241100x8000000000000000419455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52d8b758a46ad03c2021-12-21 10:45:38.199root 11241100x8000000000000000419456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd047d83d0312182021-12-21 10:45:38.693root 11241100x8000000000000000419457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a466a23d2efcdf22021-12-21 10:45:38.693root 11241100x8000000000000000419458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bacae08b3785d6b2021-12-21 10:45:38.693root 11241100x8000000000000000419459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fffd63d31ed3b4282021-12-21 10:45:38.693root 11241100x8000000000000000419460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d45653c87e56cd782021-12-21 10:45:38.693root 11241100x8000000000000000419461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d258b17ac420622021-12-21 10:45:38.693root 11241100x8000000000000000419462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e88a2154d835002021-12-21 10:45:38.693root 11241100x8000000000000000419463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b243f97f6c0ea6e2021-12-21 10:45:38.693root 11241100x8000000000000000419464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1779354948d77ba72021-12-21 10:45:38.694root 11241100x8000000000000000419465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba170bc9fbfb5e52021-12-21 10:45:38.694root 11241100x8000000000000000419466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b9802d5a51f4ab2021-12-21 10:45:38.694root 11241100x8000000000000000419467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2388839cd6e154b32021-12-21 10:45:38.694root 11241100x8000000000000000419468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.448073714bd6e5762021-12-21 10:45:38.694root 11241100x8000000000000000419469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b812c5575c848b22021-12-21 10:45:38.694root 11241100x8000000000000000419470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc0d794dc674be42021-12-21 10:45:38.695root 11241100x8000000000000000419471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e519172f1a6d7e332021-12-21 10:45:38.695root 11241100x8000000000000000419472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e67c8f46a1302582021-12-21 10:45:38.695root 11241100x8000000000000000419473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc4de00de4027d92021-12-21 10:45:38.695root 11241100x8000000000000000419474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0944b0b69400f1c2021-12-21 10:45:38.695root 11241100x8000000000000000419475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11db3a5d318ae8502021-12-21 10:45:38.696root 11241100x8000000000000000419476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.558ed2016c68ffec2021-12-21 10:45:38.696root 11241100x8000000000000000419477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0acc7526f25526e12021-12-21 10:45:38.696root 11241100x8000000000000000419478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f26d0bcc97ce92c32021-12-21 10:45:38.696root 11241100x8000000000000000419479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1c8fce64013cd572021-12-21 10:45:38.696root 11241100x8000000000000000419480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0229a7eec2714dd2021-12-21 10:45:38.696root 11241100x8000000000000000419481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c98f092759756f62021-12-21 10:45:38.696root 11241100x8000000000000000419482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35bb476784206cd32021-12-21 10:45:38.696root 11241100x8000000000000000419483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e77dcfaf8017efad2021-12-21 10:45:38.696root 11241100x8000000000000000419484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7e4d1c90d16afa32021-12-21 10:45:38.696root 11241100x8000000000000000419485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c3aa1c0c16d7f512021-12-21 10:45:38.697root 11241100x8000000000000000419486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b87e6d8178be69d2021-12-21 10:45:38.697root 11241100x8000000000000000419487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47c695406bcfc1132021-12-21 10:45:38.697root 11241100x8000000000000000419488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f88cbbf2f4a0bc22021-12-21 10:45:38.697root 11241100x8000000000000000419489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f1e239bc0f42ece2021-12-21 10:45:38.697root 11241100x8000000000000000419490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f025ac9b8931e1d52021-12-21 10:45:38.697root 11241100x8000000000000000419491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.524894bf24bb89be2021-12-21 10:45:38.697root 11241100x8000000000000000419492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a96780871b99a172021-12-21 10:45:38.697root 11241100x8000000000000000419493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a6e037ca90369922021-12-21 10:45:38.698root 11241100x8000000000000000419494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fefbeb78a46d2c72021-12-21 10:45:38.698root 11241100x8000000000000000419495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c8306c94ddba4e72021-12-21 10:45:38.698root 11241100x8000000000000000419496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8ca91b58520b6232021-12-21 10:45:38.698root 11241100x8000000000000000419497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a094c011ec29ff2f2021-12-21 10:45:38.698root 11241100x8000000000000000419498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104dfc282133b9322021-12-21 10:45:38.699root 11241100x8000000000000000419499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b652ed90327b1bcc2021-12-21 10:45:38.699root 11241100x8000000000000000419500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.753b9e808b9edbf52021-12-21 10:45:38.699root 11241100x8000000000000000419501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c89a3162bdf75cc52021-12-21 10:45:38.699root 11241100x8000000000000000419502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.557722b1dc0b4f5e2021-12-21 10:45:38.699root 11241100x8000000000000000419503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c1e46d2d873b8212021-12-21 10:45:38.699root 11241100x8000000000000000419504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cee4e27d463a5842021-12-21 10:45:38.699root 11241100x8000000000000000419505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b117c67c744e2e932021-12-21 10:45:38.699root 11241100x8000000000000000419506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b58ae8e03177f412021-12-21 10:45:38.700root 11241100x8000000000000000419507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f6e85d3609e8d852021-12-21 10:45:38.700root 11241100x8000000000000000419508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a44bdb4cb7758a2021-12-21 10:45:38.700root 11241100x8000000000000000419509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20e278f7ee93ceb92021-12-21 10:45:38.700root 11241100x8000000000000000419510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ce82b3b9ec57cd2021-12-21 10:45:38.700root 11241100x8000000000000000419511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.872ca3e2080fd7182021-12-21 10:45:38.701root 11241100x8000000000000000419512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53a9f3a703be2562021-12-21 10:45:38.701root 11241100x8000000000000000419513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40497a89fdd59dbc2021-12-21 10:45:38.701root 11241100x8000000000000000419514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93bca2cbcc4e603d2021-12-21 10:45:38.701root 11241100x8000000000000000419515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23984883b7876bb12021-12-21 10:45:38.701root 11241100x8000000000000000419516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7103a743f10b6262021-12-21 10:45:38.701root 11241100x8000000000000000419517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.300078a5b9f91fcf2021-12-21 10:45:38.701root 11241100x8000000000000000419518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d5f825c271292672021-12-21 10:45:38.701root 11241100x8000000000000000419519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9a78da56badce52021-12-21 10:45:38.704root 11241100x8000000000000000419520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca3ca55a75bd59f82021-12-21 10:45:38.705root 11241100x8000000000000000419521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b292da24a66722dc2021-12-21 10:45:38.705root 11241100x8000000000000000419522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a50d095beeed3cb62021-12-21 10:45:38.705root 11241100x8000000000000000419523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439b687df9e1998b2021-12-21 10:45:38.706root 11241100x8000000000000000419524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c1f4b5de623c4812021-12-21 10:45:38.706root 11241100x8000000000000000419525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c6c9bcc7bf9042c2021-12-21 10:45:38.706root 11241100x8000000000000000419526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ff384e66e34b372021-12-21 10:45:38.706root 11241100x8000000000000000419527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c45ec5f0f35f6c112021-12-21 10:45:38.706root 11241100x8000000000000000419528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:38.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1069f1d4eae4a112021-12-21 10:45:38.706root 11241100x8000000000000000419529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.735233380c0ef1b52021-12-21 10:45:39.193root 11241100x8000000000000000419530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c644118df01fc3942021-12-21 10:45:39.193root 11241100x8000000000000000419531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef0504e0bfe78402021-12-21 10:45:39.193root 11241100x8000000000000000419532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d2571df3c5eafd22021-12-21 10:45:39.193root 11241100x8000000000000000419533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8353d75ec3fe4f392021-12-21 10:45:39.194root 11241100x8000000000000000419534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd86f27757fe5f912021-12-21 10:45:39.194root 11241100x8000000000000000419535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b347ff2cd5e1fb2021-12-21 10:45:39.194root 11241100x8000000000000000419536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc11bd888ab05002021-12-21 10:45:39.194root 11241100x8000000000000000419537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33bde78f17b18b1a2021-12-21 10:45:39.194root 11241100x8000000000000000419538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc43af50c29fd5012021-12-21 10:45:39.194root 11241100x8000000000000000419539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b3c547e72a053622021-12-21 10:45:39.194root 11241100x8000000000000000419540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67571571578132472021-12-21 10:45:39.194root 11241100x8000000000000000419541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.978a9313cf07c6c42021-12-21 10:45:39.194root 11241100x8000000000000000419542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f43b1a4d3580502021-12-21 10:45:39.194root 11241100x8000000000000000419543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf251f81ed3b8a82021-12-21 10:45:39.195root 11241100x8000000000000000419544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f382522e48d8f1a2021-12-21 10:45:39.195root 11241100x8000000000000000419545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c7795cf713fca62021-12-21 10:45:39.195root 11241100x8000000000000000419546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.711da82df55b07882021-12-21 10:45:39.195root 11241100x8000000000000000419547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ef6ecdbfbc08f72021-12-21 10:45:39.195root 11241100x8000000000000000419548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05fc6ed0d36d9c9b2021-12-21 10:45:39.195root 11241100x8000000000000000419549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.343daf5c6ea744362021-12-21 10:45:39.195root 11241100x8000000000000000419550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47664e4eb1f7eaf12021-12-21 10:45:39.195root 11241100x8000000000000000419551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c467dbfbbbbcb962021-12-21 10:45:39.195root 11241100x8000000000000000419552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d177e108c025802021-12-21 10:45:39.196root 11241100x8000000000000000419553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa51bee4215b5b62021-12-21 10:45:39.196root 11241100x8000000000000000419554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d71bf386bffd432021-12-21 10:45:39.196root 11241100x8000000000000000419555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0363761f7dda3702021-12-21 10:45:39.196root 11241100x8000000000000000419556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf761e750c1648e2021-12-21 10:45:39.196root 11241100x8000000000000000419557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cbd249789602b032021-12-21 10:45:39.196root 11241100x8000000000000000419558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8229546de8e277412021-12-21 10:45:39.196root 11241100x8000000000000000419559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e74f22c14fe82be2021-12-21 10:45:39.196root 11241100x8000000000000000419560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d837b018e291dd92021-12-21 10:45:39.196root 11241100x8000000000000000419561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77f90205d4e81db32021-12-21 10:45:39.197root 11241100x8000000000000000419562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16552ac122832bbf2021-12-21 10:45:39.197root 11241100x8000000000000000419563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7970591183bb1302021-12-21 10:45:39.197root 11241100x8000000000000000419564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd53da7e7815e792021-12-21 10:45:39.197root 11241100x8000000000000000419565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b751c550fb2d7a9d2021-12-21 10:45:39.197root 11241100x8000000000000000419566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a792881537db93272021-12-21 10:45:39.197root 11241100x8000000000000000419567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e0b2df37d9525812021-12-21 10:45:39.197root 11241100x8000000000000000419568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.985ab59f8719d8b92021-12-21 10:45:39.197root 11241100x8000000000000000419569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f11e1d29da3b8dac2021-12-21 10:45:39.197root 23542300x8000000000000000419570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.344{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000419571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee7ccab3c1559e32021-12-21 10:45:39.693root 11241100x8000000000000000419572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c247581a328eb2802021-12-21 10:45:39.693root 11241100x8000000000000000419573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f061678c5ae977a42021-12-21 10:45:39.693root 11241100x8000000000000000419574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d85caf78d64f7232021-12-21 10:45:39.693root 11241100x8000000000000000419575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9dcefb6511be8f12021-12-21 10:45:39.694root 11241100x8000000000000000419576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f89be78c5dcf11d2021-12-21 10:45:39.694root 11241100x8000000000000000419577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8240335cdb18a0d32021-12-21 10:45:39.694root 11241100x8000000000000000419578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4100d098202d95882021-12-21 10:45:39.694root 11241100x8000000000000000419579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad9a27f6f350aacd2021-12-21 10:45:39.694root 11241100x8000000000000000419580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a59d230e60eb55c72021-12-21 10:45:39.694root 11241100x8000000000000000419581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef1faaab549ff1c2021-12-21 10:45:39.694root 11241100x8000000000000000419582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b6bb2b5982b4562021-12-21 10:45:39.694root 11241100x8000000000000000419583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.302d09e230ca4f422021-12-21 10:45:39.694root 11241100x8000000000000000419584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c3557f3bc1e6e62021-12-21 10:45:39.694root 11241100x8000000000000000419585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b313b04fdc1bf8aa2021-12-21 10:45:39.694root 11241100x8000000000000000419586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b5574e958f2f8f02021-12-21 10:45:39.694root 11241100x8000000000000000419587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62f976c0b6d5816c2021-12-21 10:45:39.694root 11241100x8000000000000000419588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abdf315ec6bd18182021-12-21 10:45:39.694root 11241100x8000000000000000419589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc0143df8cb0ef882021-12-21 10:45:39.694root 11241100x8000000000000000419590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8791ece4b85d4b62021-12-21 10:45:39.695root 11241100x8000000000000000419591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.823c43f6405ffc5b2021-12-21 10:45:39.695root 11241100x8000000000000000419592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbdfdf7e4f6d6ef42021-12-21 10:45:39.695root 11241100x8000000000000000419593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e95e96caba9fc2152021-12-21 10:45:39.695root 11241100x8000000000000000419594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c26210ac6c843c9c2021-12-21 10:45:39.695root 11241100x8000000000000000419595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2dcdabb94fdbbca2021-12-21 10:45:39.695root 11241100x8000000000000000419596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5427fb6212aae0f52021-12-21 10:45:39.695root 11241100x8000000000000000419597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b48a2e24bfcd453c2021-12-21 10:45:39.695root 11241100x8000000000000000419598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8b6fe7805f46372021-12-21 10:45:39.695root 11241100x8000000000000000419599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bc447d92ce336ec2021-12-21 10:45:39.695root 11241100x8000000000000000419600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68d4a05ad0acc3822021-12-21 10:45:39.695root 11241100x8000000000000000419601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.196d2395e89bdf2f2021-12-21 10:45:39.695root 11241100x8000000000000000419602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35da299f7b9dbd252021-12-21 10:45:39.695root 11241100x8000000000000000419603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b985f6c1856c3982021-12-21 10:45:39.695root 11241100x8000000000000000419604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b433478b6cacb6582021-12-21 10:45:39.695root 11241100x8000000000000000419605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20b862fb051f8c672021-12-21 10:45:40.193root 11241100x8000000000000000419606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba9bddd127fabb02021-12-21 10:45:40.193root 11241100x8000000000000000419607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46d9f63b3f9062592021-12-21 10:45:40.193root 11241100x8000000000000000419608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c8705aa471408c2021-12-21 10:45:40.193root 11241100x8000000000000000419609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f385ee52220ec62021-12-21 10:45:40.193root 11241100x8000000000000000419610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.232cc6f80dd74f0e2021-12-21 10:45:40.194root 11241100x8000000000000000419611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f0c71f6e97b430b2021-12-21 10:45:40.194root 11241100x8000000000000000419612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb84c0c7f9d1feb52021-12-21 10:45:40.194root 11241100x8000000000000000419613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c045c7d41512632021-12-21 10:45:40.194root 11241100x8000000000000000419614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fdc67880da86a252021-12-21 10:45:40.194root 11241100x8000000000000000419615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a4d4d01999b03c2021-12-21 10:45:40.194root 11241100x8000000000000000419616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb520642712142c92021-12-21 10:45:40.194root 11241100x8000000000000000419617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a143799fff27b2c2021-12-21 10:45:40.194root 11241100x8000000000000000419618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1e178a2318c433c2021-12-21 10:45:40.194root 11241100x8000000000000000419619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a3fb885b15a9d3a2021-12-21 10:45:40.194root 11241100x8000000000000000419620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f9db7b611a7e8832021-12-21 10:45:40.194root 11241100x8000000000000000419621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31f334e33f0ae9252021-12-21 10:45:40.194root 11241100x8000000000000000419622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.119bab2488ce6e792021-12-21 10:45:40.194root 11241100x8000000000000000419623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c4ee2e40c02b60f2021-12-21 10:45:40.194root 11241100x8000000000000000419624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24f17eaf966c826d2021-12-21 10:45:40.195root 11241100x8000000000000000419625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e2b809d70279b312021-12-21 10:45:40.195root 11241100x8000000000000000419626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d464834ff7a4df92021-12-21 10:45:40.195root 11241100x8000000000000000419627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8faeb2555e5be482021-12-21 10:45:40.195root 11241100x8000000000000000419628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd71bf48652e93e22021-12-21 10:45:40.195root 11241100x8000000000000000419629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1c3e59716f7e662021-12-21 10:45:40.195root 11241100x8000000000000000419630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c4201a17609b1fa2021-12-21 10:45:40.195root 11241100x8000000000000000419631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd8ffec9ef4552052021-12-21 10:45:40.195root 11241100x8000000000000000419632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec18d35220b299342021-12-21 10:45:40.195root 11241100x8000000000000000419633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb932fb387d3dad22021-12-21 10:45:40.195root 11241100x8000000000000000419634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a014ec6eff7329772021-12-21 10:45:40.195root 11241100x8000000000000000419635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2754fcad358835d2021-12-21 10:45:40.195root 11241100x8000000000000000419636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c337d12064e3eb8d2021-12-21 10:45:40.195root 11241100x8000000000000000419637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d8bf35567de18162021-12-21 10:45:40.196root 11241100x8000000000000000419638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a60467b25cfd77ea2021-12-21 10:45:40.196root 11241100x8000000000000000419639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da704339d1832ff2021-12-21 10:45:40.693root 11241100x8000000000000000419640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41de8144a652dcee2021-12-21 10:45:40.693root 11241100x8000000000000000419641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fd07d600be1ea902021-12-21 10:45:40.693root 11241100x8000000000000000419642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9977a190a78da6702021-12-21 10:45:40.693root 11241100x8000000000000000419643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f896d3580292d42021-12-21 10:45:40.693root 11241100x8000000000000000419644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b05a54edaf6103e02021-12-21 10:45:40.693root 11241100x8000000000000000419645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dad6ca0651531d12021-12-21 10:45:40.694root 11241100x8000000000000000419646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fffe54ac129814372021-12-21 10:45:40.694root 11241100x8000000000000000419647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc4250886958f0082021-12-21 10:45:40.694root 11241100x8000000000000000419648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf69bdcf0fc244b32021-12-21 10:45:40.694root 11241100x8000000000000000419649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a35baf29dd0ada2021-12-21 10:45:40.694root 11241100x8000000000000000419650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ef2802b4e846df2021-12-21 10:45:40.694root 11241100x8000000000000000419651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1961162db428c1042021-12-21 10:45:40.694root 11241100x8000000000000000419652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.137dbed9e5eb662d2021-12-21 10:45:40.694root 11241100x8000000000000000419653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f3d6c76ebf527752021-12-21 10:45:40.694root 11241100x8000000000000000419654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb67e4c2c485ae02021-12-21 10:45:40.694root 11241100x8000000000000000419655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db36dcdd6d1ef51e2021-12-21 10:45:40.695root 11241100x8000000000000000419656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d210c934986e8e2021-12-21 10:45:40.695root 11241100x8000000000000000419657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91306bc278d530f22021-12-21 10:45:40.695root 11241100x8000000000000000419658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd76d7830ee7cff2021-12-21 10:45:40.695root 11241100x8000000000000000419659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb346c4467f558142021-12-21 10:45:40.695root 11241100x8000000000000000419660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5372a5291555f4da2021-12-21 10:45:40.695root 11241100x8000000000000000419661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f39e04b55f5b2922021-12-21 10:45:40.695root 11241100x8000000000000000419662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff7fdf85dcf803f2021-12-21 10:45:40.695root 11241100x8000000000000000419663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a01323fd8029dc892021-12-21 10:45:40.695root 11241100x8000000000000000419664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c056a61d1513712021-12-21 10:45:40.696root 11241100x8000000000000000419665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e0bf7758f2ed0c2021-12-21 10:45:40.696root 11241100x8000000000000000419666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d63dcb46d2ebd5f92021-12-21 10:45:40.696root 11241100x8000000000000000419667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c3bae91dd0e160c2021-12-21 10:45:40.696root 11241100x8000000000000000419668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a56bfad4c4c85362021-12-21 10:45:40.696root 11241100x8000000000000000419669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca28c7bcea1e2812021-12-21 10:45:40.696root 11241100x8000000000000000419670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f1b66101b0588b2021-12-21 10:45:40.696root 11241100x8000000000000000419671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddbed44bf900d1022021-12-21 10:45:40.696root 11241100x8000000000000000419672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d89ed56fb1e86efb2021-12-21 10:45:40.696root 11241100x8000000000000000419673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f3ce1e474f81042021-12-21 10:45:40.697root 11241100x8000000000000000419674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:40.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f1b49e7f6e0db122021-12-21 10:45:40.697root 11241100x8000000000000000419675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b5364d1e5e669e2021-12-21 10:45:41.193root 11241100x8000000000000000419676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4bacfb9f166c3492021-12-21 10:45:41.193root 11241100x8000000000000000419677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39c27d4ecad49bd62021-12-21 10:45:41.194root 11241100x8000000000000000419678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36ccd5aa4c18e4652021-12-21 10:45:41.194root 11241100x8000000000000000419679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb4e0e21167f9ab02021-12-21 10:45:41.194root 11241100x8000000000000000419680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c9a2c29359bf7a22021-12-21 10:45:41.194root 11241100x8000000000000000419681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07882ba991d8e9f2021-12-21 10:45:41.194root 11241100x8000000000000000419682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4eb612a6048c4f92021-12-21 10:45:41.194root 11241100x8000000000000000419683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29fd79615096c21a2021-12-21 10:45:41.194root 11241100x8000000000000000419684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ccdb783e63448592021-12-21 10:45:41.194root 11241100x8000000000000000419685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.203dc9a571e9215c2021-12-21 10:45:41.194root 11241100x8000000000000000419686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a1e2a14f7ea6dd2021-12-21 10:45:41.194root 11241100x8000000000000000419687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c30c1b8c7ba5c432021-12-21 10:45:41.194root 11241100x8000000000000000419688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b00d334dd834a3782021-12-21 10:45:41.194root 11241100x8000000000000000419689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95944df48400113e2021-12-21 10:45:41.195root 11241100x8000000000000000419690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a61f758d793811b2021-12-21 10:45:41.195root 11241100x8000000000000000419691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.add1ed7f8c7d36262021-12-21 10:45:41.195root 11241100x8000000000000000419692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a004a31272317c662021-12-21 10:45:41.195root 11241100x8000000000000000419693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bcce2da67b9d4d02021-12-21 10:45:41.195root 11241100x8000000000000000419694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ef58f509ed5e542021-12-21 10:45:41.195root 11241100x8000000000000000419695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a46dfeedfbfe112021-12-21 10:45:41.195root 11241100x8000000000000000419696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e0b7f490ca798e12021-12-21 10:45:41.195root 11241100x8000000000000000419697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d34379a21e6f80f62021-12-21 10:45:41.195root 11241100x8000000000000000419698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45601d7fde7ee5292021-12-21 10:45:41.196root 11241100x8000000000000000419699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1171c890b2d1bfa2021-12-21 10:45:41.196root 11241100x8000000000000000419700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d038bca18f77bff2021-12-21 10:45:41.196root 11241100x8000000000000000419701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3537744e9fb1b72b2021-12-21 10:45:41.196root 11241100x8000000000000000419702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41f9390a541cf4ef2021-12-21 10:45:41.197root 11241100x8000000000000000419703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66149a2afaa55d1c2021-12-21 10:45:41.197root 11241100x8000000000000000419704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45518857d6821d872021-12-21 10:45:41.197root 11241100x8000000000000000419705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb7b679e0da490c2021-12-21 10:45:41.197root 11241100x8000000000000000419706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff688f115ac1d8642021-12-21 10:45:41.197root 11241100x8000000000000000419707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49233d50e8e9b62b2021-12-21 10:45:41.197root 11241100x8000000000000000419708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2259cb6e64b2a0592021-12-21 10:45:41.197root 11241100x8000000000000000419709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd965c039dabccf52021-12-21 10:45:41.197root 11241100x8000000000000000419710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0f3f23f3cf211fa2021-12-21 10:45:41.197root 11241100x8000000000000000419711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96bd7c30068f36c22021-12-21 10:45:41.693root 11241100x8000000000000000419712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ad090942c88e7a2021-12-21 10:45:41.693root 11241100x8000000000000000419713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.365f425b8fcc517a2021-12-21 10:45:41.693root 11241100x8000000000000000419714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf9b4946c52471012021-12-21 10:45:41.693root 11241100x8000000000000000419715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b1c27f75534e9032021-12-21 10:45:41.693root 11241100x8000000000000000419716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96978b23c52b15dc2021-12-21 10:45:41.693root 11241100x8000000000000000419717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eafd8c876b77dbe42021-12-21 10:45:41.693root 11241100x8000000000000000419718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.161c5f87eaf444e52021-12-21 10:45:41.694root 11241100x8000000000000000419719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1248efcbdc543a132021-12-21 10:45:41.694root 11241100x8000000000000000419720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74c8af744d02cd052021-12-21 10:45:41.694root 11241100x8000000000000000419721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc23169c3929e6a2021-12-21 10:45:41.694root 11241100x8000000000000000419722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37b2adc0ef06c142021-12-21 10:45:41.694root 11241100x8000000000000000419723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8cca918d0f610022021-12-21 10:45:41.694root 11241100x8000000000000000419724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25bd5dfbec5aa7aa2021-12-21 10:45:41.694root 11241100x8000000000000000419725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64906d7ad7ff435f2021-12-21 10:45:41.694root 11241100x8000000000000000419726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08040017501ac5812021-12-21 10:45:41.694root 11241100x8000000000000000419727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77aa875e8b65a5052021-12-21 10:45:41.694root 11241100x8000000000000000419728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4da0ae0652e960042021-12-21 10:45:41.694root 11241100x8000000000000000419729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e0debc4e5aa5d082021-12-21 10:45:41.695root 11241100x8000000000000000419730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f6b980a3da3174b2021-12-21 10:45:41.695root 11241100x8000000000000000419731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dee451bdaa3e3462021-12-21 10:45:41.695root 11241100x8000000000000000419732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec24f900f9f52222021-12-21 10:45:41.695root 11241100x8000000000000000419733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ba741d6d323e8562021-12-21 10:45:41.695root 11241100x8000000000000000419734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba19a9a972f1a492021-12-21 10:45:41.695root 11241100x8000000000000000419735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f205d18ebdf67a2021-12-21 10:45:41.695root 11241100x8000000000000000419736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9688a0a8462f76b62021-12-21 10:45:41.695root 11241100x8000000000000000419737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d5f9284491ef0e72021-12-21 10:45:41.695root 11241100x8000000000000000419738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d445a149246807a2021-12-21 10:45:41.695root 11241100x8000000000000000419739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d5e561b75126fb32021-12-21 10:45:41.695root 11241100x8000000000000000419740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.559fd6ee9225b05e2021-12-21 10:45:41.696root 11241100x8000000000000000419741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f487f692386abdf2021-12-21 10:45:41.696root 11241100x8000000000000000419742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f7883dbb3e7d8c2021-12-21 10:45:41.696root 11241100x8000000000000000419743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.438ea27d8e904a432021-12-21 10:45:41.696root 11241100x8000000000000000419744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30181626d8b2c9ad2021-12-21 10:45:41.696root 11241100x8000000000000000419745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d447d9b76b87d7b2021-12-21 10:45:41.696root 11241100x8000000000000000419746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f8ef465a0050762021-12-21 10:45:41.696root 11241100x8000000000000000419747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ea649a929ecdd762021-12-21 10:45:41.696root 11241100x8000000000000000419748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18ebde8ba90e61f42021-12-21 10:45:41.696root 11241100x8000000000000000419749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3ab1cc67df16a222021-12-21 10:45:41.697root 11241100x8000000000000000419750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ac2d9f0560748b2021-12-21 10:45:41.697root 11241100x8000000000000000419751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a545b75010301062021-12-21 10:45:41.697root 11241100x8000000000000000419752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a4aac68d36a15942021-12-21 10:45:41.697root 11241100x8000000000000000419753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0357e7d1f6722692021-12-21 10:45:42.193root 11241100x8000000000000000419754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6117f1b46633b7332021-12-21 10:45:42.193root 11241100x8000000000000000419755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c2565c1a43533ad2021-12-21 10:45:42.194root 11241100x8000000000000000419756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.988d843964b8c5772021-12-21 10:45:42.194root 11241100x8000000000000000419757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07ac14776a242feb2021-12-21 10:45:42.194root 11241100x8000000000000000419758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc13213fdebcb02a2021-12-21 10:45:42.194root 11241100x8000000000000000419759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.782743fa377e648e2021-12-21 10:45:42.194root 11241100x8000000000000000419760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df94fa03c29204e92021-12-21 10:45:42.194root 11241100x8000000000000000419761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b530b30ff6ab7df2021-12-21 10:45:42.194root 11241100x8000000000000000419762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d01407c706c71d2021-12-21 10:45:42.194root 11241100x8000000000000000419763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff6e8913226c15b2021-12-21 10:45:42.194root 11241100x8000000000000000419764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfcbaebd59c57b162021-12-21 10:45:42.195root 11241100x8000000000000000419765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e98965e5f1f3432021-12-21 10:45:42.195root 11241100x8000000000000000419766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfcda12d47d82feb2021-12-21 10:45:42.195root 11241100x8000000000000000419767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b795e7e1fa4793e2021-12-21 10:45:42.195root 11241100x8000000000000000419768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a822f99f31d66712021-12-21 10:45:42.195root 11241100x8000000000000000419769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.522a0231bfb1e3752021-12-21 10:45:42.195root 11241100x8000000000000000419770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.992a6fdc77f437532021-12-21 10:45:42.195root 11241100x8000000000000000419771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91a524513b834422021-12-21 10:45:42.195root 11241100x8000000000000000419772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc3359dcdfaf26c82021-12-21 10:45:42.195root 11241100x8000000000000000419773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac2ff3c11f2ccd4c2021-12-21 10:45:42.195root 11241100x8000000000000000419774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a773bbf01c49962021-12-21 10:45:42.195root 11241100x8000000000000000419775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc49f26e0f746522021-12-21 10:45:42.196root 11241100x8000000000000000419776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3903a2841bf1a6ce2021-12-21 10:45:42.196root 11241100x8000000000000000419777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c9151649d5956612021-12-21 10:45:42.196root 354300x8000000000000000419778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.197{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47562-false10.0.1.12-8000- 11241100x8000000000000000419779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43cae555de9035f12021-12-21 10:45:42.197root 11241100x8000000000000000419780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c66b1948e951d74b2021-12-21 10:45:42.197root 11241100x8000000000000000419781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c709b7622f190d482021-12-21 10:45:42.197root 11241100x8000000000000000419782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0596f051e4afe3642021-12-21 10:45:42.197root 11241100x8000000000000000419783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.350280cf33a676c82021-12-21 10:45:42.197root 11241100x8000000000000000419784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a61a09b076be93c2021-12-21 10:45:42.198root 11241100x8000000000000000419785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b37a27fc48393e42021-12-21 10:45:42.198root 11241100x8000000000000000419786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc15b2a46bfef45b2021-12-21 10:45:42.198root 11241100x8000000000000000419787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e66910a2f2a9ea2021-12-21 10:45:42.198root 11241100x8000000000000000419788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a42ddc458f8c501d2021-12-21 10:45:42.692root 11241100x8000000000000000419789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa638393ddbcd022021-12-21 10:45:42.693root 11241100x8000000000000000419790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2bcefed97ac54412021-12-21 10:45:42.693root 11241100x8000000000000000419791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc86e46bc6508b82021-12-21 10:45:42.693root 11241100x8000000000000000419792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374f17df8a832e8b2021-12-21 10:45:42.693root 11241100x8000000000000000419793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93677e67ce77ac3f2021-12-21 10:45:42.693root 11241100x8000000000000000419794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.334fe72bceb95e772021-12-21 10:45:42.693root 11241100x8000000000000000419795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e543bc623f66132021-12-21 10:45:42.693root 11241100x8000000000000000419796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f904f177299899a2021-12-21 10:45:42.694root 11241100x8000000000000000419797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ceb552e3abd06142021-12-21 10:45:42.694root 11241100x8000000000000000419798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2325a1d7ec64a0652021-12-21 10:45:42.694root 11241100x8000000000000000419799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825717ca5874effa2021-12-21 10:45:42.694root 11241100x8000000000000000419800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e878ee121b28b5a2021-12-21 10:45:42.694root 11241100x8000000000000000419801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c6b2c179609277d2021-12-21 10:45:42.694root 11241100x8000000000000000419802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54de8314b25bfb972021-12-21 10:45:42.694root 11241100x8000000000000000419803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42850737d48014a42021-12-21 10:45:42.694root 11241100x8000000000000000419804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c2e66ea1a69aa02021-12-21 10:45:42.694root 11241100x8000000000000000419805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4b20bd9b70cac242021-12-21 10:45:42.694root 11241100x8000000000000000419806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d47b1c1f434d50e2021-12-21 10:45:42.694root 11241100x8000000000000000419807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825a4f277f4e559f2021-12-21 10:45:42.695root 11241100x8000000000000000419808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df85556c2c42835d2021-12-21 10:45:42.695root 11241100x8000000000000000419809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c02eb89bab54b6052021-12-21 10:45:42.695root 11241100x8000000000000000419810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72794cc6e9fc627c2021-12-21 10:45:42.695root 11241100x8000000000000000419811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46207f0705c02ba52021-12-21 10:45:42.695root 11241100x8000000000000000419812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f619e8227084f22021-12-21 10:45:42.695root 11241100x8000000000000000419813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef7d16ded89275892021-12-21 10:45:42.695root 11241100x8000000000000000419814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb85e9729988bec72021-12-21 10:45:42.695root 11241100x8000000000000000419815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eed4524992a638e2021-12-21 10:45:42.695root 11241100x8000000000000000419816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0796beda0185f62021-12-21 10:45:42.695root 11241100x8000000000000000419817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f1f76df8f7fc89d2021-12-21 10:45:42.696root 11241100x8000000000000000419818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63cc521bfbc934c22021-12-21 10:45:42.696root 11241100x8000000000000000419819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a799a9708c36590d2021-12-21 10:45:42.696root 11241100x8000000000000000419820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.598afcaca18e81a92021-12-21 10:45:42.696root 11241100x8000000000000000419821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ace824e90d5dd51d2021-12-21 10:45:42.696root 11241100x8000000000000000419822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80fc1ce2239cb9a82021-12-21 10:45:42.696root 11241100x8000000000000000419823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0962186fb8914c552021-12-21 10:45:42.696root 11241100x8000000000000000419824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b1adcf2ab2118b2021-12-21 10:45:42.696root 11241100x8000000000000000419825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f0789c66a1be1b2021-12-21 10:45:42.697root 11241100x8000000000000000419826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c493a8f256d681b72021-12-21 10:45:42.697root 11241100x8000000000000000419827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:42.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12bf2decaa7eb98c2021-12-21 10:45:42.697root 11241100x8000000000000000419828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f6a46e82d1725042021-12-21 10:45:43.193root 11241100x8000000000000000419829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.992146c334e75ae62021-12-21 10:45:43.193root 11241100x8000000000000000419830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f86256846985f0f92021-12-21 10:45:43.193root 11241100x8000000000000000419831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2186ae67e5e25842021-12-21 10:45:43.193root 11241100x8000000000000000419832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18cf3ef5b94d27c52021-12-21 10:45:43.193root 11241100x8000000000000000419833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d579344640d9a6152021-12-21 10:45:43.193root 11241100x8000000000000000419834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd29e3e2bffd1292021-12-21 10:45:43.193root 11241100x8000000000000000419835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd9d57faac8e0b742021-12-21 10:45:43.193root 11241100x8000000000000000419836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b9e239f72e81622021-12-21 10:45:43.193root 11241100x8000000000000000419837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab37beb194b01622021-12-21 10:45:43.194root 11241100x8000000000000000419838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd4246583787a962021-12-21 10:45:43.194root 11241100x8000000000000000419839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6601fa369de0b1632021-12-21 10:45:43.194root 11241100x8000000000000000419840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad055122e719959e2021-12-21 10:45:43.194root 11241100x8000000000000000419841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58868ac3a71aa752021-12-21 10:45:43.194root 11241100x8000000000000000419842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98eeb57ace63f6ee2021-12-21 10:45:43.194root 11241100x8000000000000000419843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f02c3b48d9b7a1b12021-12-21 10:45:43.194root 11241100x8000000000000000419844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.102b972cf196d04b2021-12-21 10:45:43.195root 11241100x8000000000000000419845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6759db4baf7244ab2021-12-21 10:45:43.195root 11241100x8000000000000000419846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e677cd02ad8874812021-12-21 10:45:43.195root 11241100x8000000000000000419847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cf6ae988d7315a92021-12-21 10:45:43.195root 11241100x8000000000000000419848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6874887cabfc213b2021-12-21 10:45:43.195root 11241100x8000000000000000419849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c93c13adad507942021-12-21 10:45:43.195root 11241100x8000000000000000419850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4152d7ad04a08af12021-12-21 10:45:43.195root 11241100x8000000000000000419851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a79044663f1e01132021-12-21 10:45:43.195root 11241100x8000000000000000419852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f31179563f7514fd2021-12-21 10:45:43.195root 11241100x8000000000000000419853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d2d067dc3f45f612021-12-21 10:45:43.196root 11241100x8000000000000000419854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6957a01e2ace12b02021-12-21 10:45:43.196root 11241100x8000000000000000419855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e638683d70358a2021-12-21 10:45:43.196root 11241100x8000000000000000419856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9240db2d092d9f782021-12-21 10:45:43.196root 11241100x8000000000000000419857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec655223d6706912021-12-21 10:45:43.196root 11241100x8000000000000000419858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f958d16ca1d42c132021-12-21 10:45:43.196root 11241100x8000000000000000419859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feaa82758b764ab42021-12-21 10:45:43.196root 11241100x8000000000000000419860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dc6c3840cff15042021-12-21 10:45:43.196root 11241100x8000000000000000419861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b39680beda530772021-12-21 10:45:43.196root 11241100x8000000000000000419862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94a693a6d038f4cc2021-12-21 10:45:43.196root 11241100x8000000000000000419863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de0930cccca2851e2021-12-21 10:45:43.196root 11241100x8000000000000000419864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b66bb7720bbda85c2021-12-21 10:45:43.197root 11241100x8000000000000000419865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ab987c6841b2992021-12-21 10:45:43.197root 11241100x8000000000000000419866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b936fa24da9fac22021-12-21 10:45:43.197root 11241100x8000000000000000419867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f19191e5d0a5bf2021-12-21 10:45:43.197root 11241100x8000000000000000419868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea72bc5bc4585ab52021-12-21 10:45:43.197root 11241100x8000000000000000419869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a530b49dde29dc22021-12-21 10:45:43.197root 11241100x8000000000000000419870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d830bc07100d1fef2021-12-21 10:45:43.197root 11241100x8000000000000000419871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5bfe7ebd2d0c24e2021-12-21 10:45:43.197root 11241100x8000000000000000419872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.646b2ec7c82ad5672021-12-21 10:45:43.197root 11241100x8000000000000000419873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b47b77c9a3cff02021-12-21 10:45:43.197root 11241100x8000000000000000419874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cb7ff2b74d6ce6e2021-12-21 10:45:43.197root 11241100x8000000000000000419875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cb7f54d172e97252021-12-21 10:45:43.197root 11241100x8000000000000000419876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f678d49f09e3132021-12-21 10:45:43.198root 11241100x8000000000000000419877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7799c1270e57bf912021-12-21 10:45:43.198root 11241100x8000000000000000419878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f68d30bc7c62706b2021-12-21 10:45:43.198root 11241100x8000000000000000419879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71791a9b210635dd2021-12-21 10:45:43.198root 11241100x8000000000000000419880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f425b7ad53c6eb0e2021-12-21 10:45:43.198root 11241100x8000000000000000419881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f9473196a873ff2021-12-21 10:45:43.198root 11241100x8000000000000000419882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7deb168cb97eecd2021-12-21 10:45:43.198root 11241100x8000000000000000419883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a948dce4e6abf7b2021-12-21 10:45:43.198root 11241100x8000000000000000419884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.013e47dde51043f02021-12-21 10:45:43.198root 11241100x8000000000000000419885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba55096db6f90e2a2021-12-21 10:45:43.199root 11241100x8000000000000000419886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.135b5664dfc7be132021-12-21 10:45:43.199root 11241100x8000000000000000419887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6a73f473ed46cf22021-12-21 10:45:43.199root 11241100x8000000000000000419888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a16c208442dd542021-12-21 10:45:43.693root 11241100x8000000000000000419889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cffa562539ef4bf92021-12-21 10:45:43.693root 11241100x8000000000000000419890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e27e34fefa474feb2021-12-21 10:45:43.693root 11241100x8000000000000000419891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a7601e1f6e035f2021-12-21 10:45:43.693root 11241100x8000000000000000419892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f14f6e19ac9f4d2021-12-21 10:45:43.693root 11241100x8000000000000000419893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.630fe6c157b2135a2021-12-21 10:45:43.693root 11241100x8000000000000000419894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.471f56421e37e7342021-12-21 10:45:43.693root 11241100x8000000000000000419895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4880ba7f5b577abf2021-12-21 10:45:43.694root 11241100x8000000000000000419896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4251379255aec6542021-12-21 10:45:43.694root 11241100x8000000000000000419897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fa92bbab6ce50ca2021-12-21 10:45:43.694root 11241100x8000000000000000419898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac5e66f24d70b3372021-12-21 10:45:43.694root 11241100x8000000000000000419899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ddc6e4ca7e036b2021-12-21 10:45:43.694root 11241100x8000000000000000419900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd9152842b70babb2021-12-21 10:45:43.694root 11241100x8000000000000000419901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cb045c3ffc610ad2021-12-21 10:45:43.694root 11241100x8000000000000000419902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c634fee984409742021-12-21 10:45:43.694root 11241100x8000000000000000419903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aaa982bbed334672021-12-21 10:45:43.694root 11241100x8000000000000000419904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c61abcb8ed7add2021-12-21 10:45:43.694root 11241100x8000000000000000419905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53129c030823f8382021-12-21 10:45:43.695root 11241100x8000000000000000419906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb72b63bfd8e6802021-12-21 10:45:43.695root 11241100x8000000000000000419907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d662616cc905e12021-12-21 10:45:43.695root 11241100x8000000000000000419908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5198776dbb4c310a2021-12-21 10:45:43.695root 11241100x8000000000000000419909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b581469271e63b3e2021-12-21 10:45:43.695root 11241100x8000000000000000419910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b078235d85e58be82021-12-21 10:45:43.695root 11241100x8000000000000000419911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f68bcdd8fad82ae52021-12-21 10:45:43.695root 11241100x8000000000000000419912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a986d6f63bc6bd6a2021-12-21 10:45:43.695root 11241100x8000000000000000419913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef6ccec41c0c6fc32021-12-21 10:45:43.696root 11241100x8000000000000000419914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e84a0fd4f62b26562021-12-21 10:45:43.696root 11241100x8000000000000000419915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f811b936e5eaf77f2021-12-21 10:45:43.696root 11241100x8000000000000000419916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dbee740b9d0cf382021-12-21 10:45:43.696root 11241100x8000000000000000419917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e9e9c37b54db472021-12-21 10:45:43.696root 11241100x8000000000000000419918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c96b06c49bbf23852021-12-21 10:45:43.696root 11241100x8000000000000000419919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a614466b383306ce2021-12-21 10:45:43.696root 11241100x8000000000000000419920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18ab4322620cfc202021-12-21 10:45:43.696root 11241100x8000000000000000419921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889e313b2ad4d6572021-12-21 10:45:43.696root 11241100x8000000000000000419922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35cf5860f7b526a02021-12-21 10:45:43.696root 11241100x8000000000000000419923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74203250aff9441a2021-12-21 10:45:43.697root 11241100x8000000000000000419924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b42909772535052021-12-21 10:45:43.697root 11241100x8000000000000000419925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc771389a161b54c2021-12-21 10:45:43.697root 11241100x8000000000000000419926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77db139d26dc4e232021-12-21 10:45:43.697root 11241100x8000000000000000419927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ee00423cfd458a2021-12-21 10:45:43.697root 11241100x8000000000000000419928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.660d7a1fb8d1d97e2021-12-21 10:45:43.697root 11241100x8000000000000000419929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c86defe4ea719f532021-12-21 10:45:43.697root 11241100x8000000000000000419930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:43.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f371ff5c38eb11b92021-12-21 10:45:43.697root 11241100x8000000000000000419931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00dae39ef236e2352021-12-21 10:45:44.193root 11241100x8000000000000000419932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d780928110288dca2021-12-21 10:45:44.193root 11241100x8000000000000000419933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5ae768ab749d4d2021-12-21 10:45:44.194root 11241100x8000000000000000419934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3633f64e95a3e08d2021-12-21 10:45:44.194root 11241100x8000000000000000419935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21bf76b70ee8b08d2021-12-21 10:45:44.194root 11241100x8000000000000000419936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bc00935920e69392021-12-21 10:45:44.194root 11241100x8000000000000000419937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79de175ea499af832021-12-21 10:45:44.194root 11241100x8000000000000000419938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9be356b49c8bbf5a2021-12-21 10:45:44.194root 11241100x8000000000000000419939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0508ea60810f6ee82021-12-21 10:45:44.194root 11241100x8000000000000000419940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e1457d3f0ab69702021-12-21 10:45:44.194root 11241100x8000000000000000419941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1239b681eac6620d2021-12-21 10:45:44.194root 11241100x8000000000000000419942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a960e1b46344711a2021-12-21 10:45:44.194root 11241100x8000000000000000419943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431fb99d3d61c8ec2021-12-21 10:45:44.195root 11241100x8000000000000000419944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67331b2ce48a0802021-12-21 10:45:44.195root 11241100x8000000000000000419945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f87939092b3e842021-12-21 10:45:44.195root 11241100x8000000000000000419946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f431d0ed049cf98a2021-12-21 10:45:44.195root 11241100x8000000000000000419947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8bf55c38217a7f2021-12-21 10:45:44.195root 11241100x8000000000000000419948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b106a6433bbab0f2021-12-21 10:45:44.195root 11241100x8000000000000000419949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a525255fc921ba2021-12-21 10:45:44.195root 11241100x8000000000000000419950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4626760c134b425a2021-12-21 10:45:44.195root 11241100x8000000000000000419951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b13a391f845680f2021-12-21 10:45:44.196root 11241100x8000000000000000419952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed20ed3d466fb6132021-12-21 10:45:44.196root 11241100x8000000000000000419953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abef796b6d6450e42021-12-21 10:45:44.196root 11241100x8000000000000000419954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16751e9944d264d42021-12-21 10:45:44.196root 11241100x8000000000000000419955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f850b9c3cf14a33a2021-12-21 10:45:44.196root 11241100x8000000000000000419956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b260178a10b1532021-12-21 10:45:44.196root 11241100x8000000000000000419957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a6dc8d105ea00fe2021-12-21 10:45:44.196root 11241100x8000000000000000419958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.357960c66588c36d2021-12-21 10:45:44.196root 11241100x8000000000000000419959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f8ba7730353227b2021-12-21 10:45:44.196root 11241100x8000000000000000419960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc5267f5149884702021-12-21 10:45:44.197root 11241100x8000000000000000419961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.448c26fd3a401e862021-12-21 10:45:44.197root 11241100x8000000000000000419962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad8258a5c3c0d8232021-12-21 10:45:44.197root 11241100x8000000000000000419963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2deb41d436b4ca12021-12-21 10:45:44.197root 11241100x8000000000000000419964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9050b40bd2b946a22021-12-21 10:45:44.197root 11241100x8000000000000000419965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63522ffd6026e3112021-12-21 10:45:44.197root 11241100x8000000000000000419966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bd999bb970e44992021-12-21 10:45:44.197root 11241100x8000000000000000419967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.783f5a4b44f5ffe72021-12-21 10:45:44.693root 11241100x8000000000000000419968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68007c2e1f7e0a782021-12-21 10:45:44.694root 11241100x8000000000000000419969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca13628b3f3ba802021-12-21 10:45:44.694root 11241100x8000000000000000419970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e00473f3782d2a2021-12-21 10:45:44.694root 11241100x8000000000000000419971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d8530ad4c21472a2021-12-21 10:45:44.694root 11241100x8000000000000000419972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e863991b6601968a2021-12-21 10:45:44.694root 11241100x8000000000000000419973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf3ea12691350cda2021-12-21 10:45:44.694root 11241100x8000000000000000419974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.496b22f65890d0f52021-12-21 10:45:44.694root 11241100x8000000000000000419975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86328ea8044dea562021-12-21 10:45:44.694root 11241100x8000000000000000419976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e97d249bd152a45f2021-12-21 10:45:44.694root 11241100x8000000000000000419977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195b325a0dee14e52021-12-21 10:45:44.694root 11241100x8000000000000000419978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7684cfd9aba1bff82021-12-21 10:45:44.695root 11241100x8000000000000000419979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d68148b744ccdb42021-12-21 10:45:44.695root 11241100x8000000000000000419980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.337f904ad317964f2021-12-21 10:45:44.695root 11241100x8000000000000000419981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7820369918b6d1bf2021-12-21 10:45:44.695root 11241100x8000000000000000419982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffd3d9706ff4652e2021-12-21 10:45:44.695root 11241100x8000000000000000419983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4227527ef2b31612021-12-21 10:45:44.695root 11241100x8000000000000000419984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.446776fc9c0a12ef2021-12-21 10:45:44.695root 11241100x8000000000000000419985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6b6d759c6150d632021-12-21 10:45:44.695root 11241100x8000000000000000419986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.586ea76994171c032021-12-21 10:45:44.695root 11241100x8000000000000000419987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff944cc6a0028a4e2021-12-21 10:45:44.695root 11241100x8000000000000000419988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84074b05b806fffd2021-12-21 10:45:44.696root 11241100x8000000000000000419989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c6f3e60e17b0e512021-12-21 10:45:44.696root 11241100x8000000000000000419990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae5278772573d182021-12-21 10:45:44.696root 11241100x8000000000000000419991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd1dcd317dffcaa2021-12-21 10:45:44.696root 11241100x8000000000000000419992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d003d66cb3e0a70e2021-12-21 10:45:44.696root 11241100x8000000000000000419993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd5de8f8566ec8802021-12-21 10:45:44.696root 11241100x8000000000000000419994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dabd0d8537175dd2021-12-21 10:45:44.696root 11241100x8000000000000000419995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96ff623339a1a27a2021-12-21 10:45:44.696root 11241100x8000000000000000419996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c60d4cd030e66a2021-12-21 10:45:44.696root 11241100x8000000000000000419997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.963b61944d1246d92021-12-21 10:45:44.697root 11241100x8000000000000000419998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8228927f18ee5ee2021-12-21 10:45:44.697root 11241100x8000000000000000419999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5af2be52df2854872021-12-21 10:45:44.697root 11241100x8000000000000000420000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d094fb9fecfd742021-12-21 10:45:44.697root 11241100x8000000000000000420001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:44.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35aa4f83a381f3432021-12-21 10:45:44.697root 11241100x8000000000000000420002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9c5848f2f221a82021-12-21 10:45:45.193root 11241100x8000000000000000420003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fb35070feedd3ba2021-12-21 10:45:45.193root 11241100x8000000000000000420004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ee036fcf34d8292021-12-21 10:45:45.193root 11241100x8000000000000000420005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.632a0efeb6ca345f2021-12-21 10:45:45.193root 11241100x8000000000000000420006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d54d998813589d0a2021-12-21 10:45:45.193root 11241100x8000000000000000420007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b98eb392b8e5a62f2021-12-21 10:45:45.193root 11241100x8000000000000000420008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781f5dd4f4cf96402021-12-21 10:45:45.193root 11241100x8000000000000000420009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e5aa28ec2c22d122021-12-21 10:45:45.193root 11241100x8000000000000000420010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e645dc6ddb5eaf2021-12-21 10:45:45.193root 11241100x8000000000000000420011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d232df4086c1c0532021-12-21 10:45:45.194root 11241100x8000000000000000420012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da4429636f88caba2021-12-21 10:45:45.194root 11241100x8000000000000000420013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f95814fd85a5374f2021-12-21 10:45:45.194root 11241100x8000000000000000420014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed6ac3e2f1a349522021-12-21 10:45:45.194root 11241100x8000000000000000420015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d9e13d9a1c5c52d2021-12-21 10:45:45.194root 11241100x8000000000000000420016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d43afeb71eed3ec92021-12-21 10:45:45.194root 11241100x8000000000000000420017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8d6c9c396ba09db2021-12-21 10:45:45.194root 11241100x8000000000000000420018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad16b4f794bb5782021-12-21 10:45:45.194root 11241100x8000000000000000420019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8788c075719f04572021-12-21 10:45:45.194root 11241100x8000000000000000420020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da4d4558762d0ab2021-12-21 10:45:45.194root 11241100x8000000000000000420021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae0f7c77dc7c3a72021-12-21 10:45:45.194root 11241100x8000000000000000420022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a380181e83f1002021-12-21 10:45:45.195root 11241100x8000000000000000420023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed126b5f92f74f5e2021-12-21 10:45:45.195root 11241100x8000000000000000420024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a875966733f3442021-12-21 10:45:45.195root 11241100x8000000000000000420025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.061087a944217e972021-12-21 10:45:45.195root 11241100x8000000000000000420026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f82cc6d3177d862021-12-21 10:45:45.195root 11241100x8000000000000000420027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77b528fa32465f282021-12-21 10:45:45.195root 11241100x8000000000000000420028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f85e68d34d4c7282021-12-21 10:45:45.195root 11241100x8000000000000000420029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d0d914572fa9952021-12-21 10:45:45.195root 11241100x8000000000000000420030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8917bb3f2cea60462021-12-21 10:45:45.195root 11241100x8000000000000000420031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee251ed35f0bf3d2021-12-21 10:45:45.196root 11241100x8000000000000000420032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae915e81e51220fa2021-12-21 10:45:45.196root 11241100x8000000000000000420033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d1d2dfa760d9512021-12-21 10:45:45.196root 11241100x8000000000000000420034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb083b2cba36d5fa2021-12-21 10:45:45.196root 11241100x8000000000000000420035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f053c5a8b18934162021-12-21 10:45:45.196root 11241100x8000000000000000420036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17605403ee2f76b12021-12-21 10:45:45.196root 11241100x8000000000000000420037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a1ecf1fd456ed12021-12-21 10:45:45.196root 11241100x8000000000000000420038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d180ae61e5f36a2021-12-21 10:45:45.196root 11241100x8000000000000000420039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a6674de41318cd2021-12-21 10:45:45.196root 11241100x8000000000000000420040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f6aaa07355ae5e2021-12-21 10:45:45.196root 11241100x8000000000000000420041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.477fae5fc65a2ff92021-12-21 10:45:45.196root 11241100x8000000000000000420042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc75321817335f102021-12-21 10:45:45.197root 11241100x8000000000000000420043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f65e455653140bb22021-12-21 10:45:45.693root 11241100x8000000000000000420044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b5059729093a9432021-12-21 10:45:45.694root 11241100x8000000000000000420045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ff243e1e7068b632021-12-21 10:45:45.694root 11241100x8000000000000000420046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.568e36ea47e68d352021-12-21 10:45:45.694root 11241100x8000000000000000420047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59a807513a89c242021-12-21 10:45:45.694root 11241100x8000000000000000420048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a9d72d2cba5e332021-12-21 10:45:45.694root 11241100x8000000000000000420049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d169ecb8594f7bde2021-12-21 10:45:45.694root 11241100x8000000000000000420050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370cb2539619763a2021-12-21 10:45:45.694root 11241100x8000000000000000420051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dceb8ce52efc1f612021-12-21 10:45:45.694root 11241100x8000000000000000420052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7f7a2ae91e21662021-12-21 10:45:45.694root 11241100x8000000000000000420053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa68a7ebc183c392021-12-21 10:45:45.694root 11241100x8000000000000000420054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef6be53e6f9a2c22021-12-21 10:45:45.695root 11241100x8000000000000000420055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d8cf6a73d75a5d2021-12-21 10:45:45.695root 11241100x8000000000000000420056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8129721be6f0d5c42021-12-21 10:45:45.695root 11241100x8000000000000000420057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92bbb9c458e3738d2021-12-21 10:45:45.695root 11241100x8000000000000000420058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d3cc01dd2d9cf02021-12-21 10:45:45.695root 11241100x8000000000000000420059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e4626551e2c01952021-12-21 10:45:45.695root 11241100x8000000000000000420060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4810b44cc52c5442021-12-21 10:45:45.695root 11241100x8000000000000000420061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380a4a3332240d9e2021-12-21 10:45:45.695root 11241100x8000000000000000420062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b66aadabf137c272021-12-21 10:45:45.695root 11241100x8000000000000000420063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b721d925f413083f2021-12-21 10:45:45.695root 11241100x8000000000000000420064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf172701462a605a2021-12-21 10:45:45.695root 11241100x8000000000000000420065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9749714abbf098d92021-12-21 10:45:45.696root 11241100x8000000000000000420066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ac4a50a3ed8e902021-12-21 10:45:45.696root 11241100x8000000000000000420067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2c6d8040a7f6e272021-12-21 10:45:45.696root 11241100x8000000000000000420068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e36267e89df506c12021-12-21 10:45:45.696root 11241100x8000000000000000420069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c9e6514c1242c412021-12-21 10:45:45.696root 11241100x8000000000000000420070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a15f55b049b7ce92021-12-21 10:45:45.696root 11241100x8000000000000000420071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.564debd7b95b442d2021-12-21 10:45:45.696root 11241100x8000000000000000420072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.269ae3ee003fbfa92021-12-21 10:45:45.696root 11241100x8000000000000000420073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.454520d3c8c260042021-12-21 10:45:45.697root 11241100x8000000000000000420074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b6e40bfac8eb4e2021-12-21 10:45:45.697root 11241100x8000000000000000420075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.837a14479ed967ff2021-12-21 10:45:45.697root 11241100x8000000000000000420076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f105f3dcc139fe7f2021-12-21 10:45:45.697root 11241100x8000000000000000420077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:45.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58a4d44f9e4ca74e2021-12-21 10:45:45.697root 11241100x8000000000000000420078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4573d6f187ba77ee2021-12-21 10:45:46.193root 11241100x8000000000000000420079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cb38eb4b1b0c3c52021-12-21 10:45:46.193root 11241100x8000000000000000420080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b3a335659287262021-12-21 10:45:46.193root 11241100x8000000000000000420081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf81c24075aaa3942021-12-21 10:45:46.193root 11241100x8000000000000000420082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.745e0d17d7949d542021-12-21 10:45:46.193root 11241100x8000000000000000420083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dcdbb0fb7d624022021-12-21 10:45:46.193root 11241100x8000000000000000420084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6585331bdc54c7c72021-12-21 10:45:46.193root 11241100x8000000000000000420085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d10c690dd102e6f2021-12-21 10:45:46.193root 11241100x8000000000000000420086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d17a7b38bf269f7a2021-12-21 10:45:46.193root 11241100x8000000000000000420087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b7b21ba51702be2021-12-21 10:45:46.194root 11241100x8000000000000000420088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1620ee9fb05ff1df2021-12-21 10:45:46.194root 11241100x8000000000000000420089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df4372393f94d6722021-12-21 10:45:46.194root 11241100x8000000000000000420090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c73454788335d8f12021-12-21 10:45:46.194root 11241100x8000000000000000420091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf15e3db96ed1e2d2021-12-21 10:45:46.194root 11241100x8000000000000000420092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df2a52b01ad83dd42021-12-21 10:45:46.194root 11241100x8000000000000000420093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72aa89618874a3c82021-12-21 10:45:46.194root 11241100x8000000000000000420094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.301aa81925ec34682021-12-21 10:45:46.194root 11241100x8000000000000000420095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd06f639e38d43842021-12-21 10:45:46.194root 11241100x8000000000000000420096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6c5d97724506d0c2021-12-21 10:45:46.194root 11241100x8000000000000000420097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.070730d4f5b5561e2021-12-21 10:45:46.194root 11241100x8000000000000000420098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.716e18f3d74f69582021-12-21 10:45:46.195root 11241100x8000000000000000420099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.068685f5fc2ffc812021-12-21 10:45:46.195root 11241100x8000000000000000420100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23222afdf11950302021-12-21 10:45:46.195root 11241100x8000000000000000420101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c88fd992d94cdcd2021-12-21 10:45:46.195root 11241100x8000000000000000420102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab33a7dab04a5a72021-12-21 10:45:46.195root 11241100x8000000000000000420103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccfc683db54077502021-12-21 10:45:46.195root 11241100x8000000000000000420104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.271d571433a6ddac2021-12-21 10:45:46.195root 11241100x8000000000000000420105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60567f62a965d33c2021-12-21 10:45:46.195root 11241100x8000000000000000420106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d001f355fa126c42021-12-21 10:45:46.195root 11241100x8000000000000000420107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13a4b3ce6dc442302021-12-21 10:45:46.196root 11241100x8000000000000000420108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89c7a21e3ba716672021-12-21 10:45:46.196root 11241100x8000000000000000420109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b71c5b49833526b2021-12-21 10:45:46.196root 11241100x8000000000000000420110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.256c4bcd5083562b2021-12-21 10:45:46.196root 11241100x8000000000000000420111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a71855f45d9c3e182021-12-21 10:45:46.196root 11241100x8000000000000000420112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0362a0573caba3f62021-12-21 10:45:46.196root 11241100x8000000000000000420113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.530c2f774cbc2f382021-12-21 10:45:46.196root 11241100x8000000000000000420114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e7550bb08a4c8442021-12-21 10:45:46.196root 11241100x8000000000000000420115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d84a60b60e056a9c2021-12-21 10:45:46.196root 11241100x8000000000000000420116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f219f171ebd1432021-12-21 10:45:46.196root 11241100x8000000000000000420117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a76781115e1f7fe2021-12-21 10:45:46.197root 11241100x8000000000000000420118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a56891a15510dda2021-12-21 10:45:46.197root 154100x8000000000000000420119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.561{ec2b6afe-b05a-61c1-303c-7b0000000000}9769/usr/bin/python3.6-----/usr/bin/python3 /usr/lib/command-not-found -- NOPASSWD:/home/ubuntuubuntu{ec2b6afe-aacb-61c1-e803-000000000000}10006no level-{00000000-0000-0000-0000-000000000000}9768--- 11241100x8000000000000000420120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.563{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84471f9c36cfe85d2021-12-21 10:45:46.563root 11241100x8000000000000000420121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.563{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e400ac60ebad3dc2021-12-21 10:45:46.563root 11241100x8000000000000000420122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.563{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a61492d300c01a42021-12-21 10:45:46.563root 11241100x8000000000000000420123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.563{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a61752f4d89129542021-12-21 10:45:46.563root 11241100x8000000000000000420124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.564{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec203977ca4f43202021-12-21 10:45:46.564root 11241100x8000000000000000420125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.564{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7dec6e0ea27f2612021-12-21 10:45:46.564root 11241100x8000000000000000420126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.564{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fdb635255bc4bd32021-12-21 10:45:46.564root 11241100x8000000000000000420127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.564{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5051d29ccfc7b1782021-12-21 10:45:46.564root 11241100x8000000000000000420128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.564{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c56c8f8e6bbda502021-12-21 10:45:46.564root 11241100x8000000000000000420129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.564{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3abe5df050cf646c2021-12-21 10:45:46.564root 11241100x8000000000000000420130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.564{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c2953b99c8b2a9c2021-12-21 10:45:46.564root 11241100x8000000000000000420131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.564{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17713996db61025a2021-12-21 10:45:46.564root 11241100x8000000000000000420132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.564{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29bf1a230fd80e5e2021-12-21 10:45:46.564root 11241100x8000000000000000420133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.565{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d92d553c43dbb6d92021-12-21 10:45:46.565root 11241100x8000000000000000420134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.565{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02531ba30dcf33142021-12-21 10:45:46.565root 11241100x8000000000000000420135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.565{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49b5d031f6cb4bd92021-12-21 10:45:46.565root 11241100x8000000000000000420136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.565{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2ef62ea80b6d472021-12-21 10:45:46.565root 11241100x8000000000000000420137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.565{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380b67ea77e584022021-12-21 10:45:46.565root 11241100x8000000000000000420138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.566{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0450666e460b55682021-12-21 10:45:46.566root 11241100x8000000000000000420139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.566{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2274fb2bc07322092021-12-21 10:45:46.566root 11241100x8000000000000000420140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.566{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff6fe2a4e9b7001a2021-12-21 10:45:46.566root 11241100x8000000000000000420141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.566{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.283f180c058c02ea2021-12-21 10:45:46.566root 11241100x8000000000000000420142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.567{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31512fb53e56ce232021-12-21 10:45:46.567root 11241100x8000000000000000420143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.567{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1537385e5dd96db2021-12-21 10:45:46.567root 11241100x8000000000000000420144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.567{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d9af62ee9ce75ad2021-12-21 10:45:46.567root 11241100x8000000000000000420145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.568{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd7db4251bf23a2d2021-12-21 10:45:46.568root 11241100x8000000000000000420146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.568{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46291be435e392e72021-12-21 10:45:46.568root 11241100x8000000000000000420147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.568{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a015d497030271702021-12-21 10:45:46.568root 11241100x8000000000000000420148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.568{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52d6c779e28610b12021-12-21 10:45:46.568root 11241100x8000000000000000420149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.569{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f17459429f311b2021-12-21 10:45:46.569root 11241100x8000000000000000420150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.569{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a390ab6fc104b68f2021-12-21 10:45:46.569root 11241100x8000000000000000420151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.569{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60aa98c6050b29fd2021-12-21 10:45:46.569root 11241100x8000000000000000420152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.569{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f7f5b589beefa4b2021-12-21 10:45:46.569root 11241100x8000000000000000420153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.570{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa881df3e75ce7d2021-12-21 10:45:46.570root 11241100x8000000000000000420154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.570{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df84e4a525f4c5142021-12-21 10:45:46.570root 11241100x8000000000000000420155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.570{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.708fd241ffa633b62021-12-21 10:45:46.570root 11241100x8000000000000000420156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.570{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b21dd2c864cc35232021-12-21 10:45:46.570root 11241100x8000000000000000420157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.570{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0db5bc291ae0f382021-12-21 10:45:46.570root 154100x8000000000000000420158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.629{ec2b6afe-b05a-61c1-1875-5f1bf5550000}9770/usr/bin/snap-----/usr/bin/snap advise-snap --format=json --command NOPASSWD:/home/ubuntuubuntu{ec2b6afe-aacb-61c1-e803-000000000000}10006no level-{ec2b6afe-b05a-61c1-303c-7b0000000000}9769/usr/bin/python3.6/usr/bin/python3ubuntu 534500x8000000000000000420159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.643{ec2b6afe-b05a-61c1-1875-5f1bf5550000}9770/usr/bin/snapubuntu 534500x8000000000000000420160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.643{ec2b6afe-b05a-61c1-1875-5f1bf5550000}9770/usr/bin/snapubuntu 534500x8000000000000000420161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.643{ec2b6afe-b05a-61c1-1875-5f1bf5550000}9770/usr/bin/snapubuntu 534500x8000000000000000420162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.643{ec2b6afe-b05a-61c1-1875-5f1bf5550000}9770/usr/bin/snapubuntu 534500x8000000000000000420163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.643{ec2b6afe-b05a-61c1-1875-5f1bf5550000}9770/usr/bin/snapubuntu 154100x8000000000000000420164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.629{ec2b6afe-b05a-61c1-a47c-4582a4550000}9770/snap/snapd/14066/usr/bin/snap-----/usr/bin/snap advise-snap --format=json --command NOPASSWD:/home/ubuntuubuntu{ec2b6afe-aacb-61c1-e803-000000000000}10006no level-{ec2b6afe-b05a-61c1-303c-7b0000000000}9769/usr/bin/python3.6/usr/bin/python3ubuntu 534500x8000000000000000420165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.662{ec2b6afe-b05a-61c1-a47c-4582a4550000}9770/snap/snapd/14066/usr/bin/snapubuntu 534500x8000000000000000420166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.662{ec2b6afe-b05a-61c1-a47c-4582a4550000}9770/snap/snapd/14066/usr/bin/snapubuntu 534500x8000000000000000420167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.662{ec2b6afe-b05a-61c1-a47c-4582a4550000}9770/snap/snapd/14066/usr/bin/snapubuntu 534500x8000000000000000420168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.662{ec2b6afe-b05a-61c1-a47c-4582a4550000}9770/snap/snapd/14066/usr/bin/snapubuntu 534500x8000000000000000420169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.662{ec2b6afe-b05a-61c1-a47c-4582a4550000}9770/snap/snapd/14066/usr/bin/snapubuntu 534500x8000000000000000420170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.662{ec2b6afe-b05a-61c1-a47c-4582a4550000}9770/snap/snapd/14066/usr/bin/snapubuntu 534500x8000000000000000420171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.662{ec2b6afe-b05a-61c1-a47c-4582a4550000}9770/snap/snapd/14066/usr/bin/snapubuntu 534500x8000000000000000420172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.662{ec2b6afe-b05a-61c1-a47c-4582a4550000}9770/snap/snapd/14066/usr/bin/snapubuntu 534500x8000000000000000420173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.664{ec2b6afe-b05a-61c1-a47c-4582a4550000}9770/snap/snapd/14066/usr/bin/snapubuntu 534500x8000000000000000420174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.700{ec2b6afe-b05a-61c1-303c-7b0000000000}9769/usr/bin/python3.6ubuntu 534500x8000000000000000420175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.701{00000000-0000-0000-0000-000000000000}9768<unknown process>ubuntu 11241100x8000000000000000420176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc534b94339327e42021-12-21 10:45:46.943root 11241100x8000000000000000420177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e55692969f25072021-12-21 10:45:46.943root 11241100x8000000000000000420178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e69a174bdda4552021-12-21 10:45:46.943root 11241100x8000000000000000420179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0539799010eb076e2021-12-21 10:45:46.943root 11241100x8000000000000000420180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a530c32d3bbb57442021-12-21 10:45:46.943root 11241100x8000000000000000420181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba906baaa9e450bb2021-12-21 10:45:46.944root 11241100x8000000000000000420182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3cd4e01847e88142021-12-21 10:45:46.944root 11241100x8000000000000000420183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1546af065426a9412021-12-21 10:45:46.944root 11241100x8000000000000000420184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d205edc449defa2021-12-21 10:45:46.944root 11241100x8000000000000000420185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f5e0db22db17a192021-12-21 10:45:46.944root 11241100x8000000000000000420186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a765c04d4bba98b32021-12-21 10:45:46.944root 11241100x8000000000000000420187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5273d33807f478ca2021-12-21 10:45:46.944root 11241100x8000000000000000420188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d172d65a9a9f0b252021-12-21 10:45:46.945root 11241100x8000000000000000420189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ecb6f45a1d96cb22021-12-21 10:45:46.945root 11241100x8000000000000000420190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab99f57d0e5bd3a2021-12-21 10:45:46.945root 11241100x8000000000000000420191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa9b8974bfef46e82021-12-21 10:45:46.945root 11241100x8000000000000000420192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd4da3e13c90a80c2021-12-21 10:45:46.945root 11241100x8000000000000000420193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6461f4219b3debc72021-12-21 10:45:46.945root 11241100x8000000000000000420194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ee2d18b60b18eb22021-12-21 10:45:46.945root 11241100x8000000000000000420195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.215f3e31caa2d48b2021-12-21 10:45:46.946root 11241100x8000000000000000420196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d90c34485f3b0cc2021-12-21 10:45:46.946root 11241100x8000000000000000420197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc3906a6af87c352021-12-21 10:45:46.946root 11241100x8000000000000000420198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4094a1a6886e4d2021-12-21 10:45:46.946root 11241100x8000000000000000420199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b686a8f55c5f0502021-12-21 10:45:46.946root 11241100x8000000000000000420200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.855cabc67eddd0372021-12-21 10:45:46.946root 11241100x8000000000000000420201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c6bcd4863362392021-12-21 10:45:46.946root 11241100x8000000000000000420202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc32345eaa3eaca2021-12-21 10:45:46.946root 11241100x8000000000000000420203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aba3514ed9c4c222021-12-21 10:45:46.946root 11241100x8000000000000000420204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536d2512d0ea8d2c2021-12-21 10:45:46.946root 11241100x8000000000000000420205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7bd66056de2368a2021-12-21 10:45:46.946root 11241100x8000000000000000420206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2abc522155d7f10c2021-12-21 10:45:46.946root 11241100x8000000000000000420207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c76f70cb76961c2021-12-21 10:45:46.946root 11241100x8000000000000000420208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28485133475be5c02021-12-21 10:45:46.946root 11241100x8000000000000000420209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ffcbaf5873456042021-12-21 10:45:46.946root 11241100x8000000000000000420210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a902ebc8532aad42021-12-21 10:45:46.947root 11241100x8000000000000000420211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3f02312e9c07a32021-12-21 10:45:46.947root 11241100x8000000000000000420212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31931c5baf00604e2021-12-21 10:45:46.947root 11241100x8000000000000000420213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b0cd119207954022021-12-21 10:45:46.947root 11241100x8000000000000000420214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf9f2b192a9aec3f2021-12-21 10:45:46.947root 11241100x8000000000000000420215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.800a174398626c862021-12-21 10:45:46.947root 11241100x8000000000000000420216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab27e40acd4d0ef62021-12-21 10:45:46.947root 11241100x8000000000000000420217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2820484c7c62c0f2021-12-21 10:45:46.947root 11241100x8000000000000000420218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bebe37864980ca72021-12-21 10:45:46.948root 11241100x8000000000000000420219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d62f4f188c654ff22021-12-21 10:45:46.948root 11241100x8000000000000000420220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.988c7f36f36d5a0d2021-12-21 10:45:46.948root 11241100x8000000000000000420221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b592e06146470fdb2021-12-21 10:45:46.948root 11241100x8000000000000000420222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea7189e398f464f2021-12-21 10:45:46.948root 11241100x8000000000000000420223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c11d55ae1bbeb2a32021-12-21 10:45:46.948root 11241100x8000000000000000420224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a5400d420bad99a2021-12-21 10:45:46.948root 11241100x8000000000000000420225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2289e5bdc28d38212021-12-21 10:45:46.948root 11241100x8000000000000000420226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1776f2116207f442021-12-21 10:45:46.948root 11241100x8000000000000000420227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f1a73fa61b3360e2021-12-21 10:45:46.948root 11241100x8000000000000000420228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d050cdaec784042021-12-21 10:45:46.948root 11241100x8000000000000000420229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377aed98dfb1521e2021-12-21 10:45:46.948root 11241100x8000000000000000420230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b63a2746d5f031f2021-12-21 10:45:46.948root 11241100x8000000000000000420231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e8529f00df1f0482021-12-21 10:45:46.948root 11241100x8000000000000000420232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc14a19705553ce02021-12-21 10:45:46.948root 11241100x8000000000000000420233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d360777dcb654952021-12-21 10:45:46.949root 11241100x8000000000000000420234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900a38f59fee1c8f2021-12-21 10:45:46.949root 11241100x8000000000000000420235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc12dec3f7bcad72021-12-21 10:45:46.949root 11241100x8000000000000000420236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae818496300b178d2021-12-21 10:45:46.949root 11241100x8000000000000000420237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba49cdd7af18a67e2021-12-21 10:45:46.949root 11241100x8000000000000000420238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833d2bfecc2dddcf2021-12-21 10:45:46.949root 11241100x8000000000000000420239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc51cd1e3c5507e2021-12-21 10:45:46.949root 11241100x8000000000000000420240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f27e2eff4e5a692021-12-21 10:45:46.949root 11241100x8000000000000000420241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.394850ae3e89c5462021-12-21 10:45:46.949root 11241100x8000000000000000420242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600f97176b090b622021-12-21 10:45:46.949root 11241100x8000000000000000420243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.255615d40fd314762021-12-21 10:45:46.949root 11241100x8000000000000000420244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e56590e03ac8624c2021-12-21 10:45:46.949root 11241100x8000000000000000420245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f6b42bdacda1692021-12-21 10:45:46.949root 11241100x8000000000000000420246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc90414ae6858ca12021-12-21 10:45:46.950root 11241100x8000000000000000420247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2426fc979fcf83d2021-12-21 10:45:46.950root 11241100x8000000000000000420248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44bc6f9dfd52ec5d2021-12-21 10:45:46.950root 11241100x8000000000000000420249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77702a89c88f1cfa2021-12-21 10:45:46.950root 11241100x8000000000000000420250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93947a6112772d6b2021-12-21 10:45:46.950root 11241100x8000000000000000420251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9427e2b0a98907502021-12-21 10:45:46.950root 11241100x8000000000000000420252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9301dcc8d891bda22021-12-21 10:45:46.950root 11241100x8000000000000000420253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32e9edf4ed1931852021-12-21 10:45:46.950root 11241100x8000000000000000420254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c497f5110e6f772021-12-21 10:45:46.950root 11241100x8000000000000000420255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f2e728afcdea8fe2021-12-21 10:45:46.950root 11241100x8000000000000000420256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d72c51c3c4775b2021-12-21 10:45:46.950root 11241100x8000000000000000420257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5191066bcd884ba32021-12-21 10:45:46.950root 11241100x8000000000000000420258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c09880b1f0bd3952021-12-21 10:45:46.950root 11241100x8000000000000000420259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97609c4185f0dbe12021-12-21 10:45:46.950root 11241100x8000000000000000420260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4550669260ba9ef42021-12-21 10:45:46.951root 11241100x8000000000000000420261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f09f0d69848eb892021-12-21 10:45:46.951root 11241100x8000000000000000420262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed02cf2e2f76c862021-12-21 10:45:46.951root 11241100x8000000000000000420263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a3a9c4a3dfebfd2021-12-21 10:45:46.951root 11241100x8000000000000000420264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdabe1478d5649252021-12-21 10:45:46.951root 11241100x8000000000000000420265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61613b1ed7910f052021-12-21 10:45:46.951root 11241100x8000000000000000420266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9bd8959e3a5c7132021-12-21 10:45:46.951root 11241100x8000000000000000420267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd6401b6d1121df12021-12-21 10:45:46.951root 11241100x8000000000000000420268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.915afdbd3ceebba52021-12-21 10:45:46.951root 11241100x8000000000000000420269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.224e0cc09efad6b92021-12-21 10:45:46.952root 11241100x8000000000000000420270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3caacd0f6f67b9e82021-12-21 10:45:46.952root 11241100x8000000000000000420271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:46.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0a30aa723e2e1832021-12-21 10:45:46.952root 11241100x8000000000000000420272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fa4d91e6ff16d342021-12-21 10:45:47.443root 11241100x8000000000000000420273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6367d797a7d38e132021-12-21 10:45:47.443root 11241100x8000000000000000420274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89fb1d19689bc6b12021-12-21 10:45:47.443root 11241100x8000000000000000420275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4614e54495aa402e2021-12-21 10:45:47.444root 11241100x8000000000000000420276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa849243626f1f92021-12-21 10:45:47.444root 11241100x8000000000000000420277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c75ed74852cce7372021-12-21 10:45:47.444root 11241100x8000000000000000420278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a58c7699b1e2dc82021-12-21 10:45:47.444root 11241100x8000000000000000420279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df963bd98df330672021-12-21 10:45:47.444root 11241100x8000000000000000420280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2301bd51d71dc7e2021-12-21 10:45:47.444root 11241100x8000000000000000420281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1060d6e1fa24cf02021-12-21 10:45:47.444root 11241100x8000000000000000420282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce8f7f262e1ee5402021-12-21 10:45:47.444root 11241100x8000000000000000420283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54512dae35319c832021-12-21 10:45:47.444root 11241100x8000000000000000420284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.627a31e350735c192021-12-21 10:45:47.444root 11241100x8000000000000000420285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.023c5ec65800b7862021-12-21 10:45:47.444root 11241100x8000000000000000420286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.908637b3a6e9ac252021-12-21 10:45:47.444root 11241100x8000000000000000420287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c895a2ca481892f82021-12-21 10:45:47.444root 11241100x8000000000000000420288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe0a4452bcfec8cd2021-12-21 10:45:47.444root 11241100x8000000000000000420289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b7813354ae66382021-12-21 10:45:47.445root 11241100x8000000000000000420290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c5233350b753c2d2021-12-21 10:45:47.445root 11241100x8000000000000000420291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8662a3aa0d7f01a02021-12-21 10:45:47.445root 11241100x8000000000000000420292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f4aa717932ee2372021-12-21 10:45:47.445root 11241100x8000000000000000420293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ae52a3e3b2b4642021-12-21 10:45:47.445root 11241100x8000000000000000420294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa4d63b74a03e7352021-12-21 10:45:47.445root 11241100x8000000000000000420295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.271fcf47b4db8e502021-12-21 10:45:47.445root 11241100x8000000000000000420296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae71d28d02666fe22021-12-21 10:45:47.445root 11241100x8000000000000000420297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.456aa674d4ec19272021-12-21 10:45:47.445root 11241100x8000000000000000420298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6051e58f5baf806c2021-12-21 10:45:47.445root 11241100x8000000000000000420299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.192d03057c455aaf2021-12-21 10:45:47.446root 11241100x8000000000000000420300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b9c9e6ee4946c032021-12-21 10:45:47.446root 11241100x8000000000000000420301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f3b1f129d33cbe42021-12-21 10:45:47.446root 11241100x8000000000000000420302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.771a2a4e43b86cb62021-12-21 10:45:47.446root 11241100x8000000000000000420303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88c8f0be1077990e2021-12-21 10:45:47.446root 11241100x8000000000000000420304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef1050ac7d0d24c22021-12-21 10:45:47.446root 11241100x8000000000000000420305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833ce3e15608884d2021-12-21 10:45:47.446root 11241100x8000000000000000420306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14c30a89b8160a502021-12-21 10:45:47.446root 11241100x8000000000000000420307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af34b84b8118f7422021-12-21 10:45:47.446root 11241100x8000000000000000420308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ae163891fa822f2021-12-21 10:45:47.446root 11241100x8000000000000000420309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68e9d8839d79cac72021-12-21 10:45:47.446root 11241100x8000000000000000420310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e9ac42e80be7b92021-12-21 10:45:47.446root 11241100x8000000000000000420311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9fb324241bcd63a2021-12-21 10:45:47.447root 11241100x8000000000000000420312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ede0117664c5592021-12-21 10:45:47.447root 11241100x8000000000000000420313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23402e17154a70032021-12-21 10:45:47.447root 11241100x8000000000000000420314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e4d82914f520f82021-12-21 10:45:47.447root 11241100x8000000000000000420315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db3282f5204a35e92021-12-21 10:45:47.447root 11241100x8000000000000000420316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.963c0c0d918009f52021-12-21 10:45:47.447root 11241100x8000000000000000420317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1320353a664bfd2021-12-21 10:45:47.447root 11241100x8000000000000000420318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d0f23a3676c87d92021-12-21 10:45:47.447root 11241100x8000000000000000420319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee5fc33fa72aab42021-12-21 10:45:47.447root 11241100x8000000000000000420320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82075e63be6dee202021-12-21 10:45:47.447root 11241100x8000000000000000420321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f17ab45db894b422021-12-21 10:45:47.447root 11241100x8000000000000000420322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581e70bdb7aa2f482021-12-21 10:45:47.448root 11241100x8000000000000000420323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dfea570132caf972021-12-21 10:45:47.448root 11241100x8000000000000000420324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ffd9625685ac312021-12-21 10:45:47.448root 11241100x8000000000000000420325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.357722b413ce5eea2021-12-21 10:45:47.448root 11241100x8000000000000000420326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e20cba9b9d634ec02021-12-21 10:45:47.448root 11241100x8000000000000000420327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92cf7edb548399622021-12-21 10:45:47.448root 11241100x8000000000000000420328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3eab8096f3a15bf2021-12-21 10:45:47.448root 11241100x8000000000000000420329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d45f16e3756b217d2021-12-21 10:45:47.449root 11241100x8000000000000000420330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20f67f9053a0122e2021-12-21 10:45:47.449root 11241100x8000000000000000420331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80660f5bbe7f1a242021-12-21 10:45:47.449root 11241100x8000000000000000420332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.488a11e5514fb32b2021-12-21 10:45:47.449root 11241100x8000000000000000420333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fcf634c0e3a98c22021-12-21 10:45:47.449root 11241100x8000000000000000420334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e0bb7dd214cf8102021-12-21 10:45:47.449root 11241100x8000000000000000420335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5aa374f1389e1912021-12-21 10:45:47.449root 11241100x8000000000000000420336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.543b7031faff81d62021-12-21 10:45:47.449root 11241100x8000000000000000420337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bb68684fe6bdca72021-12-21 10:45:47.449root 11241100x8000000000000000420338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17041ee98ce3d1892021-12-21 10:45:47.449root 11241100x8000000000000000420339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b77249981e8a762021-12-21 10:45:47.449root 11241100x8000000000000000420340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3dca2b91d8c1792021-12-21 10:45:47.943root 11241100x8000000000000000420341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.835f273ae618065c2021-12-21 10:45:47.943root 11241100x8000000000000000420342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c2f002ade2f92a2021-12-21 10:45:47.943root 11241100x8000000000000000420343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3059fde5068bc91e2021-12-21 10:45:47.943root 11241100x8000000000000000420344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba205ed974d3226e2021-12-21 10:45:47.944root 11241100x8000000000000000420345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f66f2be392ae729a2021-12-21 10:45:47.944root 11241100x8000000000000000420346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.994933a011ec4a6a2021-12-21 10:45:47.944root 11241100x8000000000000000420347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.735930530d0c9d482021-12-21 10:45:47.944root 11241100x8000000000000000420348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d14568701263372021-12-21 10:45:47.944root 11241100x8000000000000000420349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a6100c2e8c41d422021-12-21 10:45:47.944root 11241100x8000000000000000420350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f77a92fdb640476b2021-12-21 10:45:47.944root 11241100x8000000000000000420351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a9c0628bf5f18662021-12-21 10:45:47.944root 11241100x8000000000000000420352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53083eb174d16f172021-12-21 10:45:47.944root 11241100x8000000000000000420353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37f2ae111cd00ba2021-12-21 10:45:47.944root 11241100x8000000000000000420354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f98e4cff6e3d5fb2021-12-21 10:45:47.944root 11241100x8000000000000000420355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6bcc50d2f7e4f22021-12-21 10:45:47.944root 11241100x8000000000000000420356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d2aa1e2c5aa94f42021-12-21 10:45:47.944root 11241100x8000000000000000420357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8426c06e0bedd43c2021-12-21 10:45:47.945root 11241100x8000000000000000420358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ffe368bf4adb7e2021-12-21 10:45:47.945root 11241100x8000000000000000420359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4526fc5022168d52021-12-21 10:45:47.945root 11241100x8000000000000000420360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.333392c286df0d612021-12-21 10:45:47.945root 11241100x8000000000000000420361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f25a5d3e445804f2021-12-21 10:45:47.945root 11241100x8000000000000000420362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4695c2ce13a5872021-12-21 10:45:47.946root 11241100x8000000000000000420363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b56a1961debcf672021-12-21 10:45:47.946root 11241100x8000000000000000420364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c9043b267f5f7e42021-12-21 10:45:47.946root 11241100x8000000000000000420365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f1b630b699ead152021-12-21 10:45:47.946root 11241100x8000000000000000420366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b62945a9e860f202021-12-21 10:45:47.946root 11241100x8000000000000000420367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd8d817c206283d22021-12-21 10:45:47.946root 11241100x8000000000000000420368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94dd2acd8dd394562021-12-21 10:45:47.946root 11241100x8000000000000000420369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7263693431bf59e92021-12-21 10:45:47.946root 11241100x8000000000000000420370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c55acd170ef146e52021-12-21 10:45:47.946root 11241100x8000000000000000420371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d0188b30adbf44b2021-12-21 10:45:47.947root 11241100x8000000000000000420372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a119a0b60b2930b2021-12-21 10:45:47.947root 11241100x8000000000000000420373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b0f7b3686c29c5f2021-12-21 10:45:47.947root 11241100x8000000000000000420374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b62deaf275467b1d2021-12-21 10:45:47.947root 11241100x8000000000000000420375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24fef7fe7309c76e2021-12-21 10:45:47.947root 11241100x8000000000000000420376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf6971542be0d032021-12-21 10:45:47.947root 11241100x8000000000000000420377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4df427d95121f72021-12-21 10:45:47.947root 11241100x8000000000000000420378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15117a281508274f2021-12-21 10:45:47.947root 11241100x8000000000000000420379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.389e644a3e3314822021-12-21 10:45:47.947root 11241100x8000000000000000420380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d2ccee83f224e912021-12-21 10:45:47.947root 11241100x8000000000000000420381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c7213a3e19e9c7f2021-12-21 10:45:47.948root 11241100x8000000000000000420382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af2359051d24aa552021-12-21 10:45:47.948root 11241100x8000000000000000420383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e0ba9f74b7a5db2021-12-21 10:45:47.948root 11241100x8000000000000000420384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f013427ceb70a162021-12-21 10:45:47.948root 11241100x8000000000000000420385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17514b19fed3460e2021-12-21 10:45:47.948root 11241100x8000000000000000420386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e23b93339df1b9e2021-12-21 10:45:47.948root 11241100x8000000000000000420387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c5a9c982d78a5962021-12-21 10:45:47.948root 11241100x8000000000000000420388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c969cf5ef25d4f2021-12-21 10:45:47.948root 11241100x8000000000000000420389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b712ff4ad839132021-12-21 10:45:47.948root 11241100x8000000000000000420390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6ca611905650b282021-12-21 10:45:47.948root 11241100x8000000000000000420391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2886ea7cb386123a2021-12-21 10:45:47.948root 11241100x8000000000000000420392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fb6d38a388c656e2021-12-21 10:45:47.949root 11241100x8000000000000000420393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f981e03a7586b352021-12-21 10:45:47.949root 11241100x8000000000000000420394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce085a39c0379092021-12-21 10:45:47.949root 11241100x8000000000000000420395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7ae35e3e5ec63722021-12-21 10:45:47.949root 11241100x8000000000000000420396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca0fd42bd4e123bf2021-12-21 10:45:47.949root 11241100x8000000000000000420397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf83e9fb9344d6352021-12-21 10:45:47.949root 11241100x8000000000000000420398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a2ce0199cec51d2021-12-21 10:45:47.949root 11241100x8000000000000000420399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:47.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.623c7aa86fd810632021-12-21 10:45:47.950root 354300x8000000000000000420400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.128{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47564-false10.0.1.12-8000- 11241100x8000000000000000420401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2bd0487c127c73f2021-12-21 10:45:48.443root 11241100x8000000000000000420402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b186e03b55f20c192021-12-21 10:45:48.443root 11241100x8000000000000000420403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1bd81ed58fae7ed2021-12-21 10:45:48.443root 11241100x8000000000000000420404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b9ce44f03e1e7f2021-12-21 10:45:48.443root 11241100x8000000000000000420405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.204c2d6352ba9df12021-12-21 10:45:48.443root 11241100x8000000000000000420406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c94bb110748f372021-12-21 10:45:48.444root 11241100x8000000000000000420407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af5d1aec455f7a8b2021-12-21 10:45:48.444root 11241100x8000000000000000420408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bccd8744def140432021-12-21 10:45:48.444root 11241100x8000000000000000420409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9acc7bd306e40a2021-12-21 10:45:48.444root 11241100x8000000000000000420410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.099dafa8bdebfc5c2021-12-21 10:45:48.444root 11241100x8000000000000000420411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e9ab0a64fb07102021-12-21 10:45:48.444root 11241100x8000000000000000420412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.976d32d50ef11da82021-12-21 10:45:48.444root 11241100x8000000000000000420413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ad163e3927a7712021-12-21 10:45:48.444root 11241100x8000000000000000420414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f582ed366d2610d12021-12-21 10:45:48.444root 11241100x8000000000000000420415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f8a0d701bc76cf52021-12-21 10:45:48.444root 11241100x8000000000000000420416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18fbe5e2bf3379e72021-12-21 10:45:48.444root 11241100x8000000000000000420417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.662ed29014252d392021-12-21 10:45:48.444root 11241100x8000000000000000420418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9328c5949723d33d2021-12-21 10:45:48.445root 11241100x8000000000000000420419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07029abd105b97ea2021-12-21 10:45:48.445root 11241100x8000000000000000420420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98085ff87049b3c32021-12-21 10:45:48.445root 11241100x8000000000000000420421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7cf5d861626a8eb2021-12-21 10:45:48.445root 11241100x8000000000000000420422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a38859c927835eac2021-12-21 10:45:48.445root 11241100x8000000000000000420423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df3428be0306d9d62021-12-21 10:45:48.445root 11241100x8000000000000000420424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b180a1cecbce16112021-12-21 10:45:48.445root 11241100x8000000000000000420425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98823c270af0e2da2021-12-21 10:45:48.445root 11241100x8000000000000000420426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3a61c062d4af05f2021-12-21 10:45:48.445root 11241100x8000000000000000420427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc8dfafdf50babe82021-12-21 10:45:48.445root 11241100x8000000000000000420428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07916247842c190a2021-12-21 10:45:48.445root 11241100x8000000000000000420429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.938eff2bd3f0a61d2021-12-21 10:45:48.446root 11241100x8000000000000000420430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d525adb935093d4f2021-12-21 10:45:48.446root 11241100x8000000000000000420431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b3aaebc08716822021-12-21 10:45:48.446root 11241100x8000000000000000420432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3ae2ea03ce0ae672021-12-21 10:45:48.446root 11241100x8000000000000000420433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc657f8864ee794a2021-12-21 10:45:48.447root 11241100x8000000000000000420434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e47a542f89d6fb232021-12-21 10:45:48.447root 11241100x8000000000000000420435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.141d0fcbefa6bb272021-12-21 10:45:48.447root 11241100x8000000000000000420436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6437c85d9df86bfb2021-12-21 10:45:48.447root 11241100x8000000000000000420437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0996d6ab0f0f31372021-12-21 10:45:48.447root 11241100x8000000000000000420438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e09300df5e70f82021-12-21 10:45:48.447root 11241100x8000000000000000420439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.132bce57ebe8391c2021-12-21 10:45:48.447root 11241100x8000000000000000420440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b1bb5f259089972021-12-21 10:45:48.447root 11241100x8000000000000000420441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e734de3617be94252021-12-21 10:45:48.448root 11241100x8000000000000000420442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48721e6ba41661ef2021-12-21 10:45:48.448root 11241100x8000000000000000420443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b174a22ae69c33692021-12-21 10:45:48.448root 11241100x8000000000000000420444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcdf02b65d40d5692021-12-21 10:45:48.448root 11241100x8000000000000000420445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.407bc9a3b22924532021-12-21 10:45:48.448root 11241100x8000000000000000420446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed8430eeb0397b6b2021-12-21 10:45:48.449root 11241100x8000000000000000420447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ffe5f766210c30c2021-12-21 10:45:48.449root 11241100x8000000000000000420448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd2792fcacb05832021-12-21 10:45:48.449root 11241100x8000000000000000420449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed964c7acf736cac2021-12-21 10:45:48.449root 11241100x8000000000000000420450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94afb2df06a1acb52021-12-21 10:45:48.449root 11241100x8000000000000000420451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f1110b7ba9a70ab2021-12-21 10:45:48.449root 11241100x8000000000000000420452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88c10bbcfd33cfd82021-12-21 10:45:48.450root 11241100x8000000000000000420453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d070a00d99d89a2021-12-21 10:45:48.450root 11241100x8000000000000000420454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73fe08bfc6fe36462021-12-21 10:45:48.450root 11241100x8000000000000000420455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56ccd9a305020fba2021-12-21 10:45:48.450root 11241100x8000000000000000420456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d46e2c8c28593ad72021-12-21 10:45:48.450root 11241100x8000000000000000420457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242514401cf5cf452021-12-21 10:45:48.450root 11241100x8000000000000000420458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6d16198274b7aa32021-12-21 10:45:48.450root 11241100x8000000000000000420459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d4cb4438f88cf92021-12-21 10:45:48.450root 11241100x8000000000000000420460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a97f22052f183642021-12-21 10:45:48.450root 11241100x8000000000000000420461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b64748681320a9e2021-12-21 10:45:48.451root 11241100x8000000000000000420462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e758fe40ead85f2021-12-21 10:45:48.451root 11241100x8000000000000000420463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71951b422aeac0c12021-12-21 10:45:48.451root 11241100x8000000000000000420464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d87b1bc59775cf52021-12-21 10:45:48.451root 11241100x8000000000000000420465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d8274f8357b42992021-12-21 10:45:48.451root 11241100x8000000000000000420466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d8812abaa4a3d432021-12-21 10:45:48.452root 11241100x8000000000000000420467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caef3e3421a149522021-12-21 10:45:48.452root 11241100x8000000000000000420468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72f026df61d116422021-12-21 10:45:48.452root 11241100x8000000000000000420469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c910b71539eb4e2021-12-21 10:45:48.452root 11241100x8000000000000000420470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54488e9c04371f802021-12-21 10:45:48.452root 11241100x8000000000000000420471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d747641bc2de2092021-12-21 10:45:48.452root 11241100x8000000000000000420472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.504922eab940a38b2021-12-21 10:45:48.452root 11241100x8000000000000000420473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aceba85d41aed6932021-12-21 10:45:48.453root 11241100x8000000000000000420474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad2b59160bcd18b2021-12-21 10:45:48.453root 11241100x8000000000000000420475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deb7982edc540b292021-12-21 10:45:48.453root 11241100x8000000000000000420476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e5b95d42adffc352021-12-21 10:45:48.453root 11241100x8000000000000000420477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36bfca25270e2c5e2021-12-21 10:45:48.454root 11241100x8000000000000000420478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4352c9d9b19b12b72021-12-21 10:45:48.454root 11241100x8000000000000000420479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2923218c2845ec7e2021-12-21 10:45:48.454root 11241100x8000000000000000420480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b852bbdfdf977d2021-12-21 10:45:48.454root 11241100x8000000000000000420481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19d0a627826e35c12021-12-21 10:45:48.454root 11241100x8000000000000000420482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f874e5df8b05a0f72021-12-21 10:45:48.455root 11241100x8000000000000000420483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8642275cd0adbcc2021-12-21 10:45:48.455root 11241100x8000000000000000420484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4abd8339bca0a102021-12-21 10:45:48.455root 11241100x8000000000000000420485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6477c0efd87f39562021-12-21 10:45:48.455root 11241100x8000000000000000420486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fead84b933ef12b2021-12-21 10:45:48.455root 11241100x8000000000000000420487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8644c6e69f5eb752021-12-21 10:45:48.943root 11241100x8000000000000000420488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d28d0fadce08342021-12-21 10:45:48.943root 11241100x8000000000000000420489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f73b182af5a05fbc2021-12-21 10:45:48.943root 11241100x8000000000000000420490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c4f7747ab0f96f2021-12-21 10:45:48.943root 11241100x8000000000000000420491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa830bcddd9d4a1e2021-12-21 10:45:48.944root 11241100x8000000000000000420492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.205059098af3d4442021-12-21 10:45:48.944root 11241100x8000000000000000420493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9970cf5000023e362021-12-21 10:45:48.944root 11241100x8000000000000000420494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af44f0e630717c2b2021-12-21 10:45:48.944root 11241100x8000000000000000420495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1653fd4f3eed571a2021-12-21 10:45:48.944root 11241100x8000000000000000420496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d7535db1322a8b92021-12-21 10:45:48.944root 11241100x8000000000000000420497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a79fb0f7cf8b51322021-12-21 10:45:48.944root 11241100x8000000000000000420498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.948c7fa7e1ceeffe2021-12-21 10:45:48.944root 11241100x8000000000000000420499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14cb3b4272a51b732021-12-21 10:45:48.944root 11241100x8000000000000000420500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e73beb720cf50a2021-12-21 10:45:48.944root 11241100x8000000000000000420501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d51a1b14019973ca2021-12-21 10:45:48.944root 11241100x8000000000000000420502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2220a00b0baf26252021-12-21 10:45:48.944root 11241100x8000000000000000420503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10ee63e8b95720bd2021-12-21 10:45:48.944root 11241100x8000000000000000420504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7721fee0288d70e52021-12-21 10:45:48.944root 11241100x8000000000000000420505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49eb168a5135e9f62021-12-21 10:45:48.944root 11241100x8000000000000000420506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8deb469a10b1257e2021-12-21 10:45:48.944root 11241100x8000000000000000420507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.633361bea6f9b58e2021-12-21 10:45:48.945root 11241100x8000000000000000420508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4361a0c770d67c52021-12-21 10:45:48.945root 11241100x8000000000000000420509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cbfba0cd4d892532021-12-21 10:45:48.945root 11241100x8000000000000000420510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e33c93ecd196645a2021-12-21 10:45:48.945root 11241100x8000000000000000420511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92865aca5d36dc612021-12-21 10:45:48.945root 11241100x8000000000000000420512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d79789dbecacb17d2021-12-21 10:45:48.945root 11241100x8000000000000000420513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f482130193b2f1ff2021-12-21 10:45:48.945root 11241100x8000000000000000420514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6967137c0b911b4c2021-12-21 10:45:48.945root 11241100x8000000000000000420515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e39dc91fbbcfac782021-12-21 10:45:48.945root 11241100x8000000000000000420516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05eaf7d984211ec52021-12-21 10:45:48.945root 11241100x8000000000000000420517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c1b04321d95acd2021-12-21 10:45:48.945root 11241100x8000000000000000420518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0557d6c965467bc32021-12-21 10:45:48.945root 11241100x8000000000000000420519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4761609f8fe7f59b2021-12-21 10:45:48.945root 11241100x8000000000000000420520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa371d48ae190812021-12-21 10:45:48.945root 11241100x8000000000000000420521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c039cad1af4153fd2021-12-21 10:45:48.945root 11241100x8000000000000000420522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.540d3b3a9563f5f42021-12-21 10:45:48.946root 11241100x8000000000000000420523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43373cdec762531f2021-12-21 10:45:48.946root 11241100x8000000000000000420524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fde150973828a9e2021-12-21 10:45:48.946root 11241100x8000000000000000420525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee4398c4683b5662021-12-21 10:45:48.946root 11241100x8000000000000000420526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af6b3ca1aa43795a2021-12-21 10:45:48.946root 11241100x8000000000000000420527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15358b7e48c424502021-12-21 10:45:48.947root 11241100x8000000000000000420528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f26160f7928627c12021-12-21 10:45:48.947root 11241100x8000000000000000420529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ae33e3c3cb4c072021-12-21 10:45:48.947root 11241100x8000000000000000420530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500b14aff0c0fe282021-12-21 10:45:48.947root 11241100x8000000000000000420531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.216b3488be1541db2021-12-21 10:45:48.947root 11241100x8000000000000000420532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d2b07f573b241ac2021-12-21 10:45:48.947root 11241100x8000000000000000420533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d1e25cc3db69c22021-12-21 10:45:48.947root 11241100x8000000000000000420534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04a58542351a816b2021-12-21 10:45:48.947root 11241100x8000000000000000420535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e03fad398f2b3c2021-12-21 10:45:48.947root 11241100x8000000000000000420536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9014fb5945f4b462021-12-21 10:45:48.947root 11241100x8000000000000000420537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f486c166e1903e62021-12-21 10:45:48.948root 11241100x8000000000000000420538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5033b44e1c0939f92021-12-21 10:45:48.948root 11241100x8000000000000000420539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.818e38992a216f4f2021-12-21 10:45:48.948root 11241100x8000000000000000420540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f325b2d13a1e6ec2021-12-21 10:45:48.948root 11241100x8000000000000000420541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a1349c2bdcd8722021-12-21 10:45:48.949root 11241100x8000000000000000420542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c30a3da2babc892021-12-21 10:45:48.949root 11241100x8000000000000000420543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.810b7c2134ce16e42021-12-21 10:45:48.949root 11241100x8000000000000000420544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8245a00d032f32172021-12-21 10:45:48.949root 11241100x8000000000000000420545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5cc340b95d3c46b2021-12-21 10:45:48.949root 11241100x8000000000000000420546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.040cb2b54f88c5af2021-12-21 10:45:48.949root 11241100x8000000000000000420547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:48.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1599ccf26d380c8b2021-12-21 10:45:48.949root 11241100x8000000000000000420548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a8e2d9fac2fab7e2021-12-21 10:45:49.443root 11241100x8000000000000000420549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cdcbf615b175cb82021-12-21 10:45:49.444root 11241100x8000000000000000420550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ad7aa278ef0e71c2021-12-21 10:45:49.444root 11241100x8000000000000000420551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ce8ec700f281ed2021-12-21 10:45:49.444root 11241100x8000000000000000420552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.002754edbca2cce42021-12-21 10:45:49.444root 11241100x8000000000000000420553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601db09c7a407e282021-12-21 10:45:49.444root 11241100x8000000000000000420554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41dd89491d8459b32021-12-21 10:45:49.444root 11241100x8000000000000000420555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8412e4ba6668806f2021-12-21 10:45:49.445root 11241100x8000000000000000420556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7bdb45c2e4843b2021-12-21 10:45:49.445root 11241100x8000000000000000420557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea096d1223e36de92021-12-21 10:45:49.445root 11241100x8000000000000000420558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9719c15eada91b4e2021-12-21 10:45:49.445root 11241100x8000000000000000420559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd804fd64ed280e2021-12-21 10:45:49.445root 11241100x8000000000000000420560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f5f8ecb9a451bf92021-12-21 10:45:49.446root 11241100x8000000000000000420561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7a61788d940841c2021-12-21 10:45:49.446root 11241100x8000000000000000420562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c2af9edf41f69ca2021-12-21 10:45:49.446root 11241100x8000000000000000420563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23fb9f9c0ddbfb342021-12-21 10:45:49.446root 11241100x8000000000000000420564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64c66ad71241f7b92021-12-21 10:45:49.446root 11241100x8000000000000000420565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.508da1b145de65d22021-12-21 10:45:49.447root 11241100x8000000000000000420566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8522696310172ed82021-12-21 10:45:49.447root 11241100x8000000000000000420567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a177fc6f2ec070e92021-12-21 10:45:49.447root 11241100x8000000000000000420568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f2db647482ffcd92021-12-21 10:45:49.448root 11241100x8000000000000000420569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97faf346752728da2021-12-21 10:45:49.448root 11241100x8000000000000000420570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.041170b8fd3205d22021-12-21 10:45:49.448root 11241100x8000000000000000420571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b3872c5eff10e42021-12-21 10:45:49.448root 11241100x8000000000000000420572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12de23b16c720c362021-12-21 10:45:49.449root 11241100x8000000000000000420573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf8c72bc8e42d3a2021-12-21 10:45:49.449root 11241100x8000000000000000420574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.093549a6a5d270d32021-12-21 10:45:49.449root 11241100x8000000000000000420575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.385490f10b2ab1fe2021-12-21 10:45:49.449root 11241100x8000000000000000420576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eff6a0891f1ca43a2021-12-21 10:45:49.450root 11241100x8000000000000000420577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e3fa22f4c8e2c1a2021-12-21 10:45:49.450root 11241100x8000000000000000420578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12075d349f052e4c2021-12-21 10:45:49.450root 11241100x8000000000000000420579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5389287ffb7915b2021-12-21 10:45:49.450root 11241100x8000000000000000420580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c512eecf74bd3a262021-12-21 10:45:49.450root 11241100x8000000000000000420581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f2f6aad5e6d3f12021-12-21 10:45:49.451root 11241100x8000000000000000420582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cbc7dd4e10f66f62021-12-21 10:45:49.451root 11241100x8000000000000000420583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f7c842d37b801d12021-12-21 10:45:49.451root 11241100x8000000000000000420584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08874fe7fc5687e22021-12-21 10:45:49.451root 11241100x8000000000000000420585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8021f8e02c0db5412021-12-21 10:45:49.451root 11241100x8000000000000000420586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9375f2b89b9e295c2021-12-21 10:45:49.451root 11241100x8000000000000000420587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8bc56ae089dbb512021-12-21 10:45:49.451root 11241100x8000000000000000420588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a88e965ba8c44f2021-12-21 10:45:49.452root 11241100x8000000000000000420589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523d6a3a3d7d28772021-12-21 10:45:49.452root 11241100x8000000000000000420590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d28efb30f9cf54d2021-12-21 10:45:49.452root 11241100x8000000000000000420591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.268bdc536c6fee782021-12-21 10:45:49.452root 11241100x8000000000000000420592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18971b6efffaac92021-12-21 10:45:49.452root 11241100x8000000000000000420593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.468fba405f6c68072021-12-21 10:45:49.453root 11241100x8000000000000000420594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6bece295f5405a72021-12-21 10:45:49.453root 11241100x8000000000000000420595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9e4e1d35210d902021-12-21 10:45:49.453root 11241100x8000000000000000420596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f398d11889eea5bb2021-12-21 10:45:49.453root 11241100x8000000000000000420597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d11188059e57cf82021-12-21 10:45:49.453root 11241100x8000000000000000420598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c6952ce1598d012021-12-21 10:45:49.454root 11241100x8000000000000000420599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca21f96e0e0381e2021-12-21 10:45:49.454root 11241100x8000000000000000420600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2363bf8c1939be3e2021-12-21 10:45:49.454root 11241100x8000000000000000420601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e51ee212d1af372021-12-21 10:45:49.455root 11241100x8000000000000000420602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56ce1a21f8fb9a992021-12-21 10:45:49.455root 11241100x8000000000000000420603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42cce0e3e22bde5d2021-12-21 10:45:49.455root 11241100x8000000000000000420604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6738e89dee491532021-12-21 10:45:49.456root 11241100x8000000000000000420605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19553b854668d2f12021-12-21 10:45:49.456root 11241100x8000000000000000420606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae1d7c3c3a7558c12021-12-21 10:45:49.456root 11241100x8000000000000000420607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0ae6951067aa4a2021-12-21 10:45:49.456root 11241100x8000000000000000420608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.446529c4ce48b3022021-12-21 10:45:49.456root 11241100x8000000000000000420609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01cbfb0cbb8ad6572021-12-21 10:45:49.457root 11241100x8000000000000000420610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61d88612c1762b7f2021-12-21 10:45:49.457root 11241100x8000000000000000420611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ae6f7f10757bfd2021-12-21 10:45:49.457root 11241100x8000000000000000420612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1baaa90f426870562021-12-21 10:45:49.457root 11241100x8000000000000000420613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee6b505d9f04a792021-12-21 10:45:49.457root 11241100x8000000000000000420614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f8ccc4f7581ed122021-12-21 10:45:49.457root 11241100x8000000000000000420615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fdd484357f84ca02021-12-21 10:45:49.458root 11241100x8000000000000000420616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a86dff34b04735f2021-12-21 10:45:49.458root 11241100x8000000000000000420617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4770b70e0aa645a92021-12-21 10:45:49.458root 11241100x8000000000000000420618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d10ca19a092ad6592021-12-21 10:45:49.458root 11241100x8000000000000000420619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d93ec3d6e0ee2872021-12-21 10:45:49.458root 11241100x8000000000000000420620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce73d006dbfd4c432021-12-21 10:45:49.458root 11241100x8000000000000000420621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd1f556d0c91c0d2021-12-21 10:45:49.458root 11241100x8000000000000000420622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd46266336434fe2021-12-21 10:45:49.458root 11241100x8000000000000000420623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a7b0c59e55e0e872021-12-21 10:45:49.458root 11241100x8000000000000000420624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09cc0cf9e3a59e462021-12-21 10:45:49.459root 11241100x8000000000000000420625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f0a1e0d9ea5cc92021-12-21 10:45:49.459root 11241100x8000000000000000420626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d112b097c761762021-12-21 10:45:49.459root 11241100x8000000000000000420627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b78801d753fa6262021-12-21 10:45:49.459root 11241100x8000000000000000420628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98abd6762828b1282021-12-21 10:45:49.459root 11241100x8000000000000000420629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca4472f6d36145282021-12-21 10:45:49.459root 11241100x8000000000000000420630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3dc15143f999b02021-12-21 10:45:49.459root 11241100x8000000000000000420631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1741070861bb71f72021-12-21 10:45:49.459root 11241100x8000000000000000420632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64f6b942f732d3f72021-12-21 10:45:49.459root 11241100x8000000000000000420633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d05a3f4199207bec2021-12-21 10:45:49.459root 11241100x8000000000000000420634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bca074294bbba3082021-12-21 10:45:49.459root 11241100x8000000000000000420635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69320fc2c7389e082021-12-21 10:45:49.459root 11241100x8000000000000000420636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.744eef1d12926df82021-12-21 10:45:49.460root 11241100x8000000000000000420637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.819e3d35e78f1a682021-12-21 10:45:49.460root 11241100x8000000000000000420638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a3e08eea7869cdd2021-12-21 10:45:49.460root 11241100x8000000000000000420639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f53a8e41c56458a52021-12-21 10:45:49.460root 11241100x8000000000000000420640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07afa27a24ab15372021-12-21 10:45:49.460root 11241100x8000000000000000420641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1192d09261fa6c5f2021-12-21 10:45:49.460root 11241100x8000000000000000420642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.665be96cae1c5ff42021-12-21 10:45:49.460root 11241100x8000000000000000420643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1fc79a6305c7bf62021-12-21 10:45:49.460root 11241100x8000000000000000420644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf85194cc8e23352021-12-21 10:45:49.460root 11241100x8000000000000000420645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ff5729b3c5688d72021-12-21 10:45:49.460root 11241100x8000000000000000420646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ea55e55b50b8f82021-12-21 10:45:49.460root 11241100x8000000000000000420647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c3579eb7ae01b172021-12-21 10:45:49.460root 11241100x8000000000000000420648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07947582eec7f92a2021-12-21 10:45:49.460root 11241100x8000000000000000420649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cc079697a3a3c4b2021-12-21 10:45:49.460root 11241100x8000000000000000420650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75db9a1464d8f1b72021-12-21 10:45:49.461root 11241100x8000000000000000420651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93787b15890ef20c2021-12-21 10:45:49.461root 11241100x8000000000000000420652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d7ece3fa1c918c92021-12-21 10:45:49.461root 11241100x8000000000000000420653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43fb36fa0844537e2021-12-21 10:45:49.461root 11241100x8000000000000000420654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d9712878e0f5002021-12-21 10:45:49.461root 11241100x8000000000000000420655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e533c9d3a1696fd82021-12-21 10:45:49.461root 11241100x8000000000000000420656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc8dc0281d6809da2021-12-21 10:45:49.461root 11241100x8000000000000000420657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df999f7f57990fd2021-12-21 10:45:49.461root 11241100x8000000000000000420658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b3c52b0d3a6fab2021-12-21 10:45:49.461root 11241100x8000000000000000420659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f5af49228aa57d02021-12-21 10:45:49.943root 11241100x8000000000000000420660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fddd05c72ee94be42021-12-21 10:45:49.943root 11241100x8000000000000000420661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a25367a9104e75882021-12-21 10:45:49.943root 11241100x8000000000000000420662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f1663e7f48119d2021-12-21 10:45:49.943root 11241100x8000000000000000420663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67726984ccb628aa2021-12-21 10:45:49.943root 11241100x8000000000000000420664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8280fd7bc6060bf22021-12-21 10:45:49.943root 11241100x8000000000000000420665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5fd071bccdf9a562021-12-21 10:45:49.943root 11241100x8000000000000000420666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2c84ba663ac22a12021-12-21 10:45:49.943root 11241100x8000000000000000420667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f75676419c63453f2021-12-21 10:45:49.943root 11241100x8000000000000000420668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d0a71829be82472021-12-21 10:45:49.943root 11241100x8000000000000000420669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be97057be07f4acd2021-12-21 10:45:49.944root 11241100x8000000000000000420670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cfe772efdd9c03a2021-12-21 10:45:49.944root 11241100x8000000000000000420671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c7915420d4154c2021-12-21 10:45:49.944root 11241100x8000000000000000420672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a56ff0f9e0540c0d2021-12-21 10:45:49.944root 11241100x8000000000000000420673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c17ab6c45824e752021-12-21 10:45:49.944root 11241100x8000000000000000420674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5411d27e062fe4ea2021-12-21 10:45:49.944root 11241100x8000000000000000420675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adf76143c2d8238a2021-12-21 10:45:49.944root 11241100x8000000000000000420676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.791b487425c6cd582021-12-21 10:45:49.944root 11241100x8000000000000000420677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b20ea92ebb9cf32021-12-21 10:45:49.944root 11241100x8000000000000000420678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0782ddc6b43ea1f2021-12-21 10:45:49.944root 11241100x8000000000000000420679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476613341341dba22021-12-21 10:45:49.944root 11241100x8000000000000000420680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17edea53611d6ba12021-12-21 10:45:49.945root 11241100x8000000000000000420681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4739bc304cde3ad2021-12-21 10:45:49.945root 11241100x8000000000000000420682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9989cd172631a2412021-12-21 10:45:49.945root 11241100x8000000000000000420683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a5a53fe2e1690c82021-12-21 10:45:49.945root 11241100x8000000000000000420684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dadf7b618308eee42021-12-21 10:45:49.945root 11241100x8000000000000000420685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d582b06bb5b13a42021-12-21 10:45:49.945root 11241100x8000000000000000420686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a795701590f36cd2021-12-21 10:45:49.945root 11241100x8000000000000000420687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b25ec304953aefb2021-12-21 10:45:49.945root 11241100x8000000000000000420688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071794cd79935f312021-12-21 10:45:49.945root 11241100x8000000000000000420689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba0c0bca11b03cba2021-12-21 10:45:49.945root 11241100x8000000000000000420690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5cd8bbd9bbe96442021-12-21 10:45:49.945root 11241100x8000000000000000420691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae291d5d1746dcc12021-12-21 10:45:49.946root 11241100x8000000000000000420692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57bb403322a55b502021-12-21 10:45:49.946root 11241100x8000000000000000420693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ed04f52557c49fb2021-12-21 10:45:49.946root 11241100x8000000000000000420694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b4845bbbcaacd52021-12-21 10:45:49.947root 11241100x8000000000000000420695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f263b4ea85656fc2021-12-21 10:45:49.947root 11241100x8000000000000000420696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af0bfa0269a6d2a22021-12-21 10:45:49.947root 11241100x8000000000000000420697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2928fac61a8f69e12021-12-21 10:45:49.947root 11241100x8000000000000000420698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a616c113144d2652021-12-21 10:45:49.947root 11241100x8000000000000000420699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368cd8694b04e12f2021-12-21 10:45:49.947root 11241100x8000000000000000420700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c7c1a4e8d372c0d2021-12-21 10:45:49.947root 11241100x8000000000000000420701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2159664a0fdb79c2021-12-21 10:45:49.947root 11241100x8000000000000000420702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fef21c0f7f86dd62021-12-21 10:45:49.947root 11241100x8000000000000000420703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd46c8f3fd9cfca2021-12-21 10:45:49.947root 11241100x8000000000000000420704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ec68ca82e8a42f2021-12-21 10:45:49.947root 11241100x8000000000000000420705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.133d5f55f74fade12021-12-21 10:45:49.947root 11241100x8000000000000000420706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df63ea3e7473e1e52021-12-21 10:45:49.948root 11241100x8000000000000000420707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f262f6641eec83402021-12-21 10:45:49.948root 11241100x8000000000000000420708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e45bba36ab08ac72021-12-21 10:45:49.948root 11241100x8000000000000000420709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7929d1ae95188a52021-12-21 10:45:49.948root 11241100x8000000000000000420710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a50bdfa6350af16c2021-12-21 10:45:49.948root 11241100x8000000000000000420711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6344d42ab57a3dd32021-12-21 10:45:49.948root 11241100x8000000000000000420712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa6e1856875991e62021-12-21 10:45:49.948root 11241100x8000000000000000420713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd1d47203628da02021-12-21 10:45:49.948root 11241100x8000000000000000420714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3500794de31d79d32021-12-21 10:45:49.948root 11241100x8000000000000000420715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4c6e27d146af2a2021-12-21 10:45:49.948root 11241100x8000000000000000420716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1db073f41ac39c62021-12-21 10:45:49.949root 11241100x8000000000000000420717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b37bdecfa92d35052021-12-21 10:45:49.949root 11241100x8000000000000000420718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d12362c79300d312021-12-21 10:45:49.949root 11241100x8000000000000000420719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1785f7b2e905d4da2021-12-21 10:45:49.949root 11241100x8000000000000000420720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce9336a79678dd8a2021-12-21 10:45:49.949root 11241100x8000000000000000420721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55fc67b597848c662021-12-21 10:45:49.949root 11241100x8000000000000000420722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2406a1404694dea2021-12-21 10:45:49.949root 11241100x8000000000000000420723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c16f58d9a5d7e52021-12-21 10:45:49.950root 11241100x8000000000000000420724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2721ad158f2ddb0c2021-12-21 10:45:49.950root 11241100x8000000000000000420725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e9b0ccb7f08a11c2021-12-21 10:45:49.950root 11241100x8000000000000000420726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fbcb2a92e1c9e2c2021-12-21 10:45:49.950root 11241100x8000000000000000420727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64981bb0ad502e412021-12-21 10:45:49.950root 11241100x8000000000000000420728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1dfbcbf16445942021-12-21 10:45:49.950root 11241100x8000000000000000420729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9201ca3616983c52021-12-21 10:45:49.950root 11241100x8000000000000000420730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f181984073f25422021-12-21 10:45:49.951root 11241100x8000000000000000420731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d923f8254314862021-12-21 10:45:49.951root 11241100x8000000000000000420732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d511726409379ab2021-12-21 10:45:49.951root 11241100x8000000000000000420733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1486d4bc1666e87d2021-12-21 10:45:49.951root 11241100x8000000000000000420734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a79358371d466c02021-12-21 10:45:49.951root 11241100x8000000000000000420735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73bd6017c4160b862021-12-21 10:45:49.951root 11241100x8000000000000000420736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73873c3dbf71ca9e2021-12-21 10:45:49.951root 11241100x8000000000000000420737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8848cce7433cc5c52021-12-21 10:45:49.951root 11241100x8000000000000000420738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.514f575b92427e302021-12-21 10:45:49.951root 11241100x8000000000000000420739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd540aefc7e1f472021-12-21 10:45:49.951root 11241100x8000000000000000420740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f0118321bc4198d2021-12-21 10:45:49.952root 11241100x8000000000000000420741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d016b3662f9024a42021-12-21 10:45:49.952root 11241100x8000000000000000420742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec1028f07b5880c2021-12-21 10:45:49.952root 11241100x8000000000000000420743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27be72db62a8c0a32021-12-21 10:45:49.952root 11241100x8000000000000000420744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7739a8fb5bcede462021-12-21 10:45:49.952root 11241100x8000000000000000420745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2507c926849fc5332021-12-21 10:45:49.952root 11241100x8000000000000000420746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0522167fbc9b9e72021-12-21 10:45:49.952root 11241100x8000000000000000420747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0a9f27a878f5d062021-12-21 10:45:49.952root 11241100x8000000000000000420748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2da728a1d0813a92021-12-21 10:45:49.952root 11241100x8000000000000000420749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c3032fc1d105a22021-12-21 10:45:49.952root 11241100x8000000000000000420750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37f9dfa1c01ec592021-12-21 10:45:49.952root 11241100x8000000000000000420751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c21453848678322021-12-21 10:45:49.953root 11241100x8000000000000000420752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d78f3b588db29ca2021-12-21 10:45:49.953root 11241100x8000000000000000420753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c3a610eca4eb0202021-12-21 10:45:49.953root 11241100x8000000000000000420754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b148acf39d2c1aa2021-12-21 10:45:49.953root 11241100x8000000000000000420755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1145557efd75b41b2021-12-21 10:45:49.953root 11241100x8000000000000000420756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3b56319bf1595192021-12-21 10:45:49.953root 11241100x8000000000000000420757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ae91e9a563d0b552021-12-21 10:45:49.953root 11241100x8000000000000000420758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf858468c2a30832021-12-21 10:45:49.953root 11241100x8000000000000000420759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da27dd2a9d662a52021-12-21 10:45:49.953root 11241100x8000000000000000420760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff284a01d6e30182021-12-21 10:45:49.953root 11241100x8000000000000000420761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.277019101734b17c2021-12-21 10:45:49.953root 11241100x8000000000000000420762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acebda7271084bae2021-12-21 10:45:49.953root 11241100x8000000000000000420763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba3f04a6bbe52e72021-12-21 10:45:49.954root 11241100x8000000000000000420764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84486486f48e6c912021-12-21 10:45:49.954root 11241100x8000000000000000420765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21fefabe7e5da1d52021-12-21 10:45:49.954root 11241100x8000000000000000420766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029d3745a0675fea2021-12-21 10:45:49.954root 11241100x8000000000000000420767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0014176c8df956582021-12-21 10:45:49.954root 11241100x8000000000000000420768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f34c942a5b7d5c352021-12-21 10:45:49.954root 11241100x8000000000000000420769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b41243be90a05fe2021-12-21 10:45:49.954root 11241100x8000000000000000420770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1897aaae8ad65c82021-12-21 10:45:49.954root 11241100x8000000000000000420771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8946a99ebc0514ab2021-12-21 10:45:49.954root 11241100x8000000000000000420772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab84b6e46465723d2021-12-21 10:45:49.954root 11241100x8000000000000000420773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ad88001c6b59e42021-12-21 10:45:49.954root 11241100x8000000000000000420774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e73267065c9b8452021-12-21 10:45:49.954root 11241100x8000000000000000420775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.642fcacc320e81b22021-12-21 10:45:49.954root 11241100x8000000000000000420776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd60a92f379fa432021-12-21 10:45:49.954root 11241100x8000000000000000420777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ac0657c1482ea02021-12-21 10:45:49.955root 11241100x8000000000000000420778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f3529ea5afa0d82021-12-21 10:45:49.955root 11241100x8000000000000000420779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10581195b0e9307f2021-12-21 10:45:49.955root 11241100x8000000000000000420780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf8a7ce13e8ffda82021-12-21 10:45:49.955root 11241100x8000000000000000420781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95bc864ea652cf082021-12-21 10:45:49.955root 11241100x8000000000000000420782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ba697168ed21c772021-12-21 10:45:49.955root 11241100x8000000000000000420783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7a867a9ec7810aa2021-12-21 10:45:49.955root 11241100x8000000000000000420784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.151088d7a57cb9c92021-12-21 10:45:49.955root 11241100x8000000000000000420785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de4416b8a4584d02021-12-21 10:45:49.955root 11241100x8000000000000000420786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed9659a68d0d4c8c2021-12-21 10:45:49.955root 11241100x8000000000000000420787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6e49e7e2aae26c2021-12-21 10:45:49.955root 11241100x8000000000000000420788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2762730ce25869692021-12-21 10:45:49.955root 11241100x8000000000000000420789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:49.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e31f83909c0e27c42021-12-21 10:45:49.955root 11241100x8000000000000000420790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c19424aaeeaf2a3d2021-12-21 10:45:50.442root 11241100x8000000000000000420791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eae5ae6af6911b52021-12-21 10:45:50.443root 11241100x8000000000000000420792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e65929e61ebbae42021-12-21 10:45:50.443root 11241100x8000000000000000420793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa8191f914b0cee2021-12-21 10:45:50.443root 11241100x8000000000000000420794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d0b9bfbdc1225c92021-12-21 10:45:50.443root 11241100x8000000000000000420795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13beff1de9a918142021-12-21 10:45:50.443root 11241100x8000000000000000420796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ab8875f2f6b2c972021-12-21 10:45:50.443root 11241100x8000000000000000420797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1742d0eb466aa94b2021-12-21 10:45:50.443root 11241100x8000000000000000420798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e82cad7c9b4d272021-12-21 10:45:50.443root 11241100x8000000000000000420799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599cdedb3af557322021-12-21 10:45:50.443root 11241100x8000000000000000420800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d6b4939c1838f542021-12-21 10:45:50.443root 11241100x8000000000000000420801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e58a0494e6f266b2021-12-21 10:45:50.443root 11241100x8000000000000000420802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69b1bb3697d0b532021-12-21 10:45:50.444root 11241100x8000000000000000420803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d6d49c2a2d0f34a2021-12-21 10:45:50.444root 11241100x8000000000000000420804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0803adf5797ba6ce2021-12-21 10:45:50.444root 11241100x8000000000000000420805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29c67fac8ddf7f872021-12-21 10:45:50.444root 11241100x8000000000000000420806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a615b38fcb89f12021-12-21 10:45:50.444root 11241100x8000000000000000420807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e77d04f3823b7e72021-12-21 10:45:50.444root 11241100x8000000000000000420808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5abcb0fcc6fe9eb2021-12-21 10:45:50.444root 11241100x8000000000000000420809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c70445a130b7ae2021-12-21 10:45:50.444root 11241100x8000000000000000420810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0be2ec8fba18ae2021-12-21 10:45:50.444root 11241100x8000000000000000420811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f635b3f2761483952021-12-21 10:45:50.444root 11241100x8000000000000000420812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9001c772598a4a1b2021-12-21 10:45:50.445root 11241100x8000000000000000420813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adac71cbb21097e82021-12-21 10:45:50.445root 11241100x8000000000000000420814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ffc3208479e6c172021-12-21 10:45:50.445root 11241100x8000000000000000420815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbc667cc682f2f0e2021-12-21 10:45:50.445root 11241100x8000000000000000420816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ac5914eb05604c2021-12-21 10:45:50.445root 11241100x8000000000000000420817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd727ffc5e63d0f2021-12-21 10:45:50.445root 11241100x8000000000000000420818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5675fd7e68c8e8552021-12-21 10:45:50.445root 11241100x8000000000000000420819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeb8440e3b41a13f2021-12-21 10:45:50.445root 11241100x8000000000000000420820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d562fca8a3c38d2021-12-21 10:45:50.446root 11241100x8000000000000000420821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c93f08439e15922021-12-21 10:45:50.446root 11241100x8000000000000000420822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1dfb26b91eb3a642021-12-21 10:45:50.446root 11241100x8000000000000000420823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32261424732380702021-12-21 10:45:50.446root 11241100x8000000000000000420824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d8c78c7043368b02021-12-21 10:45:50.446root 11241100x8000000000000000420825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.866723ca23b8f2582021-12-21 10:45:50.446root 11241100x8000000000000000420826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7339060c692be812021-12-21 10:45:50.446root 11241100x8000000000000000420827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60c5f32499620fe02021-12-21 10:45:50.446root 11241100x8000000000000000420828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72310fcfd6e4cfb2021-12-21 10:45:50.446root 11241100x8000000000000000420829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a48974d4d267aad62021-12-21 10:45:50.447root 11241100x8000000000000000420830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a71835a2cc68aa552021-12-21 10:45:50.447root 11241100x8000000000000000420831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63be43829eaae3832021-12-21 10:45:50.447root 11241100x8000000000000000420832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a34a0fb61af3dd42021-12-21 10:45:50.447root 11241100x8000000000000000420833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53338e88e96becbf2021-12-21 10:45:50.447root 11241100x8000000000000000420834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d4bd8e209f6282f2021-12-21 10:45:50.447root 11241100x8000000000000000420835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d76c0e5b961ea32021-12-21 10:45:50.447root 11241100x8000000000000000420836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd6b204bfe90280d2021-12-21 10:45:50.448root 11241100x8000000000000000420837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b279f1517c3d832021-12-21 10:45:50.448root 11241100x8000000000000000420838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a8e3e8d46d1c072021-12-21 10:45:50.448root 11241100x8000000000000000420839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c54504263017df22021-12-21 10:45:50.448root 11241100x8000000000000000420840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef096293100ae91f2021-12-21 10:45:50.448root 11241100x8000000000000000420841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de7efb325b675e52021-12-21 10:45:50.448root 11241100x8000000000000000420842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d021861292a7c92021-12-21 10:45:50.448root 11241100x8000000000000000420843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990c11f5b4a45b232021-12-21 10:45:50.448root 11241100x8000000000000000420844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04a6bb0098358f2d2021-12-21 10:45:50.448root 11241100x8000000000000000420845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f2732b4fc26bcf02021-12-21 10:45:50.448root 11241100x8000000000000000420846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5946053cfd536382021-12-21 10:45:50.448root 11241100x8000000000000000420847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b94d39d0f50ca3912021-12-21 10:45:50.448root 11241100x8000000000000000420848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.051da261aef15a582021-12-21 10:45:50.448root 11241100x8000000000000000420849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f14733c060301772021-12-21 10:45:50.448root 11241100x8000000000000000420850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6462b374b4ebe4932021-12-21 10:45:50.448root 11241100x8000000000000000420851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e8cc3a58276d9b2021-12-21 10:45:50.448root 11241100x8000000000000000420852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595a7399982f473f2021-12-21 10:45:50.449root 11241100x8000000000000000420853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aae9839b28b7f312021-12-21 10:45:50.449root 11241100x8000000000000000420854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aa071e833b61dab2021-12-21 10:45:50.449root 11241100x8000000000000000420855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.656164c110fd31ee2021-12-21 10:45:50.449root 11241100x8000000000000000420856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b5579f4c2875552021-12-21 10:45:50.449root 11241100x8000000000000000420857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19cd01fe19d752922021-12-21 10:45:50.449root 11241100x8000000000000000420858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a9e40a34a1dc672021-12-21 10:45:50.449root 11241100x8000000000000000420859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a2903b6df7ffe872021-12-21 10:45:50.449root 11241100x8000000000000000420860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee27d01a3b51c752021-12-21 10:45:50.449root 11241100x8000000000000000420861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07530e45948410b32021-12-21 10:45:50.449root 11241100x8000000000000000420862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d685523ac7944802021-12-21 10:45:50.449root 11241100x8000000000000000420863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.594fc9bd381ae41f2021-12-21 10:45:50.449root 11241100x8000000000000000420864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e3449c280623b12021-12-21 10:45:50.449root 11241100x8000000000000000420865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ccf33d8deeb71e62021-12-21 10:45:50.449root 11241100x8000000000000000420866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b3e2d2d5ced8ad2021-12-21 10:45:50.449root 11241100x8000000000000000420867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.597a43d2c8c841c82021-12-21 10:45:50.449root 11241100x8000000000000000420868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af49d361909fa1812021-12-21 10:45:50.450root 11241100x8000000000000000420869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3060f19a79f4d4d2021-12-21 10:45:50.450root 11241100x8000000000000000420870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0555cc8cda02d07b2021-12-21 10:45:50.450root 11241100x8000000000000000420871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d0e102f76d78142021-12-21 10:45:50.450root 11241100x8000000000000000420872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d33bf01d18b3372021-12-21 10:45:50.450root 11241100x8000000000000000420873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cee80da510764142021-12-21 10:45:50.450root 11241100x8000000000000000420874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5678f0a7f1cf44f2021-12-21 10:45:50.450root 11241100x8000000000000000420875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f35db0456e95eb752021-12-21 10:45:50.450root 11241100x8000000000000000420876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a0df520f16ef2152021-12-21 10:45:50.450root 11241100x8000000000000000420877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8799961d7af7e7ae2021-12-21 10:45:50.450root 11241100x8000000000000000420878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ccb6ee448d73ccb2021-12-21 10:45:50.450root 11241100x8000000000000000420879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8be0386c21f3f5e12021-12-21 10:45:50.450root 11241100x8000000000000000420880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c70d2dcd2f4be82021-12-21 10:45:50.450root 11241100x8000000000000000420881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad6258082d7cee3a2021-12-21 10:45:50.450root 11241100x8000000000000000420882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.349feba2f97a596d2021-12-21 10:45:50.450root 11241100x8000000000000000420883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8057bd9a286de4282021-12-21 10:45:50.450root 11241100x8000000000000000420884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e005de8235001652021-12-21 10:45:50.451root 11241100x8000000000000000420885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e67f06fb7d3852362021-12-21 10:45:50.451root 11241100x8000000000000000420886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae8f01fce17e14b2021-12-21 10:45:50.451root 11241100x8000000000000000420887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b040df3702b2574e2021-12-21 10:45:50.451root 11241100x8000000000000000420888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781ae587b489da392021-12-21 10:45:50.943root 11241100x8000000000000000420889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5118f860c5e4ce1f2021-12-21 10:45:50.943root 11241100x8000000000000000420890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7cbc5a12b6e05702021-12-21 10:45:50.943root 11241100x8000000000000000420891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c84544a07263dd0a2021-12-21 10:45:50.943root 11241100x8000000000000000420892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf2a61680f097802021-12-21 10:45:50.943root 11241100x8000000000000000420893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c8c522cbf648dd22021-12-21 10:45:50.944root 11241100x8000000000000000420894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ac559c31457a852021-12-21 10:45:50.944root 11241100x8000000000000000420895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb948c2d913d6bf82021-12-21 10:45:50.944root 11241100x8000000000000000420896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a68689f202b6cb22021-12-21 10:45:50.944root 11241100x8000000000000000420897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dec23dd7b6eee132021-12-21 10:45:50.945root 11241100x8000000000000000420898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b93918464489d372021-12-21 10:45:50.945root 11241100x8000000000000000420899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38db727c509ee9032021-12-21 10:45:50.945root 11241100x8000000000000000420900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.007f0ef8765c5b462021-12-21 10:45:50.946root 11241100x8000000000000000420901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed701bc1a92fc022021-12-21 10:45:50.946root 11241100x8000000000000000420902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cb7293bac6195a72021-12-21 10:45:50.946root 11241100x8000000000000000420903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b66455a1e933e0c2021-12-21 10:45:50.946root 11241100x8000000000000000420904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b95084f3253a6072021-12-21 10:45:50.947root 11241100x8000000000000000420905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd5fc3e7651ef8ad2021-12-21 10:45:50.947root 11241100x8000000000000000420906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb4fdd14778312482021-12-21 10:45:50.947root 11241100x8000000000000000420907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.663b6013d9019bb52021-12-21 10:45:50.947root 11241100x8000000000000000420908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c26c9bd558f463562021-12-21 10:45:50.947root 11241100x8000000000000000420909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.186d700c16c6e0342021-12-21 10:45:50.948root 11241100x8000000000000000420910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ecc3dda64e678a2021-12-21 10:45:50.948root 11241100x8000000000000000420911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5087e42dd5c12452021-12-21 10:45:50.948root 11241100x8000000000000000420912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d3fdeabf8ef08b52021-12-21 10:45:50.948root 11241100x8000000000000000420913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b59b5cc560b0cb012021-12-21 10:45:50.948root 11241100x8000000000000000420914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88a41f3f551743c2021-12-21 10:45:50.948root 11241100x8000000000000000420915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a0ead36777bb8aa2021-12-21 10:45:50.948root 11241100x8000000000000000420916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4855c9367812c292021-12-21 10:45:50.949root 11241100x8000000000000000420917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a617ee826695f7d22021-12-21 10:45:50.949root 11241100x8000000000000000420918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c09898b54e5a882021-12-21 10:45:50.949root 11241100x8000000000000000420919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.774c9bc790ca24182021-12-21 10:45:50.949root 11241100x8000000000000000420920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ed4da5ad58312ac2021-12-21 10:45:50.949root 11241100x8000000000000000420921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c19e8b3bef50956b2021-12-21 10:45:50.949root 11241100x8000000000000000420922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d619b0dfa3f5e5bb2021-12-21 10:45:50.949root 11241100x8000000000000000420923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5e2cf8e1ab90af2021-12-21 10:45:50.950root 11241100x8000000000000000420924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ab67c467efdf482021-12-21 10:45:50.950root 11241100x8000000000000000420925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed56db8173ab1c32021-12-21 10:45:50.950root 11241100x8000000000000000420926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d16d13e454a21f52021-12-21 10:45:50.950root 11241100x8000000000000000420927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd9b9092a6afa8022021-12-21 10:45:50.950root 11241100x8000000000000000420928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.680a51bc6b6228092021-12-21 10:45:50.950root 11241100x8000000000000000420929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28bb71fae9e875fd2021-12-21 10:45:50.951root 11241100x8000000000000000420930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ab158c7d794a6062021-12-21 10:45:50.951root 11241100x8000000000000000420931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b10093ba00f4dd702021-12-21 10:45:50.951root 11241100x8000000000000000420932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd91d2a3834075e2021-12-21 10:45:50.951root 11241100x8000000000000000420933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.792e545e44ed887f2021-12-21 10:45:50.951root 11241100x8000000000000000420934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.250d8773f18000472021-12-21 10:45:50.951root 11241100x8000000000000000420935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad9da7f020fb80752021-12-21 10:45:50.951root 11241100x8000000000000000420936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c56bc6f245c12942021-12-21 10:45:50.951root 11241100x8000000000000000420937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0407b1fb868800e92021-12-21 10:45:50.952root 11241100x8000000000000000420938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4aa27cbcf348fc62021-12-21 10:45:50.952root 11241100x8000000000000000420939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad0b68656527c5442021-12-21 10:45:50.952root 11241100x8000000000000000420940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b13bafe4a98afe82021-12-21 10:45:50.952root 11241100x8000000000000000420941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0da8e0d91dcbb52021-12-21 10:45:50.953root 11241100x8000000000000000420942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d79b1338d0427642021-12-21 10:45:50.953root 11241100x8000000000000000420943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2200397eaca6a92021-12-21 10:45:50.953root 11241100x8000000000000000420944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce275b75d42893332021-12-21 10:45:50.953root 11241100x8000000000000000420945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.526ada39c9d41f002021-12-21 10:45:50.953root 11241100x8000000000000000420946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c2829bab21f40a92021-12-21 10:45:50.953root 11241100x8000000000000000420947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.202053b42a73b0682021-12-21 10:45:50.953root 11241100x8000000000000000420948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67461e29eb9491942021-12-21 10:45:50.953root 11241100x8000000000000000420949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d1552fc295179222021-12-21 10:45:50.953root 11241100x8000000000000000420950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3768ab92a5d63c1f2021-12-21 10:45:50.954root 11241100x8000000000000000420951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69dec684894ba6d22021-12-21 10:45:50.954root 11241100x8000000000000000420952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81cd4e27a48e6df22021-12-21 10:45:50.954root 11241100x8000000000000000420953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4176572b518f37052021-12-21 10:45:50.954root 11241100x8000000000000000420954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fbfb27b7656caf22021-12-21 10:45:50.954root 11241100x8000000000000000420955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b1f2e128768a562021-12-21 10:45:50.955root 11241100x8000000000000000420956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1b84675de5ac4172021-12-21 10:45:50.955root 11241100x8000000000000000420957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c76bc04d12f06f002021-12-21 10:45:50.955root 11241100x8000000000000000420958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2bc912393c739112021-12-21 10:45:50.956root 11241100x8000000000000000420959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f01ca60fc4e43162021-12-21 10:45:50.956root 11241100x8000000000000000420960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7ab1bbc309986a72021-12-21 10:45:50.956root 11241100x8000000000000000420961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ec1a4fff4176bc2021-12-21 10:45:50.956root 11241100x8000000000000000420962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c748b9325f0cfc5b2021-12-21 10:45:50.956root 11241100x8000000000000000420963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abfc384e5b368d3e2021-12-21 10:45:50.956root 11241100x8000000000000000420964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1955d079c6576e6f2021-12-21 10:45:50.956root 11241100x8000000000000000420965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74fadf3a27e7dda2021-12-21 10:45:50.956root 11241100x8000000000000000420966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c43c8837bfcaded82021-12-21 10:45:50.956root 11241100x8000000000000000420967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc10d0e35d769f42021-12-21 10:45:50.956root 11241100x8000000000000000420968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3132bcc02eabb1f2021-12-21 10:45:50.957root 11241100x8000000000000000420969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c7bfee047439752021-12-21 10:45:50.957root 11241100x8000000000000000420970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8890eddf79fd4be02021-12-21 10:45:50.957root 11241100x8000000000000000420971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.009b9b74543cabe82021-12-21 10:45:50.957root 11241100x8000000000000000420972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e23635a077ae022021-12-21 10:45:50.957root 11241100x8000000000000000420973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7eb5fb957c8c08d2021-12-21 10:45:50.957root 11241100x8000000000000000420974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6254f8c0fb7a442021-12-21 10:45:50.957root 11241100x8000000000000000420975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331aa35ec1d91b352021-12-21 10:45:50.957root 11241100x8000000000000000420976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62bb24a9a39c6c532021-12-21 10:45:50.957root 11241100x8000000000000000420977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecfac61f5e7c19b92021-12-21 10:45:50.958root 11241100x8000000000000000420978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b58d50f8b7dd1592021-12-21 10:45:50.958root 11241100x8000000000000000420979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df7ee07177ee64962021-12-21 10:45:50.958root 11241100x8000000000000000420980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f1e6125aec17a82021-12-21 10:45:50.958root 11241100x8000000000000000420981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.782774305df5c54e2021-12-21 10:45:50.958root 11241100x8000000000000000420982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd7e4e012066a4c2021-12-21 10:45:50.958root 11241100x8000000000000000420983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a95e7a5579bdeda32021-12-21 10:45:50.958root 11241100x8000000000000000420984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7ca32618c7b225d2021-12-21 10:45:50.958root 11241100x8000000000000000420985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8dd1b4676edd78b2021-12-21 10:45:50.958root 11241100x8000000000000000420986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e3c10ad24b03d32021-12-21 10:45:50.959root 11241100x8000000000000000420987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df06cf2da54e77882021-12-21 10:45:50.959root 11241100x8000000000000000420988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9274f035332f93a72021-12-21 10:45:50.959root 11241100x8000000000000000420989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.840797d8c4d7deed2021-12-21 10:45:50.959root 11241100x8000000000000000420990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7bb6e088131a2ce2021-12-21 10:45:50.959root 11241100x8000000000000000420991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02036f886dafd2fd2021-12-21 10:45:50.959root 11241100x8000000000000000420992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f6e02a4d76bac92021-12-21 10:45:50.959root 11241100x8000000000000000420993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f45fbd2b0893992021-12-21 10:45:50.959root 11241100x8000000000000000420994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d924f16763b3e95f2021-12-21 10:45:50.959root 11241100x8000000000000000420995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e740d416384129252021-12-21 10:45:50.960root 11241100x8000000000000000420996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d3ab1db29910dd62021-12-21 10:45:50.960root 11241100x8000000000000000420997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27ff40a23faf42322021-12-21 10:45:50.960root 11241100x8000000000000000420998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e8847739a5fb712021-12-21 10:45:50.960root 11241100x8000000000000000420999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e733b64a647f1d82021-12-21 10:45:50.960root 11241100x8000000000000000421000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70895112f0bf5cb32021-12-21 10:45:50.960root 11241100x8000000000000000421001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99bfe2c18183dbba2021-12-21 10:45:50.960root 11241100x8000000000000000421002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2000b278cd1faf0c2021-12-21 10:45:50.960root 11241100x8000000000000000421003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.390c23312a63c1f02021-12-21 10:45:50.960root 11241100x8000000000000000421004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dce1e3e798b33ac2021-12-21 10:45:50.961root 11241100x8000000000000000421005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.143bef12f0b36a392021-12-21 10:45:50.961root 11241100x8000000000000000421006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b472ff9c1dc0cef32021-12-21 10:45:50.961root 11241100x8000000000000000421007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d3f1bb4784f5f02021-12-21 10:45:50.961root 11241100x8000000000000000421008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80015b7dcbe7c0622021-12-21 10:45:50.961root 11241100x8000000000000000421009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e3cb674ac5c8a02021-12-21 10:45:50.961root 11241100x8000000000000000421010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e2bcf8e51aeb292021-12-21 10:45:50.961root 11241100x8000000000000000421011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ac28a06ebfa3bd72021-12-21 10:45:50.961root 11241100x8000000000000000421012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6700cec5eb952872021-12-21 10:45:50.961root 11241100x8000000000000000421013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5896cef0a91f6672021-12-21 10:45:50.962root 11241100x8000000000000000421014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62494756f30ae882021-12-21 10:45:50.962root 11241100x8000000000000000421015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2fb35ecc5622f2a2021-12-21 10:45:50.962root 11241100x8000000000000000421016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd2bd82a83f698c82021-12-21 10:45:50.962root 11241100x8000000000000000421017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee1d3126701b63c2021-12-21 10:45:50.962root 11241100x8000000000000000421018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462af854d0bc8c1a2021-12-21 10:45:50.962root 11241100x8000000000000000421019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eefad737d43243122021-12-21 10:45:50.962root 11241100x8000000000000000421020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fdfd144a18004022021-12-21 10:45:50.962root 11241100x8000000000000000421021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a16a537e75316f2021-12-21 10:45:50.962root 11241100x8000000000000000421022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee6de2a19807ae52021-12-21 10:45:50.962root 11241100x8000000000000000421023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b25d58fbee31daf2021-12-21 10:45:50.963root 11241100x8000000000000000421024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e95956624d8c612021-12-21 10:45:50.963root 11241100x8000000000000000421025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e83d3d4224af911c2021-12-21 10:45:50.963root 11241100x8000000000000000421026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6b2a83569c8a3e02021-12-21 10:45:50.963root 11241100x8000000000000000421027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bb6668dd3f3d9692021-12-21 10:45:50.963root 11241100x8000000000000000421028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43d399666c23ca712021-12-21 10:45:50.963root 11241100x8000000000000000421029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07502bd2f56d713b2021-12-21 10:45:50.963root 11241100x8000000000000000421030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b241b0beb7ab5c82021-12-21 10:45:50.963root 11241100x8000000000000000421031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3f98a4f27bc9862021-12-21 10:45:50.963root 11241100x8000000000000000421032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd56c165cb6eac12021-12-21 10:45:50.963root 11241100x8000000000000000421033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.964{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07183dd484d064852021-12-21 10:45:50.964root 11241100x8000000000000000421034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:50.964{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd59d8b07c1a3b8d2021-12-21 10:45:50.964root 11241100x8000000000000000421035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e276e1623b6e752021-12-21 10:45:51.443root 11241100x8000000000000000421036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d78e5cced3119982021-12-21 10:45:51.443root 11241100x8000000000000000421037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.960a83baf140bf7c2021-12-21 10:45:51.443root 11241100x8000000000000000421038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ec96f7850f746e2021-12-21 10:45:51.443root 11241100x8000000000000000421039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c87ac18117c6552021-12-21 10:45:51.443root 11241100x8000000000000000421040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5fd18b83d7fbafd2021-12-21 10:45:51.443root 11241100x8000000000000000421041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a962bb50978eae02021-12-21 10:45:51.443root 11241100x8000000000000000421042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2643621857901522021-12-21 10:45:51.443root 11241100x8000000000000000421043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6020c36c8ea8e7982021-12-21 10:45:51.443root 11241100x8000000000000000421044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba2d6c9ab47f03712021-12-21 10:45:51.444root 11241100x8000000000000000421045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f92828f4743caa572021-12-21 10:45:51.444root 11241100x8000000000000000421046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e2fe6e430c4e292021-12-21 10:45:51.444root 11241100x8000000000000000421047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ce432a51213df22021-12-21 10:45:51.444root 11241100x8000000000000000421048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431a09661516da702021-12-21 10:45:51.444root 11241100x8000000000000000421049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e4fd32ff7952262021-12-21 10:45:51.444root 11241100x8000000000000000421050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.139a8dbdc0eb79e32021-12-21 10:45:51.444root 11241100x8000000000000000421051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66579528040854712021-12-21 10:45:51.444root 11241100x8000000000000000421052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f1f4f2db87a11c12021-12-21 10:45:51.444root 11241100x8000000000000000421053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bf85ebd730a70a12021-12-21 10:45:51.444root 11241100x8000000000000000421054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d5941df8d2db432021-12-21 10:45:51.445root 11241100x8000000000000000421055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4196b2f99678573c2021-12-21 10:45:51.445root 11241100x8000000000000000421056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.febe05ef5dc72fc82021-12-21 10:45:51.445root 11241100x8000000000000000421057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1ea1365e92a6582021-12-21 10:45:51.445root 11241100x8000000000000000421058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f59e092b03c63ad2021-12-21 10:45:51.445root 11241100x8000000000000000421059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.223f1bbbb8638e692021-12-21 10:45:51.445root 11241100x8000000000000000421060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc196a01935b9ac2021-12-21 10:45:51.445root 11241100x8000000000000000421061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.937f1c584e0a80062021-12-21 10:45:51.445root 11241100x8000000000000000421062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c71e02df48520e62021-12-21 10:45:51.445root 11241100x8000000000000000421063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cfdd0cb6ce9ea032021-12-21 10:45:51.446root 11241100x8000000000000000421064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.043edcfead004e812021-12-21 10:45:51.446root 11241100x8000000000000000421065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad05387f2614d2582021-12-21 10:45:51.446root 11241100x8000000000000000421066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba5ee6d6b1fa7172021-12-21 10:45:51.446root 11241100x8000000000000000421067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16446c50eb7b71d12021-12-21 10:45:51.446root 11241100x8000000000000000421068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4723ee32458b228c2021-12-21 10:45:51.446root 11241100x8000000000000000421069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c301a9855face182021-12-21 10:45:51.446root 11241100x8000000000000000421070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1966867bfff147952021-12-21 10:45:51.446root 11241100x8000000000000000421071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.760ad9d093b8df662021-12-21 10:45:51.446root 11241100x8000000000000000421072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c366c86838a3b22021-12-21 10:45:51.447root 11241100x8000000000000000421073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bffbe95a0ffdfc122021-12-21 10:45:51.447root 11241100x8000000000000000421074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a886fab99e2b998b2021-12-21 10:45:51.447root 11241100x8000000000000000421075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1dbb1c6cd9da2a12021-12-21 10:45:51.447root 11241100x8000000000000000421076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f9d8ec315d90d1f2021-12-21 10:45:51.447root 11241100x8000000000000000421077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c708119a871441782021-12-21 10:45:51.447root 11241100x8000000000000000421078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3720cb6c3a5073c12021-12-21 10:45:51.447root 11241100x8000000000000000421079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ae56ae397c3cbfa2021-12-21 10:45:51.447root 11241100x8000000000000000421080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef77b5f0268f63da2021-12-21 10:45:51.447root 11241100x8000000000000000421081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad6a5607b0c2caf2021-12-21 10:45:51.447root 11241100x8000000000000000421082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ed991c83a9f1692021-12-21 10:45:51.448root 11241100x8000000000000000421083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17639233dcbc25982021-12-21 10:45:51.448root 11241100x8000000000000000421084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.455675bc7b4286012021-12-21 10:45:51.448root 11241100x8000000000000000421085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab14796b98df5b42021-12-21 10:45:51.448root 11241100x8000000000000000421086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4597c8c6428b7b2021-12-21 10:45:51.448root 11241100x8000000000000000421087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac4dc832f24f40b2021-12-21 10:45:51.448root 11241100x8000000000000000421088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.593954f209204ecf2021-12-21 10:45:51.448root 11241100x8000000000000000421089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b4309a11c19f922021-12-21 10:45:51.448root 11241100x8000000000000000421090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8feb8c28191a1ca2021-12-21 10:45:51.448root 11241100x8000000000000000421091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a6ead3472d5e882021-12-21 10:45:51.448root 11241100x8000000000000000421092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42bd858f8c7ce752021-12-21 10:45:51.448root 11241100x8000000000000000421093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a70ec9b8dc40fe2021-12-21 10:45:51.449root 11241100x8000000000000000421094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c50301bd1c7f8b5a2021-12-21 10:45:51.449root 11241100x8000000000000000421095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181add32b753437f2021-12-21 10:45:51.451root 11241100x8000000000000000421096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bdb5eaf200844202021-12-21 10:45:51.452root 11241100x8000000000000000421097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d70d23e08b587322021-12-21 10:45:51.452root 11241100x8000000000000000421098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c4d1641fce579fe2021-12-21 10:45:51.452root 11241100x8000000000000000421099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b53156ee63a4bdc2021-12-21 10:45:51.452root 11241100x8000000000000000421100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec524b51037283a2021-12-21 10:45:51.452root 11241100x8000000000000000421101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b140dc6f46e1eb92021-12-21 10:45:51.452root 11241100x8000000000000000421102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d23f64b00e71b82021-12-21 10:45:51.452root 11241100x8000000000000000421103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f419c25a340213612021-12-21 10:45:51.452root 11241100x8000000000000000421104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bdf98a7f27210552021-12-21 10:45:51.453root 11241100x8000000000000000421105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b993ff913e6733f2021-12-21 10:45:51.453root 11241100x8000000000000000421106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc2281b05ed172aa2021-12-21 10:45:51.453root 11241100x8000000000000000421107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62445921e788fc8d2021-12-21 10:45:51.453root 11241100x8000000000000000421108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b58beaccbccbe3c2021-12-21 10:45:51.453root 11241100x8000000000000000421109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd98005dafe534a32021-12-21 10:45:51.453root 11241100x8000000000000000421110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de3c48f7f731d4b2021-12-21 10:45:51.453root 11241100x8000000000000000421111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed7a42c2ecb6ab692021-12-21 10:45:51.453root 11241100x8000000000000000421112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab20734429647c9b2021-12-21 10:45:51.454root 11241100x8000000000000000421113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea322f96223ead92021-12-21 10:45:51.454root 11241100x8000000000000000421114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2503166b9cd882592021-12-21 10:45:51.454root 11241100x8000000000000000421115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31931d6febe630292021-12-21 10:45:51.454root 11241100x8000000000000000421116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f78b03e8572440202021-12-21 10:45:51.454root 11241100x8000000000000000421117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.848573d50338f77b2021-12-21 10:45:51.455root 11241100x8000000000000000421118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af853cf7a43c53462021-12-21 10:45:51.455root 11241100x8000000000000000421119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d2d02bf74dccc482021-12-21 10:45:51.455root 11241100x8000000000000000421120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.429b594eedf449df2021-12-21 10:45:51.455root 11241100x8000000000000000421121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d2da855f6925382021-12-21 10:45:51.455root 11241100x8000000000000000421122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f4838965dab34582021-12-21 10:45:51.455root 11241100x8000000000000000421123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4acba5a603d7e52021-12-21 10:45:51.456root 11241100x8000000000000000421124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c0c10bfd881da9d2021-12-21 10:45:51.456root 11241100x8000000000000000421125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71aee07efb590d3f2021-12-21 10:45:51.456root 11241100x8000000000000000421126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d13f99c60ab75722021-12-21 10:45:51.456root 11241100x8000000000000000421127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d010cfceed7ae1402021-12-21 10:45:51.456root 11241100x8000000000000000421128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.669f22663337ad842021-12-21 10:45:51.456root 11241100x8000000000000000421129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61865a84ebef0bb22021-12-21 10:45:51.456root 11241100x8000000000000000421130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b40f05aff0b90b772021-12-21 10:45:51.456root 11241100x8000000000000000421131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba268d466f53b812021-12-21 10:45:51.457root 11241100x8000000000000000421132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7fe6174e9ee869d2021-12-21 10:45:51.458root 11241100x8000000000000000421133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6398b8a41c6b1f3a2021-12-21 10:45:51.458root 11241100x8000000000000000421134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752bbcd396555fb52021-12-21 10:45:51.458root 11241100x8000000000000000421135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d84904216186cc2021-12-21 10:45:51.943root 11241100x8000000000000000421136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.082d18be66e02ee22021-12-21 10:45:51.943root 11241100x8000000000000000421137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59edae984a6ba2cf2021-12-21 10:45:51.943root 11241100x8000000000000000421138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc929527e8968d112021-12-21 10:45:51.943root 11241100x8000000000000000421139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd162b5a46551552021-12-21 10:45:51.943root 11241100x8000000000000000421140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.616131eae3fbc6092021-12-21 10:45:51.943root 11241100x8000000000000000421141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d25a393228dd252021-12-21 10:45:51.944root 11241100x8000000000000000421142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8984c6e0ab7f1e32021-12-21 10:45:51.944root 11241100x8000000000000000421143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f8e881146130fd12021-12-21 10:45:51.944root 11241100x8000000000000000421144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18dc46d60ca486f2021-12-21 10:45:51.944root 11241100x8000000000000000421145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91f4b9e92c13bd432021-12-21 10:45:51.944root 11241100x8000000000000000421146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3be3b3398d7e2bc92021-12-21 10:45:51.944root 11241100x8000000000000000421147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef6b840a9295df192021-12-21 10:45:51.944root 11241100x8000000000000000421148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a27eff35ad273f042021-12-21 10:45:51.944root 11241100x8000000000000000421149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04fa00527d11a1882021-12-21 10:45:51.944root 11241100x8000000000000000421150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f75864cda0db0b62021-12-21 10:45:51.944root 11241100x8000000000000000421151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c028a8b1f68f2272021-12-21 10:45:51.944root 11241100x8000000000000000421152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df7fae295081a372021-12-21 10:45:51.944root 11241100x8000000000000000421153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9510a080323daf972021-12-21 10:45:51.944root 11241100x8000000000000000421154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.298f4658f60b46ff2021-12-21 10:45:51.944root 11241100x8000000000000000421155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27faa29de07ee48b2021-12-21 10:45:51.944root 11241100x8000000000000000421156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a26c43d6a0103a2021-12-21 10:45:51.945root 11241100x8000000000000000421157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b27f5dfd998f31f2021-12-21 10:45:51.945root 11241100x8000000000000000421158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b65972302a69d5f02021-12-21 10:45:51.945root 11241100x8000000000000000421159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4da8a80b843ca2bb2021-12-21 10:45:51.945root 11241100x8000000000000000421160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cf99695463f01e72021-12-21 10:45:51.945root 11241100x8000000000000000421161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94a33cd5694c77cb2021-12-21 10:45:51.945root 11241100x8000000000000000421162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.639a463f25016c2f2021-12-21 10:45:51.945root 11241100x8000000000000000421163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05e2d84891b9d83c2021-12-21 10:45:51.945root 11241100x8000000000000000421164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.972df7d5da0468be2021-12-21 10:45:51.946root 11241100x8000000000000000421165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4105b986b8b4ae172021-12-21 10:45:51.946root 11241100x8000000000000000421166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2afc3273aab5b592021-12-21 10:45:51.946root 11241100x8000000000000000421167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d3fda0bcc3afc82021-12-21 10:45:51.946root 11241100x8000000000000000421168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83fed8381b05d48a2021-12-21 10:45:51.946root 11241100x8000000000000000421169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0192ab2419f9ed2021-12-21 10:45:51.946root 11241100x8000000000000000421170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.730b86afd372ac402021-12-21 10:45:51.946root 11241100x8000000000000000421171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9bac79625d48a52021-12-21 10:45:51.946root 11241100x8000000000000000421172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be5f6d239a7d14e02021-12-21 10:45:51.946root 11241100x8000000000000000421173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b739ac3fa7b9b272021-12-21 10:45:51.946root 11241100x8000000000000000421174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62a3ab9e1ba8be52021-12-21 10:45:51.946root 11241100x8000000000000000421175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1914f3ca6dc44072021-12-21 10:45:51.947root 11241100x8000000000000000421176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.079da80e9d52128d2021-12-21 10:45:51.947root 11241100x8000000000000000421177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2cbd29f99580fd22021-12-21 10:45:51.947root 11241100x8000000000000000421178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.451dc2c8c5d471202021-12-21 10:45:51.947root 11241100x8000000000000000421179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d22f84148c71aa2021-12-21 10:45:51.947root 11241100x8000000000000000421180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba3245c9e23e493f2021-12-21 10:45:51.947root 11241100x8000000000000000421181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c8f7ab2a04f45a32021-12-21 10:45:51.947root 11241100x8000000000000000421182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d606b63fcc98a1222021-12-21 10:45:51.947root 11241100x8000000000000000421183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38e95e2d1e8c44532021-12-21 10:45:51.947root 11241100x8000000000000000421184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96183aaebdaa77072021-12-21 10:45:51.947root 11241100x8000000000000000421185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d423f415493878612021-12-21 10:45:51.948root 11241100x8000000000000000421186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02353bc9359b13572021-12-21 10:45:51.948root 11241100x8000000000000000421187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff4870ccedcd3d42021-12-21 10:45:51.948root 11241100x8000000000000000421188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c8502d5c8499c0c2021-12-21 10:45:51.948root 11241100x8000000000000000421189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e7769603ea92e8c2021-12-21 10:45:51.948root 11241100x8000000000000000421190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c531d8b030a0f32021-12-21 10:45:51.948root 11241100x8000000000000000421191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.978fa4987a09605d2021-12-21 10:45:51.948root 11241100x8000000000000000421192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b7bcc56bac5f672021-12-21 10:45:51.948root 11241100x8000000000000000421193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cccdc1056b2241d52021-12-21 10:45:51.948root 11241100x8000000000000000421194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23578eb800a8c9142021-12-21 10:45:51.948root 11241100x8000000000000000421195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72194ed3e106e68e2021-12-21 10:45:51.949root 11241100x8000000000000000421196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46794745925bfa742021-12-21 10:45:51.949root 11241100x8000000000000000421197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b6eebaf6417ae32021-12-21 10:45:51.949root 11241100x8000000000000000421198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f9161f04a984b82021-12-21 10:45:51.949root 11241100x8000000000000000421199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5e7a523aecab3d2021-12-21 10:45:51.949root 11241100x8000000000000000421200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf60a6114d0d1262021-12-21 10:45:51.949root 11241100x8000000000000000421201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d8f4358de0f0d42021-12-21 10:45:51.949root 11241100x8000000000000000421202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.818ef0bc2aa384862021-12-21 10:45:51.950root 11241100x8000000000000000421203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a191051e4333f04b2021-12-21 10:45:51.950root 11241100x8000000000000000421204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d9910c0957129052021-12-21 10:45:51.950root 11241100x8000000000000000421205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b993ae51d199225b2021-12-21 10:45:51.952root 11241100x8000000000000000421206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b962268dd89261012021-12-21 10:45:51.952root 11241100x8000000000000000421207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c214f0daca845b32021-12-21 10:45:51.952root 11241100x8000000000000000421208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aac63c4efb9d9dc2021-12-21 10:45:51.952root 11241100x8000000000000000421209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b901207338ab272021-12-21 10:45:51.953root 11241100x8000000000000000421210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65ee08764ca971812021-12-21 10:45:51.953root 11241100x8000000000000000421211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f27a1035040e6e052021-12-21 10:45:51.953root 11241100x8000000000000000421212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.842037764dcb3d632021-12-21 10:45:51.953root 11241100x8000000000000000421213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7992bb8c1b4f5b012021-12-21 10:45:51.953root 11241100x8000000000000000421214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8838b26262a16fe72021-12-21 10:45:51.953root 11241100x8000000000000000421215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da27363561db265a2021-12-21 10:45:51.954root 11241100x8000000000000000421216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.249b7698f4abf3a42021-12-21 10:45:51.954root 11241100x8000000000000000421217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2db90ec6bdb3ef922021-12-21 10:45:51.954root 11241100x8000000000000000421218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.513c1de2e90a96be2021-12-21 10:45:51.954root 11241100x8000000000000000421219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.716306db56e887502021-12-21 10:45:51.954root 11241100x8000000000000000421220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff7a6b400469d0c2021-12-21 10:45:51.954root 11241100x8000000000000000421221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dffea3d5716c7ba72021-12-21 10:45:51.954root 11241100x8000000000000000421222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9581006387c1ee292021-12-21 10:45:51.955root 11241100x8000000000000000421223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1560160be41d13802021-12-21 10:45:51.957root 11241100x8000000000000000421224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0eee99773aa5a692021-12-21 10:45:51.958root 11241100x8000000000000000421225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.389ad70621b565a02021-12-21 10:45:51.958root 11241100x8000000000000000421226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b60e91067926ac2021-12-21 10:45:51.958root 11241100x8000000000000000421227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60907bb76b9665522021-12-21 10:45:51.958root 11241100x8000000000000000421228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b66d22392589dd32021-12-21 10:45:51.958root 11241100x8000000000000000421229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.782cdb8486e975722021-12-21 10:45:51.958root 11241100x8000000000000000421230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eee6fcc5e678abe2021-12-21 10:45:51.958root 11241100x8000000000000000421231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e85460ca6091f9012021-12-21 10:45:51.958root 11241100x8000000000000000421232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f803feeba947523a2021-12-21 10:45:51.958root 11241100x8000000000000000421233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.010455fa87ff86af2021-12-21 10:45:51.958root 11241100x8000000000000000421234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bda603317e50c3d42021-12-21 10:45:51.958root 11241100x8000000000000000421235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd44f5611b41e4092021-12-21 10:45:51.958root 11241100x8000000000000000421236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.519e9653ed0353922021-12-21 10:45:51.958root 11241100x8000000000000000421237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.273f179db4c2cee32021-12-21 10:45:51.958root 11241100x8000000000000000421238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e36ead022bcb0582021-12-21 10:45:51.959root 11241100x8000000000000000421239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f64aa6eef142d02021-12-21 10:45:51.959root 11241100x8000000000000000421240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0329786cdb7b34e12021-12-21 10:45:51.959root 11241100x8000000000000000421241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a0e0c478bdfbd832021-12-21 10:45:51.959root 11241100x8000000000000000421242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21269d8c48783aa92021-12-21 10:45:51.959root 11241100x8000000000000000421243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29fb2d5c98d753ee2021-12-21 10:45:51.959root 11241100x8000000000000000421244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da9b605a6dd1c98e2021-12-21 10:45:51.960root 11241100x8000000000000000421245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.658898d04af261e42021-12-21 10:45:51.960root 11241100x8000000000000000421246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec847fe89b9b80b2021-12-21 10:45:51.960root 11241100x8000000000000000421247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e3e975869382872021-12-21 10:45:51.960root 11241100x8000000000000000421248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76a0f5d125c1a0c32021-12-21 10:45:51.960root 11241100x8000000000000000421249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea2620ef2227450a2021-12-21 10:45:51.960root 11241100x8000000000000000421250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d3de4c292270472021-12-21 10:45:51.960root 11241100x8000000000000000421251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6414a428ced22c9e2021-12-21 10:45:51.960root 11241100x8000000000000000421252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d5546e6507f8f262021-12-21 10:45:51.960root 11241100x8000000000000000421253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef2a722ce077acc2021-12-21 10:45:51.960root 11241100x8000000000000000421254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b769cca6afa6052021-12-21 10:45:51.960root 11241100x8000000000000000421255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.841560184d7cc53c2021-12-21 10:45:51.960root 11241100x8000000000000000421256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c35b8a092ab8c3d2021-12-21 10:45:51.960root 11241100x8000000000000000421257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b9b393484ad64d12021-12-21 10:45:51.960root 11241100x8000000000000000421258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3164e3e576d73bae2021-12-21 10:45:51.960root 11241100x8000000000000000421259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b577fcd8e5497e2021-12-21 10:45:51.960root 11241100x8000000000000000421260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7512e1d41b6e33d22021-12-21 10:45:51.961root 11241100x8000000000000000421261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4f5698345b95662021-12-21 10:45:51.961root 11241100x8000000000000000421262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.962a038a15e4dd722021-12-21 10:45:51.961root 11241100x8000000000000000421263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d5a82e49f15e852021-12-21 10:45:51.961root 11241100x8000000000000000421264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e31f28634e90c81d2021-12-21 10:45:51.961root 11241100x8000000000000000421265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab4e248d40202f412021-12-21 10:45:51.961root 11241100x8000000000000000421266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.067f5e0663c6fae62021-12-21 10:45:51.961root 11241100x8000000000000000421267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8293ebc3baa43512021-12-21 10:45:51.961root 11241100x8000000000000000421268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b90533136f3eeb72021-12-21 10:45:51.961root 11241100x8000000000000000421269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ec90c692afcd442021-12-21 10:45:51.961root 11241100x8000000000000000421270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.085b7430234cb5962021-12-21 10:45:51.961root 11241100x8000000000000000421271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a41882cfa93c7262021-12-21 10:45:51.961root 11241100x8000000000000000421272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1c66df0f474ea82021-12-21 10:45:51.961root 11241100x8000000000000000421273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae5cc058c1b581622021-12-21 10:45:51.961root 11241100x8000000000000000421274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a786b4e5a879072021-12-21 10:45:51.961root 11241100x8000000000000000421275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b8f9f1f27e34d42021-12-21 10:45:51.961root 11241100x8000000000000000421276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd062c79035419f42021-12-21 10:45:51.962root 11241100x8000000000000000421277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa6fe0730ac7a5c2021-12-21 10:45:51.962root 11241100x8000000000000000421278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e084bbbcb47f9e9a2021-12-21 10:45:51.962root 11241100x8000000000000000421279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38662372bfa64fab2021-12-21 10:45:51.962root 11241100x8000000000000000421280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.518be850836073d12021-12-21 10:45:51.962root 11241100x8000000000000000421281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26fdac1c18cc50452021-12-21 10:45:51.962root 11241100x8000000000000000421282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caf97b423219e7322021-12-21 10:45:51.962root 11241100x8000000000000000421283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.863709fe52b2a8a72021-12-21 10:45:51.962root 11241100x8000000000000000421284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dced774a060cdaa2021-12-21 10:45:51.962root 11241100x8000000000000000421285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.821625a34065948a2021-12-21 10:45:51.962root 11241100x8000000000000000421286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48a9537ac905a6122021-12-21 10:45:51.962root 11241100x8000000000000000421287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e3466505b1ea3092021-12-21 10:45:51.962root 11241100x8000000000000000421288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd23e562805276142021-12-21 10:45:51.962root 11241100x8000000000000000421289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb788ec163746162021-12-21 10:45:51.962root 11241100x8000000000000000421290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b3560c3f35b7772021-12-21 10:45:51.962root 11241100x8000000000000000421291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1ca16b032abf6202021-12-21 10:45:51.962root 11241100x8000000000000000421292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d2ae7f6151e7a982021-12-21 10:45:51.963root 11241100x8000000000000000421293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d8679f6178618f2021-12-21 10:45:51.963root 11241100x8000000000000000421294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081633782ac2927f2021-12-21 10:45:51.963root 11241100x8000000000000000421295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7560850224db370b2021-12-21 10:45:51.963root 11241100x8000000000000000421296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9d7326caded05b2021-12-21 10:45:51.963root 11241100x8000000000000000421297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dba1bad3d5faad12021-12-21 10:45:51.963root 11241100x8000000000000000421298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a2684bb20d16c7f2021-12-21 10:45:51.963root 11241100x8000000000000000421299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b6a2425480fd0f2021-12-21 10:45:51.963root 11241100x8000000000000000421300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ade75aead94b6af2021-12-21 10:45:51.963root 11241100x8000000000000000421301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27a721fdad78e7ed2021-12-21 10:45:51.963root 11241100x8000000000000000421302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6fc1001d2fbb6d32021-12-21 10:45:51.963root 11241100x8000000000000000421303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23efea1a050fb86b2021-12-21 10:45:51.963root 11241100x8000000000000000421304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d72537c50725c2d2021-12-21 10:45:51.963root 11241100x8000000000000000421305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a9976b96028a3752021-12-21 10:45:51.963root 11241100x8000000000000000421306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.964{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5fd94ac0665d1022021-12-21 10:45:51.964root 11241100x8000000000000000421307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.964{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e3b9fcac31db092021-12-21 10:45:51.964root 11241100x8000000000000000421308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.964{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f6edf9b87e2cab2021-12-21 10:45:51.964root 11241100x8000000000000000421309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.964{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ea1ef87cfe044e2021-12-21 10:45:51.964root 11241100x8000000000000000421310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.964{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a1e3ecc53d43e62021-12-21 10:45:51.964root 11241100x8000000000000000421311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.964{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde8dfd6486a6c2c2021-12-21 10:45:51.964root 11241100x8000000000000000421312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.964{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af5741bc4fc06e72021-12-21 10:45:51.964root 11241100x8000000000000000421313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.964{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e135c1bab14350002021-12-21 10:45:51.964root 11241100x8000000000000000421314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.964{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e6424b1a07e39de2021-12-21 10:45:51.964root 11241100x8000000000000000421315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76796f77f3283a532021-12-21 10:45:51.965root 11241100x8000000000000000421316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f89f1d48e16f4f9c2021-12-21 10:45:51.965root 11241100x8000000000000000421317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.895a5892abc262252021-12-21 10:45:51.965root 11241100x8000000000000000421318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16b74f9c344503542021-12-21 10:45:51.965root 11241100x8000000000000000421319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e49145f1d86295fc2021-12-21 10:45:51.965root 11241100x8000000000000000421320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8796a7b39ce1af52021-12-21 10:45:51.965root 11241100x8000000000000000421321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30751506b18f37572021-12-21 10:45:51.965root 11241100x8000000000000000421322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76288d393a5f003b2021-12-21 10:45:51.965root 11241100x8000000000000000421323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eab27b299bfd4572021-12-21 10:45:51.965root 11241100x8000000000000000421324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.774f3dec514570212021-12-21 10:45:51.965root 11241100x8000000000000000421325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a96d3e0f10e25be2021-12-21 10:45:51.965root 11241100x8000000000000000421326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.966{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a159a3ee627fa72021-12-21 10:45:51.966root 11241100x8000000000000000421327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.966{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2acecf0a3da689022021-12-21 10:45:51.966root 11241100x8000000000000000421328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.966{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc59cae29296fd1c2021-12-21 10:45:51.966root 11241100x8000000000000000421329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.966{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeceb524601bca5d2021-12-21 10:45:51.966root 11241100x8000000000000000421330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.966{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd321f4fc5d1c81a2021-12-21 10:45:51.966root 11241100x8000000000000000421331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.966{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4136650d065a72cf2021-12-21 10:45:51.966root 11241100x8000000000000000421332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.966{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac9a530de3912172021-12-21 10:45:51.966root 11241100x8000000000000000421333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.966{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f6ab501a0c5f8f2021-12-21 10:45:51.966root 11241100x8000000000000000421334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.966{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b57e03889e5407c72021-12-21 10:45:51.966root 11241100x8000000000000000421335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.966{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c9fbca953a1b332021-12-21 10:45:51.966root 11241100x8000000000000000421336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.966{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60808741c17906112021-12-21 10:45:51.966root 11241100x8000000000000000421337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.966{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af66eb0db58ea5f2021-12-21 10:45:51.966root 11241100x8000000000000000421338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5dd402b2eef2b9c2021-12-21 10:45:51.967root 11241100x8000000000000000421339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d641325e0e790102021-12-21 10:45:51.967root 11241100x8000000000000000421340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f26f4be2697262242021-12-21 10:45:51.967root 11241100x8000000000000000421341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf17bff0e87dc29a2021-12-21 10:45:51.967root 11241100x8000000000000000421342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df2f33b8898cbd372021-12-21 10:45:51.967root 11241100x8000000000000000421343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b14e4c5b68664ec22021-12-21 10:45:51.967root 11241100x8000000000000000421344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.008fa85126504ebb2021-12-21 10:45:51.967root 11241100x8000000000000000421345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90047606ddeda5052021-12-21 10:45:51.967root 11241100x8000000000000000421346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d02da5d828a2de12021-12-21 10:45:51.967root 11241100x8000000000000000421347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.554f36c44f2f56222021-12-21 10:45:51.968root 11241100x8000000000000000421348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609c9eda48c4133e2021-12-21 10:45:51.968root 11241100x8000000000000000421349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ff141a4d32c8a0c2021-12-21 10:45:51.968root 11241100x8000000000000000421350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cc3e9482992227b2021-12-21 10:45:51.968root 11241100x8000000000000000421351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ef131c2478008652021-12-21 10:45:51.968root 11241100x8000000000000000421352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb8c927002b2e74e2021-12-21 10:45:51.969root 11241100x8000000000000000421353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5969eff57ea59a5b2021-12-21 10:45:51.969root 11241100x8000000000000000421354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a50cb741a0c45c4f2021-12-21 10:45:51.969root 11241100x8000000000000000421355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d07808386e4c03c42021-12-21 10:45:51.969root 11241100x8000000000000000421356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd209dff6b9463562021-12-21 10:45:51.969root 11241100x8000000000000000421357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.970{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b77ce315abc6f6d52021-12-21 10:45:51.970root 11241100x8000000000000000421358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.970{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fdf21b65798f3492021-12-21 10:45:51.970root 11241100x8000000000000000421359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.970{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e41dd350c60627772021-12-21 10:45:51.970root 11241100x8000000000000000421360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.970{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.473f9bf955850e602021-12-21 10:45:51.970root 11241100x8000000000000000421361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.970{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e92d3559390541132021-12-21 10:45:51.970root 11241100x8000000000000000421362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.970{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd9b4bdf9e087912021-12-21 10:45:51.970root 11241100x8000000000000000421363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.970{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cd4842535a2f7c62021-12-21 10:45:51.970root 11241100x8000000000000000421364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6b4bd0d2751c0e02021-12-21 10:45:51.971root 11241100x8000000000000000421365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6ebe9b68e1447792021-12-21 10:45:51.971root 11241100x8000000000000000421366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28ebdfd60a61123d2021-12-21 10:45:51.971root 11241100x8000000000000000421367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06502687b24e53f42021-12-21 10:45:51.971root 11241100x8000000000000000421368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9138926300926bf92021-12-21 10:45:51.971root 11241100x8000000000000000421369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03812947b8f1143a2021-12-21 10:45:51.971root 11241100x8000000000000000421370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aeff1c160e23e0c2021-12-21 10:45:51.971root 11241100x8000000000000000421371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d0eeb687edef6292021-12-21 10:45:51.971root 11241100x8000000000000000421372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c511c2040135c4842021-12-21 10:45:51.971root 11241100x8000000000000000421373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4652792b2b5ea1d52021-12-21 10:45:51.972root 11241100x8000000000000000421374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf6b9c2e80158112021-12-21 10:45:51.972root 11241100x8000000000000000421375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55089b30b459128d2021-12-21 10:45:51.972root 11241100x8000000000000000421376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d00e1138ec9be7292021-12-21 10:45:51.972root 11241100x8000000000000000421377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28cd573a39e3d9472021-12-21 10:45:51.972root 11241100x8000000000000000421378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5801592c2a0e5fcf2021-12-21 10:45:51.972root 11241100x8000000000000000421379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e27199def8cf617d2021-12-21 10:45:51.972root 11241100x8000000000000000421380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.973{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67fcbb8aac2c2a002021-12-21 10:45:51.973root 11241100x8000000000000000421381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.973{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd39cd68a7f559be2021-12-21 10:45:51.973root 11241100x8000000000000000421382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.973{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.640dcecc0a575ba02021-12-21 10:45:51.973root 11241100x8000000000000000421383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.973{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2933c8d00c70125b2021-12-21 10:45:51.973root 11241100x8000000000000000421384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.973{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1edbdc3ddf793ccf2021-12-21 10:45:51.973root 11241100x8000000000000000421385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.973{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64616df47a8b9ca72021-12-21 10:45:51.973root 11241100x8000000000000000421386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.973{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6515bee61b0019202021-12-21 10:45:51.973root 11241100x8000000000000000421387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.974{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.097bd41d742f526f2021-12-21 10:45:51.974root 11241100x8000000000000000421388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.974{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ee5df6feb64bbca2021-12-21 10:45:51.974root 11241100x8000000000000000421389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:51.974{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba99f9af0400eff32021-12-21 10:45:51.974root 11241100x8000000000000000421390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb5f22225c320fa12021-12-21 10:45:52.443root 11241100x8000000000000000421391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e451cedf3c1b4b612021-12-21 10:45:52.443root 11241100x8000000000000000421392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df1c572abbb646d2021-12-21 10:45:52.443root 11241100x8000000000000000421393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a01cc273b632062021-12-21 10:45:52.443root 11241100x8000000000000000421394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af6d640264ac0b12021-12-21 10:45:52.444root 11241100x8000000000000000421395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.240052440eb775132021-12-21 10:45:52.444root 11241100x8000000000000000421396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b4631680b763112021-12-21 10:45:52.444root 11241100x8000000000000000421397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceaf5a0421359fd42021-12-21 10:45:52.444root 11241100x8000000000000000421398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c30b78efabaca1582021-12-21 10:45:52.444root 11241100x8000000000000000421399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.837cded6aed63a672021-12-21 10:45:52.444root 11241100x8000000000000000421400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4288366ac6fe1db82021-12-21 10:45:52.444root 11241100x8000000000000000421401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f19be95acd57fa822021-12-21 10:45:52.444root 11241100x8000000000000000421402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.679b98326570c4862021-12-21 10:45:52.444root 11241100x8000000000000000421403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b9e8a45a090b23a2021-12-21 10:45:52.444root 11241100x8000000000000000421404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7736c9271bebfd552021-12-21 10:45:52.444root 11241100x8000000000000000421405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e825c4b7ddd96ce2021-12-21 10:45:52.444root 11241100x8000000000000000421406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.696b64383f531caa2021-12-21 10:45:52.444root 11241100x8000000000000000421407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff6307935e364f532021-12-21 10:45:52.444root 11241100x8000000000000000421408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8651fa6526a8cf02021-12-21 10:45:52.444root 11241100x8000000000000000421409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce101081e2b8adf2021-12-21 10:45:52.444root 11241100x8000000000000000421410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a68c921d3e87cb12021-12-21 10:45:52.445root 11241100x8000000000000000421411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e8bc314a4fb4b3b2021-12-21 10:45:52.445root 11241100x8000000000000000421412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f68e9d0e9a01712021-12-21 10:45:52.445root 11241100x8000000000000000421413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.265384639c29a5522021-12-21 10:45:52.445root 11241100x8000000000000000421414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11e34abc02a989392021-12-21 10:45:52.445root 11241100x8000000000000000421415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.102c92bfaa7306be2021-12-21 10:45:52.445root 11241100x8000000000000000421416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deccd1361b798a932021-12-21 10:45:52.445root 11241100x8000000000000000421417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6fd2feeb02ba6c32021-12-21 10:45:52.445root 11241100x8000000000000000421418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff1f17a770ce02b2021-12-21 10:45:52.445root 11241100x8000000000000000421419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a57a376dd02eb7252021-12-21 10:45:52.445root 11241100x8000000000000000421420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf06933c316784b2021-12-21 10:45:52.445root 11241100x8000000000000000421421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8363bbb2e4f2e1a12021-12-21 10:45:52.445root 11241100x8000000000000000421422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c57509639d918ab2021-12-21 10:45:52.445root 11241100x8000000000000000421423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dafe4a41c440ea462021-12-21 10:45:52.445root 11241100x8000000000000000421424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e76c8ca2bf7c26f2021-12-21 10:45:52.445root 11241100x8000000000000000421425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51a7571b8c76a9072021-12-21 10:45:52.445root 11241100x8000000000000000421426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e329643b32c7015f2021-12-21 10:45:52.446root 11241100x8000000000000000421427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d598f2578fffaf2021-12-21 10:45:52.446root 11241100x8000000000000000421428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f9336fca65356bf2021-12-21 10:45:52.446root 11241100x8000000000000000421429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4386e1a6b1e6f102021-12-21 10:45:52.446root 11241100x8000000000000000421430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.986297fe0d7137d72021-12-21 10:45:52.446root 11241100x8000000000000000421431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.297b517582a66ade2021-12-21 10:45:52.446root 11241100x8000000000000000421432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d84c3bcc6602bad2021-12-21 10:45:52.446root 11241100x8000000000000000421433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1aa1f13886cff1c2021-12-21 10:45:52.446root 11241100x8000000000000000421434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a6e12da8166d0d2021-12-21 10:45:52.446root 11241100x8000000000000000421435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d245bb203f1812d62021-12-21 10:45:52.446root 11241100x8000000000000000421436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc596c41b75952c12021-12-21 10:45:52.446root 11241100x8000000000000000421437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5553d13f2b77c6a72021-12-21 10:45:52.446root 11241100x8000000000000000421438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.337b6551cdad382e2021-12-21 10:45:52.446root 11241100x8000000000000000421439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58fd5da1cf487c3b2021-12-21 10:45:52.447root 11241100x8000000000000000421440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bcd5d539db51b252021-12-21 10:45:52.447root 11241100x8000000000000000421441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.314d2242622108a92021-12-21 10:45:52.447root 11241100x8000000000000000421442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a3cac406f336742021-12-21 10:45:52.447root 11241100x8000000000000000421443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de3cf46e7a348e5e2021-12-21 10:45:52.447root 11241100x8000000000000000421444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88151a39f325a03f2021-12-21 10:45:52.447root 11241100x8000000000000000421445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.559a3f53f8735cbe2021-12-21 10:45:52.447root 11241100x8000000000000000421446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f565036b57b879762021-12-21 10:45:52.448root 11241100x8000000000000000421447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6db93c8f533651f2021-12-21 10:45:52.449root 11241100x8000000000000000421448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b282194dd98b8fe72021-12-21 10:45:52.450root 11241100x8000000000000000421449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a48b32e5137bc012021-12-21 10:45:52.450root 11241100x8000000000000000421450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1f9eef49f1048162021-12-21 10:45:52.450root 11241100x8000000000000000421451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.672ed6ee6baf91f52021-12-21 10:45:52.450root 11241100x8000000000000000421452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea6803fce3ef44a92021-12-21 10:45:52.450root 11241100x8000000000000000421453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e925980d88ed01e2021-12-21 10:45:52.450root 11241100x8000000000000000421454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ef2fbd644e0b622021-12-21 10:45:52.451root 11241100x8000000000000000421455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9979812ee4c3b32021-12-21 10:45:52.451root 11241100x8000000000000000421456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc8b131afdb3b0f22021-12-21 10:45:52.451root 11241100x8000000000000000421457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3694cb0772a454d2021-12-21 10:45:52.451root 11241100x8000000000000000421458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d34e4cd898c697582021-12-21 10:45:52.451root 11241100x8000000000000000421459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c30e298a2521a4e62021-12-21 10:45:52.451root 11241100x8000000000000000421460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e73b9a435996c62021-12-21 10:45:52.451root 11241100x8000000000000000421461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c003257364061c2021-12-21 10:45:52.451root 11241100x8000000000000000421462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fefca0a84bfcd4e2021-12-21 10:45:52.451root 11241100x8000000000000000421463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae6cb7d7a9b04aa62021-12-21 10:45:52.451root 11241100x8000000000000000421464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb5ef60413f07832021-12-21 10:45:52.451root 11241100x8000000000000000421465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01315498e52628b62021-12-21 10:45:52.451root 11241100x8000000000000000421466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0264ecc782d6a5bd2021-12-21 10:45:52.452root 11241100x8000000000000000421467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c20100c978c96e2021-12-21 10:45:52.453root 11241100x8000000000000000421468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6580695d6de885672021-12-21 10:45:52.453root 11241100x8000000000000000421469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7775e65b63f627182021-12-21 10:45:52.453root 11241100x8000000000000000421470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b63768664fa6e79b2021-12-21 10:45:52.453root 11241100x8000000000000000421471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.173d3a46d426636e2021-12-21 10:45:52.454root 11241100x8000000000000000421472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac2404f1f9042682021-12-21 10:45:52.454root 11241100x8000000000000000421473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2165a92c955922462021-12-21 10:45:52.454root 11241100x8000000000000000421474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14243a7e07c43a312021-12-21 10:45:52.454root 11241100x8000000000000000421475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce649edbb897e342021-12-21 10:45:52.454root 11241100x8000000000000000421476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.999870974d8bb6c42021-12-21 10:45:52.454root 11241100x8000000000000000421477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b82dd55ad0c6f12021-12-21 10:45:52.455root 11241100x8000000000000000421478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75cf802d7d5a008b2021-12-21 10:45:52.455root 11241100x8000000000000000421479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f5edc889966d0612021-12-21 10:45:52.455root 11241100x8000000000000000421480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e00e6db163c12e2021-12-21 10:45:52.455root 11241100x8000000000000000421481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.393e44248f6daa272021-12-21 10:45:52.455root 11241100x8000000000000000421482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cfb81222ddc807f2021-12-21 10:45:52.455root 11241100x8000000000000000421483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65f2bf74638f7fe2021-12-21 10:45:52.455root 11241100x8000000000000000421484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35662926233b98ef2021-12-21 10:45:52.455root 11241100x8000000000000000421485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8513cf161fb1a6a2021-12-21 10:45:52.455root 11241100x8000000000000000421486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5903a348e8ddc2b72021-12-21 10:45:52.455root 11241100x8000000000000000421487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb27914e146dcbd62021-12-21 10:45:52.456root 11241100x8000000000000000421488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fedd922c219c3ca62021-12-21 10:45:52.456root 11241100x8000000000000000421489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5162c616f4eb9b122021-12-21 10:45:52.457root 11241100x8000000000000000421490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc3de218eff7f232021-12-21 10:45:52.457root 11241100x8000000000000000421491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af432c6a1bb9b9f2021-12-21 10:45:52.457root 11241100x8000000000000000421492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90935e9a378516622021-12-21 10:45:52.458root 11241100x8000000000000000421493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc8ad86a92aed6332021-12-21 10:45:52.458root 11241100x8000000000000000421494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.814553ca2d51659d2021-12-21 10:45:52.458root 11241100x8000000000000000421495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbfabcc72332e6002021-12-21 10:45:52.458root 11241100x8000000000000000421496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66934eb8e84fee0e2021-12-21 10:45:52.459root 11241100x8000000000000000421497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1795a8db86965ee2021-12-21 10:45:52.459root 11241100x8000000000000000421498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07ba926746884b52021-12-21 10:45:52.459root 11241100x8000000000000000421499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1603bf0606d5cdfa2021-12-21 10:45:52.459root 11241100x8000000000000000421500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92bd9c978ec14f3d2021-12-21 10:45:52.460root 11241100x8000000000000000421501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a16b1fa0df41173c2021-12-21 10:45:52.460root 11241100x8000000000000000421502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e73cfa53a3d72e092021-12-21 10:45:52.460root 11241100x8000000000000000421503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d265216b9662a132021-12-21 10:45:52.460root 11241100x8000000000000000421504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c50f746ba5e6da2021-12-21 10:45:52.461root 11241100x8000000000000000421505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b355d16b9a86262021-12-21 10:45:52.461root 11241100x8000000000000000421506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889432c0974a88662021-12-21 10:45:52.461root 11241100x8000000000000000421507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.491090962eb9d4112021-12-21 10:45:52.461root 11241100x8000000000000000421508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.328ec93eda36b40e2021-12-21 10:45:52.461root 11241100x8000000000000000421509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8666aa5330b83d482021-12-21 10:45:52.462root 11241100x8000000000000000421510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a97cedfb194bcf2021-12-21 10:45:52.462root 11241100x8000000000000000421511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b65574641371b832021-12-21 10:45:52.462root 11241100x8000000000000000421512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ac99270f085db42021-12-21 10:45:52.462root 11241100x8000000000000000421513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e17b813cdfe74fd72021-12-21 10:45:52.463root 11241100x8000000000000000421514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c380e0aa1f57efec2021-12-21 10:45:52.463root 11241100x8000000000000000421515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d35e9a50aba16c2021-12-21 10:45:52.463root 11241100x8000000000000000421516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0fad8e9a5dcc29c2021-12-21 10:45:52.463root 11241100x8000000000000000421517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e2dbc60bff4ce82021-12-21 10:45:52.463root 11241100x8000000000000000421518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.052297d8089afa482021-12-21 10:45:52.464root 11241100x8000000000000000421519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc38df4fcc48aea02021-12-21 10:45:52.464root 11241100x8000000000000000421520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6903f46bd4975892021-12-21 10:45:52.464root 11241100x8000000000000000421521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c15e5d8ead52bc2021-12-21 10:45:52.464root 11241100x8000000000000000421522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01c7e93f43772e3b2021-12-21 10:45:52.465root 11241100x8000000000000000421523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a584ed8d4b4fb7102021-12-21 10:45:52.466root 11241100x8000000000000000421524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e259b29d0093d4892021-12-21 10:45:52.466root 11241100x8000000000000000421525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed90bbfa52a988f2021-12-21 10:45:52.466root 11241100x8000000000000000421526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56ceaaf8a6967db82021-12-21 10:45:52.467root 11241100x8000000000000000421527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c3edaabc342108f2021-12-21 10:45:52.467root 11241100x8000000000000000421528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d5223b4e55c94a2021-12-21 10:45:52.467root 11241100x8000000000000000421529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4057f62e7e85d632021-12-21 10:45:52.467root 11241100x8000000000000000421530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3632487f14a69582021-12-21 10:45:52.467root 11241100x8000000000000000421531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.909bd415741b9aaf2021-12-21 10:45:52.467root 11241100x8000000000000000421532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233a521a0b5e42852021-12-21 10:45:52.467root 11241100x8000000000000000421533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74485a501ecbc57e2021-12-21 10:45:52.467root 11241100x8000000000000000421534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3d296364388a1122021-12-21 10:45:52.468root 11241100x8000000000000000421535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9399493deaa99ae72021-12-21 10:45:52.468root 11241100x8000000000000000421536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac4935ee2687d9eb2021-12-21 10:45:52.468root 11241100x8000000000000000421537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4fe31ffb936b30d2021-12-21 10:45:52.468root 11241100x8000000000000000421538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43651b24ccbaeb222021-12-21 10:45:52.468root 11241100x8000000000000000421539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2db32df1b7b597742021-12-21 10:45:52.468root 11241100x8000000000000000421540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06cffd893607f6382021-12-21 10:45:52.468root 11241100x8000000000000000421541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0377e2d150d72aab2021-12-21 10:45:52.468root 11241100x8000000000000000421542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859879fd9b52bebb2021-12-21 10:45:52.468root 11241100x8000000000000000421543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba404d6f8f5d03a2021-12-21 10:45:52.468root 11241100x8000000000000000421544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a6d52e8ea34a40a2021-12-21 10:45:52.468root 11241100x8000000000000000421545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24f0e3400b8490972021-12-21 10:45:52.468root 11241100x8000000000000000421546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.470{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.079e55a10383cbd12021-12-21 10:45:52.470root 11241100x8000000000000000421547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.470{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828e3681414616e52021-12-21 10:45:52.470root 11241100x8000000000000000421548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.471{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e42197aec278644f2021-12-21 10:45:52.471root 11241100x8000000000000000421549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.471{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7513de334b1b5d542021-12-21 10:45:52.471root 11241100x8000000000000000421550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.471{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff0decef58a82bf2021-12-21 10:45:52.471root 11241100x8000000000000000421551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.477{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d75b31da63b8c942021-12-21 10:45:52.477root 11241100x8000000000000000421552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.477{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d4634e102de9952021-12-21 10:45:52.477root 11241100x8000000000000000421553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.477{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0762afd1560b7352021-12-21 10:45:52.477root 11241100x8000000000000000421554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.477{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.482aa8cb4780d7bc2021-12-21 10:45:52.477root 11241100x8000000000000000421555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.478{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da7012cd55e56b272021-12-21 10:45:52.478root 11241100x8000000000000000421556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.478{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.011a6404c009c8702021-12-21 10:45:52.478root 11241100x8000000000000000421557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.478{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13dd5786e87eaec2021-12-21 10:45:52.478root 11241100x8000000000000000421558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.478{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d77ddd0bb29463362021-12-21 10:45:52.478root 11241100x8000000000000000421559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.478{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d259ef0b0adf05e2021-12-21 10:45:52.478root 11241100x8000000000000000421560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.479{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb4f32a99e6a2702021-12-21 10:45:52.479root 11241100x8000000000000000421561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.480{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.191dc2b152f4ec162021-12-21 10:45:52.480root 11241100x8000000000000000421562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.481{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc1108b55d10dcf52021-12-21 10:45:52.481root 11241100x8000000000000000421563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.481{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aa7d88a7d842d182021-12-21 10:45:52.481root 11241100x8000000000000000421564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.481{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f81b96fddedf5c42021-12-21 10:45:52.481root 11241100x8000000000000000421565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.481{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddb80260927d8dc82021-12-21 10:45:52.481root 11241100x8000000000000000421566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.485{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a37ba17eae6800972021-12-21 10:45:52.485root 11241100x8000000000000000421567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.487{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ebc192992ef20cc2021-12-21 10:45:52.487root 11241100x8000000000000000421568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.487{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6795681ed64b13d62021-12-21 10:45:52.487root 11241100x8000000000000000421569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.489{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee718be91fffd0422021-12-21 10:45:52.489root 11241100x8000000000000000421570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.489{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee55781306fcd992021-12-21 10:45:52.489root 11241100x8000000000000000421571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.489{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d84debfa716348ce2021-12-21 10:45:52.489root 11241100x8000000000000000421572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.490{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31b85ef587626b5f2021-12-21 10:45:52.490root 11241100x8000000000000000421573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.490{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bda565d6b24273c2021-12-21 10:45:52.490root 11241100x8000000000000000421574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.491{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.082e1122ede9c8e12021-12-21 10:45:52.491root 11241100x8000000000000000421575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.491{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac682e904e3d9d8d2021-12-21 10:45:52.491root 11241100x8000000000000000421576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.491{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23deabaeeae161f22021-12-21 10:45:52.491root 11241100x8000000000000000421577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.491{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93150da8f640963e2021-12-21 10:45:52.491root 11241100x8000000000000000421578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.493{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74b4421bc9b7d2762021-12-21 10:45:52.493root 11241100x8000000000000000421579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.493{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f32fcf238fb425b62021-12-21 10:45:52.493root 11241100x8000000000000000421580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.493{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19528a5ee9a208012021-12-21 10:45:52.493root 11241100x8000000000000000421581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.496{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ec7a6c8cd57e832021-12-21 10:45:52.496root 11241100x8000000000000000421582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.496{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86222084607a88572021-12-21 10:45:52.496root 11241100x8000000000000000421583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.498{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.940f55f5f81f9e6e2021-12-21 10:45:52.498root 11241100x8000000000000000421584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.499{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4f9de6b9d26e35c2021-12-21 10:45:52.499root 11241100x8000000000000000421585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.499{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc55571c8b040672021-12-21 10:45:52.499root 11241100x8000000000000000421586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.499{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5213d065802406d2021-12-21 10:45:52.499root 11241100x8000000000000000421587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.499{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f611ae74f0b822202021-12-21 10:45:52.499root 11241100x8000000000000000421588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.499{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c09a78f1f7f1212021-12-21 10:45:52.499root 11241100x8000000000000000421589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.499{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5db22b29d2006052021-12-21 10:45:52.499root 11241100x8000000000000000421590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.501{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b3ad8c460387dc62021-12-21 10:45:52.501root 11241100x8000000000000000421591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.502{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.659ed04eccde48222021-12-21 10:45:52.502root 11241100x8000000000000000421592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.502{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e51b1d3e86c452322021-12-21 10:45:52.502root 11241100x8000000000000000421593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.502{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7081a4942e6b2082021-12-21 10:45:52.502root 11241100x8000000000000000421594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.502{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f65c91512d286042021-12-21 10:45:52.502root 11241100x8000000000000000421595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.502{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cb422233ee72c662021-12-21 10:45:52.502root 11241100x8000000000000000421596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.502{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9267ecfffeae99f2021-12-21 10:45:52.502root 11241100x8000000000000000421597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.502{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d5458e1571468842021-12-21 10:45:52.502root 11241100x8000000000000000421598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.506{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93830c4c1ab791e82021-12-21 10:45:52.506root 11241100x8000000000000000421599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.506{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d6ddfab827f5012021-12-21 10:45:52.506root 11241100x8000000000000000421600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.506{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a58b819aac746272021-12-21 10:45:52.506root 11241100x8000000000000000421601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.506{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66597280dea32b062021-12-21 10:45:52.506root 11241100x8000000000000000421602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.506{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c479783094fd45f2021-12-21 10:45:52.506root 11241100x8000000000000000421603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.508{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38dcda9f6c5ca3482021-12-21 10:45:52.508root 11241100x8000000000000000421604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.508{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b736903a8ccfe4f62021-12-21 10:45:52.508root 11241100x8000000000000000421605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.509{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa9882fc42bbd5782021-12-21 10:45:52.509root 11241100x8000000000000000421606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.509{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e72bfa573e4b1f9d2021-12-21 10:45:52.509root 11241100x8000000000000000421607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.509{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d267f4da8186be62021-12-21 10:45:52.509root 11241100x8000000000000000421608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.509{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eed0ceb39c1cbd22021-12-21 10:45:52.509root 11241100x8000000000000000421609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.509{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bb8bec65ec11c772021-12-21 10:45:52.509root 11241100x8000000000000000421610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.509{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c02ceb0f73684ff52021-12-21 10:45:52.509root 11241100x8000000000000000421611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.511{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.127c3d25fb6d4d3b2021-12-21 10:45:52.511root 11241100x8000000000000000421612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.512{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d2fa4ddb63d47f2021-12-21 10:45:52.512root 11241100x8000000000000000421613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.512{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9126854e13e019a2021-12-21 10:45:52.512root 11241100x8000000000000000421614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.512{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d32726d67e940e262021-12-21 10:45:52.512root 11241100x8000000000000000421615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.512{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f149f3a59f0493bd2021-12-21 10:45:52.512root 11241100x8000000000000000421616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.512{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bea5c0cd864df4762021-12-21 10:45:52.512root 11241100x8000000000000000421617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.512{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98912c60093950002021-12-21 10:45:52.512root 11241100x8000000000000000421618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.512{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.172655761b9e6dd62021-12-21 10:45:52.512root 11241100x8000000000000000421619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.516{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b5d5607942c01e2021-12-21 10:45:52.516root 11241100x8000000000000000421620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.516{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970f01659c2af0282021-12-21 10:45:52.516root 11241100x8000000000000000421621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.519{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e127804c2aa5edc12021-12-21 10:45:52.519root 11241100x8000000000000000421622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.519{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e271ed9483387a2021-12-21 10:45:52.519root 11241100x8000000000000000421623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.519{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b46efc11ebf3e8b62021-12-21 10:45:52.519root 11241100x8000000000000000421624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.520{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53aeaa687be80cb02021-12-21 10:45:52.520root 11241100x8000000000000000421625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.521{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db82454ec5499d232021-12-21 10:45:52.521root 11241100x8000000000000000421626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.521{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47776e69c1418b222021-12-21 10:45:52.521root 11241100x8000000000000000421627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.521{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a9b559067562db52021-12-21 10:45:52.521root 11241100x8000000000000000421628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.522{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1b1f8e28874d6c32021-12-21 10:45:52.522root 11241100x8000000000000000421629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.522{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c712da2265f1c3f2021-12-21 10:45:52.522root 11241100x8000000000000000421630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.522{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dea774b7a08e6802021-12-21 10:45:52.522root 11241100x8000000000000000421631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.522{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233eb16efdbfd3402021-12-21 10:45:52.522root 11241100x8000000000000000421632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.522{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b00c7ca8afda952021-12-21 10:45:52.522root 11241100x8000000000000000421633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.522{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc3381a468463052021-12-21 10:45:52.522root 11241100x8000000000000000421634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.523{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a58679e427a299552021-12-21 10:45:52.523root 11241100x8000000000000000421635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.523{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b5678d666711fa92021-12-21 10:45:52.523root 11241100x8000000000000000421636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.523{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.196e9f6cb0d913b82021-12-21 10:45:52.523root 11241100x8000000000000000421637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.523{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b40b15733267762021-12-21 10:45:52.523root 11241100x8000000000000000421638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.523{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fdc7083f21261442021-12-21 10:45:52.523root 11241100x8000000000000000421639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.523{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.635d971d59efb89d2021-12-21 10:45:52.523root 11241100x8000000000000000421640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.523{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72071153378f507b2021-12-21 10:45:52.523root 11241100x8000000000000000421641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.523{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad44549ee9501a8c2021-12-21 10:45:52.523root 11241100x8000000000000000421642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.524{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.660599c9b8ae121e2021-12-21 10:45:52.524root 11241100x8000000000000000421643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.524{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a056638798c434b72021-12-21 10:45:52.524root 11241100x8000000000000000421644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.524{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49210405d21aac3e2021-12-21 10:45:52.524root 11241100x8000000000000000421645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.524{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd0e407784c54d72021-12-21 10:45:52.524root 11241100x8000000000000000421646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.524{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d67fc3af6bdd7f92021-12-21 10:45:52.524root 11241100x8000000000000000421647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.524{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad8628910bfcd3e52021-12-21 10:45:52.524root 11241100x8000000000000000421648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.524{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ec2c167d913dcb42021-12-21 10:45:52.524root 11241100x8000000000000000421649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.525{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa6217e4d07918c2021-12-21 10:45:52.525root 11241100x8000000000000000421650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.525{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1cfb357fb185872021-12-21 10:45:52.525root 11241100x8000000000000000421651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.525{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df75d9d2cd665bed2021-12-21 10:45:52.525root 11241100x8000000000000000421652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.525{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd3ce01130f3e842021-12-21 10:45:52.525root 11241100x8000000000000000421653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.525{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10964ccd8710d6562021-12-21 10:45:52.525root 11241100x8000000000000000421654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.525{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a8cac6f2c70a74f2021-12-21 10:45:52.525root 11241100x8000000000000000421655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.525{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c889d2e9607955172021-12-21 10:45:52.525root 11241100x8000000000000000421656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.525{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac633f04995da70b2021-12-21 10:45:52.525root 11241100x8000000000000000421657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.525{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd527f135fddf1332021-12-21 10:45:52.525root 11241100x8000000000000000421658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.525{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c68d0fec59a45f2021-12-21 10:45:52.525root 11241100x8000000000000000421659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.526{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d1c1a62138784742021-12-21 10:45:52.526root 11241100x8000000000000000421660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.530{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.318843df80ff28f42021-12-21 10:45:52.530root 11241100x8000000000000000421661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.530{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d5386ffa0ce7d22021-12-21 10:45:52.530root 11241100x8000000000000000421662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.530{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b834efd007c5342021-12-21 10:45:52.530root 11241100x8000000000000000421663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.530{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b51bdacfd23293232021-12-21 10:45:52.530root 11241100x8000000000000000421664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.530{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e21a5c2baede2c2021-12-21 10:45:52.530root 11241100x8000000000000000421665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.530{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72ae943e09688d52021-12-21 10:45:52.530root 11241100x8000000000000000421666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.530{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7a847ca8059905e2021-12-21 10:45:52.530root 11241100x8000000000000000421667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.530{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d7f7381dc66b282021-12-21 10:45:52.530root 11241100x8000000000000000421668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.531{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ead19765b49859922021-12-21 10:45:52.531root 11241100x8000000000000000421669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.531{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f2a5426970b62a2021-12-21 10:45:52.531root 11241100x8000000000000000421670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.531{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b0a625e8016fa02021-12-21 10:45:52.531root 11241100x8000000000000000421671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.531{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ff0a3555535bcf2021-12-21 10:45:52.531root 11241100x8000000000000000421672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.531{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76a1a16a9ce5d4dd2021-12-21 10:45:52.531root 11241100x8000000000000000421673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.531{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f4e19bb6ba484a2021-12-21 10:45:52.531root 11241100x8000000000000000421674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.531{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.855171f2f386d45d2021-12-21 10:45:52.531root 11241100x8000000000000000421675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.531{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fda350d5cc6fa4782021-12-21 10:45:52.531root 11241100x8000000000000000421676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8fc58e565fa7aae2021-12-21 10:45:52.943root 11241100x8000000000000000421677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d5527d0e9025d872021-12-21 10:45:52.943root 11241100x8000000000000000421678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a59c632fdbc1c6d52021-12-21 10:45:52.943root 11241100x8000000000000000421679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.163aed2f509eafc42021-12-21 10:45:52.943root 11241100x8000000000000000421680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da8da8700b9fe2b32021-12-21 10:45:52.944root 11241100x8000000000000000421681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e5e6830c274dd02021-12-21 10:45:52.944root 11241100x8000000000000000421682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c176810fcd87242021-12-21 10:45:52.944root 11241100x8000000000000000421683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1dbb20c542d07932021-12-21 10:45:52.944root 11241100x8000000000000000421684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23ec185270d30ed22021-12-21 10:45:52.944root 11241100x8000000000000000421685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba7eba79dd3f7622021-12-21 10:45:52.944root 11241100x8000000000000000421686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b7361fa74ab7282021-12-21 10:45:52.944root 11241100x8000000000000000421687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a81cf2a02c78b32021-12-21 10:45:52.944root 11241100x8000000000000000421688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c0eeac83a672902021-12-21 10:45:52.944root 11241100x8000000000000000421689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef5477824e686f322021-12-21 10:45:52.944root 11241100x8000000000000000421690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18303682a9887a72021-12-21 10:45:52.944root 11241100x8000000000000000421691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a957c4fbfbb7d872021-12-21 10:45:52.944root 11241100x8000000000000000421692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa826bb8772a73522021-12-21 10:45:52.944root 11241100x8000000000000000421693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59ee61973d548132021-12-21 10:45:52.944root 11241100x8000000000000000421694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1885cfeb327efae2021-12-21 10:45:52.944root 11241100x8000000000000000421695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d87517cf08927052021-12-21 10:45:52.945root 11241100x8000000000000000421696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99dac4056e749a532021-12-21 10:45:52.945root 11241100x8000000000000000421697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3ca626529feec52021-12-21 10:45:52.945root 11241100x8000000000000000421698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9be38f4059ffe8b52021-12-21 10:45:52.945root 11241100x8000000000000000421699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe8861df2e9aa7b02021-12-21 10:45:52.948root 11241100x8000000000000000421700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1381a8dec4c52b592021-12-21 10:45:52.948root 11241100x8000000000000000421701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a965f05e974be4852021-12-21 10:45:52.948root 11241100x8000000000000000421702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d14dd5883d72f6a2021-12-21 10:45:52.948root 11241100x8000000000000000421703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d3726bb6067c4ab2021-12-21 10:45:52.949root 11241100x8000000000000000421704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daa874d67e9868912021-12-21 10:45:52.949root 11241100x8000000000000000421705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8362a505365c78442021-12-21 10:45:52.949root 11241100x8000000000000000421706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee115711c4b3d632021-12-21 10:45:52.949root 11241100x8000000000000000421707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdda18b8131975a02021-12-21 10:45:52.949root 11241100x8000000000000000421708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.245ca1fcf5710b7d2021-12-21 10:45:52.949root 11241100x8000000000000000421709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c381d49eb81d3a0b2021-12-21 10:45:52.949root 11241100x8000000000000000421710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.614d8d662e315a432021-12-21 10:45:52.949root 11241100x8000000000000000421711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4c5588a9d528ab2021-12-21 10:45:52.949root 11241100x8000000000000000421712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dc9797f655dcc882021-12-21 10:45:52.949root 11241100x8000000000000000421713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:45:52.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48cdb8fcb968b5d22021-12-21 10:45:52.949root 354300x8000000000000000421771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:04.226{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47570-false10.0.1.12-8000- 11241100x8000000000000000421772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:04.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d196157f6fc4acb2021-12-21 10:46:04.692root 11241100x8000000000000000421773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:05.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70dafd8f07ad565d2021-12-21 10:46:05.192root 11241100x8000000000000000421774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:05.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e4911d85f0ec5a2021-12-21 10:46:05.692root 11241100x8000000000000000421775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:06.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5519a61f197e1ef22021-12-21 10:46:06.192root 11241100x8000000000000000421776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:06.342{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 10:46:06.342root 11241100x8000000000000000421777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:06.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fdc2d18997a6bb12021-12-21 10:46:06.692root 11241100x8000000000000000421778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.184485c342ce1be12021-12-21 10:46:06.693root 11241100x8000000000000000421779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:07.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ea6a2cd00f2f692021-12-21 10:46:07.192root 11241100x8000000000000000421780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b4cbf1b519d55682021-12-21 10:46:07.193root 11241100x8000000000000000421781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:07.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0afd2f2c141a6472021-12-21 10:46:07.692root 11241100x8000000000000000421782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:07.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e37d06762c460c22021-12-21 10:46:07.692root 11241100x8000000000000000421783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:08.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.285e4c738b1197032021-12-21 10:46:08.192root 11241100x8000000000000000421784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:08.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e3231c755a424852021-12-21 10:46:08.192root 11241100x8000000000000000421785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:08.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeb61ca2492dea0d2021-12-21 10:46:08.692root 11241100x8000000000000000421786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c464e337bc592b2021-12-21 10:46:08.693root 11241100x8000000000000000421787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:09.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d778a7c37ea85a2021-12-21 10:46:09.192root 11241100x8000000000000000421788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:09.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0857aed3503d74832021-12-21 10:46:09.192root 23542300x8000000000000000421789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:09.343{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000421790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:09.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef1b17a2f57d40e42021-12-21 10:46:09.692root 11241100x8000000000000000421791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:09.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd91621fa45d09a72021-12-21 10:46:09.692root 11241100x8000000000000000421792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad144c84645eb9c2021-12-21 10:46:09.693root 154100x8000000000000000421793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:09.735{ec2b6afe-b071-61c1-080e-3d21a7550000}9784/usr/bin/sudo-----sudo visudo/home/ubuntuubuntu{ec2b6afe-aacb-61c1-e803-000000000000}10006no level-{ec2b6afe-aacb-61c1-0834-fdd63c560000}5677/bin/bash-bashubuntu 354300x8000000000000000421794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:09.739{ec2b6afe-b071-61c1-080e-3d21a7550000}9784/usr/bin/sudoubuntuudptruefalse127.0.0.1-56798-false127.0.0.53-53- 354300x8000000000000000421795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:09.739{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-41269-false10.0.0.2-53- 354300x8000000000000000421796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:09.739{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-37428-false10.0.0.2-53- 354300x8000000000000000421797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:09.740{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-56798- 354300x8000000000000000421798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:09.740{ec2b6afe-b071-61c1-080e-3d21a7550000}9784/usr/bin/sudoubuntuudpfalsefalse127.0.0.53-53-false127.0.0.1-56798- 354300x8000000000000000421799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:09.741{ec2b6afe-b071-61c1-080e-3d21a7550000}9784/usr/bin/sudoubuntuudptruefalse127.0.0.1-35725-false127.0.0.53-53- 354300x8000000000000000421800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:09.741{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-35725- 154100x8000000000000000421801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:09.744{ec2b6afe-b071-61c1-68bd-76d991550000}9785/usr/sbin/visudo-----visudo/home/ubunturoot{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-b071-61c1-080e-3d21a7550000}9784/usr/bin/sudosudoubuntu 11241100x8000000000000000421802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:09.747{ec2b6afe-b071-61c1-68bd-76d991550000}9785/usr/sbin/visudo/etc/sudoers.tmp2021-12-21 10:46:09.747root 154100x8000000000000000421803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:09.748{ec2b6afe-b071-61c1-8062-3ae1dd550000}9786/bin/nano-----/usr/bin/editor -- /etc/sudoers.tmp/home/ubunturoot{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-b071-61c1-68bd-76d991550000}9785/usr/sbin/visudovisudoroot 11241100x8000000000000000421804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:09.766{ec2b6afe-b071-61c1-8062-3ae1dd550000}9786/bin/nano/etc/.sudoers.tmp.swp2021-12-21 10:46:09.766root 354300x8000000000000000421805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:10.019{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47572-false10.0.1.12-8000- 11241100x8000000000000000421806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:10.020{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae05bdf0f87e96b92021-12-21 10:46:10.020root 11241100x8000000000000000421807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:10.020{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc06c1893db370372021-12-21 10:46:10.020root 11241100x8000000000000000421808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:10.021{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e406feb22c0247bb2021-12-21 10:46:10.021root 11241100x8000000000000000421809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:10.021{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36dc4e7bf222b6ab2021-12-21 10:46:10.021root 11241100x8000000000000000421810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:10.021{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8be2cbfff9deb752021-12-21 10:46:10.021root 11241100x8000000000000000421811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:10.021{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a50169b1e5542c2021-12-21 10:46:10.021root 11241100x8000000000000000421812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:10.021{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88032af83d57c6852021-12-21 10:46:10.021root 11241100x8000000000000000421813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:10.021{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec775e9d520c924b2021-12-21 10:46:10.021root 11241100x8000000000000000421814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:10.021{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a7bb194c1c6f2b2021-12-21 10:46:10.021root 11241100x8000000000000000421815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:10.021{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b77282440d4d2b2021-12-21 10:46:10.021root 11241100x8000000000000000421816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:10.021{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d18a32cb25aea42021-12-21 10:46:10.021root 11241100x8000000000000000421817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:10.021{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f19d865cd2f1c4262021-12-21 10:46:10.021root 11241100x8000000000000000421818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:10.021{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef728a8515f72bff2021-12-21 10:46:10.021root 11241100x8000000000000000421819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:10.021{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52860b9585633fb62021-12-21 10:46:10.021root 11241100x8000000000000000421820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:10.021{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ae17bcd001fa272021-12-21 10:46:10.021root 11241100x8000000000000000421821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:10.021{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.263c0cc76a9a76882021-12-21 10:46:10.021root 11241100x8000000000000000421822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.474f851ca2b24fb32021-12-21 10:46:10.444root 11241100x8000000000000000421823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27348a74b8e5f4d22021-12-21 10:46:10.444root 11241100x8000000000000000421824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.760455de56a1304d2021-12-21 10:46:10.445root 11241100x8000000000000000421825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9651f4c70f2cf3542021-12-21 10:46:10.445root 11241100x8000000000000000421826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7550c4e2550ebae12021-12-21 10:46:10.445root 11241100x8000000000000000421827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65a634244bd7f3a02021-12-21 10:46:10.445root 11241100x8000000000000000421828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dcfd381e73ad2392021-12-21 10:46:10.445root 11241100x8000000000000000421829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.163b8f47fe87440f2021-12-21 10:46:10.445root 11241100x8000000000000000421830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d138e73188a27c92021-12-21 10:46:10.445root 11241100x8000000000000000421831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8fd504813cf51812021-12-21 10:46:10.445root 11241100x8000000000000000421832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f941757f6ecf0c2021-12-21 10:46:10.445root 11241100x8000000000000000421833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f1c613d65c68292021-12-21 10:46:10.446root 11241100x8000000000000000421834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c217d15143c9fe6d2021-12-21 10:46:10.446root 11241100x8000000000000000421835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b80d95693b4110882021-12-21 10:46:10.446root 11241100x8000000000000000421836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd5c5fae79a0e3d2021-12-21 10:46:10.446root 11241100x8000000000000000421837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d296a812e6dfe1c2021-12-21 10:46:10.446root 11241100x8000000000000000421838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.284170b599d7ad992021-12-21 10:46:10.943root 11241100x8000000000000000421839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.111bec78d23218462021-12-21 10:46:10.943root 11241100x8000000000000000421840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.121b7cc356c8a2d62021-12-21 10:46:10.943root 11241100x8000000000000000421841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0232270e77f4c2e82021-12-21 10:46:10.943root 11241100x8000000000000000421842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d36c01fdcc7c95712021-12-21 10:46:10.943root 11241100x8000000000000000421843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc017f58b094d522021-12-21 10:46:10.944root 11241100x8000000000000000421844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e576bad93016312d2021-12-21 10:46:10.944root 11241100x8000000000000000421845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c92ef38a2e5b902021-12-21 10:46:10.944root 11241100x8000000000000000421846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1482fce3653a1dbb2021-12-21 10:46:10.944root 11241100x8000000000000000421847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abfbd1d8fa844b5d2021-12-21 10:46:10.944root 11241100x8000000000000000421848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b98b78d21f287e62021-12-21 10:46:10.944root 11241100x8000000000000000421849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc8dd01918d302d2021-12-21 10:46:10.944root 11241100x8000000000000000421850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e153b9be79e094602021-12-21 10:46:10.944root 11241100x8000000000000000421851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec39500d37ca1e22021-12-21 10:46:10.944root 11241100x8000000000000000421852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36ddacb7edf807752021-12-21 10:46:10.944root 11241100x8000000000000000421853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9af06959781f3f772021-12-21 10:46:10.944root 11241100x8000000000000000421854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9abfce1977c0f4bd2021-12-21 10:46:11.443root 11241100x8000000000000000421855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b128ab0969300dc42021-12-21 10:46:11.443root 11241100x8000000000000000421856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53779c434a1738c82021-12-21 10:46:11.443root 11241100x8000000000000000421857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1dbf38ab9da5d062021-12-21 10:46:11.443root 11241100x8000000000000000421858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b393a24153d00ba2021-12-21 10:46:11.443root 11241100x8000000000000000421859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b14598a24d419622021-12-21 10:46:11.443root 11241100x8000000000000000421860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49113780265d18922021-12-21 10:46:11.443root 11241100x8000000000000000421861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceda518861c8e3382021-12-21 10:46:11.443root 11241100x8000000000000000421862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1b5f075b2af1a22021-12-21 10:46:11.443root 11241100x8000000000000000421863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709fec00963c2df42021-12-21 10:46:11.444root 11241100x8000000000000000421864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9ea0ec41fcf701c2021-12-21 10:46:11.444root 11241100x8000000000000000421865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b406cd8eb1504952021-12-21 10:46:11.444root 11241100x8000000000000000421866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55800d535f046ba22021-12-21 10:46:11.444root 11241100x8000000000000000421867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9995b19cd0fccdfd2021-12-21 10:46:11.444root 11241100x8000000000000000421868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c0275bfbd5cac662021-12-21 10:46:11.444root 11241100x8000000000000000421869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca8e019ff6a950e2021-12-21 10:46:11.444root 11241100x8000000000000000421870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d15028ce3d659502021-12-21 10:46:11.943root 11241100x8000000000000000421871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5d316f96060b9902021-12-21 10:46:11.943root 11241100x8000000000000000421872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb460f0622aa0d4f2021-12-21 10:46:11.943root 11241100x8000000000000000421873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d04569d3dae8e50e2021-12-21 10:46:11.943root 11241100x8000000000000000421874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63899b209a4b53c52021-12-21 10:46:11.943root 11241100x8000000000000000421875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d3a6aaa216db5bc2021-12-21 10:46:11.943root 11241100x8000000000000000421876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db6fcb63a885691f2021-12-21 10:46:11.944root 11241100x8000000000000000421877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b1403d90120ed02021-12-21 10:46:11.944root 11241100x8000000000000000421878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d178db7246ea4f02021-12-21 10:46:11.944root 11241100x8000000000000000421879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cead6d2cb8c134422021-12-21 10:46:11.944root 11241100x8000000000000000421880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd1b6d0a16b65f12021-12-21 10:46:11.944root 11241100x8000000000000000421881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.231518d982c167472021-12-21 10:46:11.944root 11241100x8000000000000000421882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.852961300b294fdf2021-12-21 10:46:11.944root 11241100x8000000000000000421883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a8febf19f421e6c2021-12-21 10:46:11.944root 11241100x8000000000000000421884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4506675083b9aab12021-12-21 10:46:11.944root 11241100x8000000000000000421885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e5239ddc5f8a7d52021-12-21 10:46:11.944root 11241100x8000000000000000421886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dfac822252213ee2021-12-21 10:46:12.443root 11241100x8000000000000000421887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900e798217ffa0682021-12-21 10:46:12.443root 11241100x8000000000000000421888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb50f08c00c383362021-12-21 10:46:12.443root 11241100x8000000000000000421889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.971924a9bdd492f22021-12-21 10:46:12.443root 11241100x8000000000000000421890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a8c567240245852021-12-21 10:46:12.443root 11241100x8000000000000000421891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37fdd5dcd8852432021-12-21 10:46:12.443root 11241100x8000000000000000421892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c46b3075f8862aa2021-12-21 10:46:12.444root 11241100x8000000000000000421893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7cfb2a7c1f58e292021-12-21 10:46:12.444root 11241100x8000000000000000421894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.962ae6a87413121a2021-12-21 10:46:12.444root 11241100x8000000000000000421895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e11b6ef3b2562c2021-12-21 10:46:12.444root 11241100x8000000000000000421896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8b25cef21e475532021-12-21 10:46:12.444root 11241100x8000000000000000421897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dccdc083f9effd952021-12-21 10:46:12.444root 11241100x8000000000000000421898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.192b3673785746a32021-12-21 10:46:12.444root 11241100x8000000000000000421899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6188ecfdd84276e2021-12-21 10:46:12.444root 11241100x8000000000000000421900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28fef5e3f6ced5ff2021-12-21 10:46:12.444root 11241100x8000000000000000421901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ff8ca01d3caa7002021-12-21 10:46:12.444root 11241100x8000000000000000421902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e47a95ad20f3d682021-12-21 10:46:12.943root 11241100x8000000000000000421903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19842e0ea28102932021-12-21 10:46:12.943root 11241100x8000000000000000421904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a500bcdad2e060fc2021-12-21 10:46:12.943root 11241100x8000000000000000421905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.729eafa4a20d99762021-12-21 10:46:12.943root 11241100x8000000000000000421906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02cbfaf18e3dd6a52021-12-21 10:46:12.943root 11241100x8000000000000000421907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467174bc1d2f74552021-12-21 10:46:12.943root 11241100x8000000000000000421908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf9c653ef875f5b2021-12-21 10:46:12.943root 11241100x8000000000000000421909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f616b3de17a32d522021-12-21 10:46:12.943root 11241100x8000000000000000421910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3094bf3926099c402021-12-21 10:46:12.943root 11241100x8000000000000000421911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02c2ad872b4c0ba82021-12-21 10:46:12.944root 11241100x8000000000000000421912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d4f66f16ce139132021-12-21 10:46:12.944root 11241100x8000000000000000421913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.567904d3fd615c202021-12-21 10:46:12.944root 11241100x8000000000000000421914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.836f18d99f26b4a82021-12-21 10:46:12.944root 11241100x8000000000000000421915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f0677f38e3481cc2021-12-21 10:46:12.944root 11241100x8000000000000000421916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a90c19c088e21d342021-12-21 10:46:12.944root 11241100x8000000000000000421917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82f0fb3255c6f0722021-12-21 10:46:12.944root 11241100x8000000000000000421918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2571a4fdf856fbea2021-12-21 10:46:12.944root 11241100x8000000000000000421919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caaaa875368adbeb2021-12-21 10:46:12.944root 11241100x8000000000000000421920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db6c879dae15b922021-12-21 10:46:12.945root 11241100x8000000000000000421921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fceec2df467d9ee2021-12-21 10:46:13.443root 11241100x8000000000000000421922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a60d90bdebfe0d882021-12-21 10:46:13.443root 11241100x8000000000000000421923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37bf29e79fa766b32021-12-21 10:46:13.443root 11241100x8000000000000000421924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c45ad3d8db50ed2021-12-21 10:46:13.443root 11241100x8000000000000000421925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f24c0bf6f4b23c422021-12-21 10:46:13.443root 11241100x8000000000000000421926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0335a0b0ed90ae62021-12-21 10:46:13.443root 11241100x8000000000000000421927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dfa606db8f251072021-12-21 10:46:13.443root 11241100x8000000000000000421928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d8890d157e5e9d2021-12-21 10:46:13.443root 11241100x8000000000000000421929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fb9171e55ce216f2021-12-21 10:46:13.444root 11241100x8000000000000000421930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fde9963103d69a32021-12-21 10:46:13.444root 11241100x8000000000000000421931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c8d84f3f413c0512021-12-21 10:46:13.444root 11241100x8000000000000000421932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b2cd26abb83b2d2021-12-21 10:46:13.444root 11241100x8000000000000000421933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d769ae4384423f22021-12-21 10:46:13.444root 11241100x8000000000000000421934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e8b633a24f8c00d2021-12-21 10:46:13.444root 11241100x8000000000000000421935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a755b572a664782021-12-21 10:46:13.444root 11241100x8000000000000000421936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b5f2251753cc042021-12-21 10:46:13.444root 11241100x8000000000000000421937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.502b38283cb329e22021-12-21 10:46:13.943root 11241100x8000000000000000421938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a283f8d114c5b8fc2021-12-21 10:46:13.943root 11241100x8000000000000000421939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05d7358ff2e57cdc2021-12-21 10:46:13.943root 11241100x8000000000000000421940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b41c549a94880fde2021-12-21 10:46:13.943root 11241100x8000000000000000421941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b92519cc5142846a2021-12-21 10:46:13.943root 11241100x8000000000000000421942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc176e05ad73c402021-12-21 10:46:13.943root 11241100x8000000000000000421943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.672bac0afd4777982021-12-21 10:46:13.944root 11241100x8000000000000000421944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc89e8436e748a62021-12-21 10:46:13.944root 11241100x8000000000000000421945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.116cbaf6f14c3c492021-12-21 10:46:13.944root 11241100x8000000000000000421946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a2e45bf626b2c12021-12-21 10:46:13.944root 11241100x8000000000000000421947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eccdeadb708257e12021-12-21 10:46:13.944root 11241100x8000000000000000421948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1434c8ef3cb1bba72021-12-21 10:46:13.944root 11241100x8000000000000000421949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c9801925881f0b2021-12-21 10:46:13.944root 11241100x8000000000000000421950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7ea4019b58eddd02021-12-21 10:46:13.944root 11241100x8000000000000000421951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd8810245a077232021-12-21 10:46:13.944root 11241100x8000000000000000421952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18653504eae0b54c2021-12-21 10:46:13.944root 11241100x8000000000000000421953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca6d78fcbb1153f2021-12-21 10:46:14.443root 11241100x8000000000000000421954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04f30f9ef583bed42021-12-21 10:46:14.443root 11241100x8000000000000000421955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfcf8e5a8c3d47b52021-12-21 10:46:14.443root 11241100x8000000000000000421956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc206972ff4a8b672021-12-21 10:46:14.443root 11241100x8000000000000000421957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eebcb80668623c882021-12-21 10:46:14.443root 11241100x8000000000000000421958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56765755bcb5ed732021-12-21 10:46:14.443root 11241100x8000000000000000421959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c263880a61cfb4502021-12-21 10:46:14.444root 11241100x8000000000000000421960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ccbfe17ea928c72021-12-21 10:46:14.444root 11241100x8000000000000000421961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82e108616b4a3902021-12-21 10:46:14.444root 11241100x8000000000000000421962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f516c7480f940852021-12-21 10:46:14.444root 11241100x8000000000000000421963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb0f934b13b281b62021-12-21 10:46:14.444root 11241100x8000000000000000421964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7963712b95ed1d62021-12-21 10:46:14.444root 11241100x8000000000000000421965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2bc8a46b66852792021-12-21 10:46:14.444root 11241100x8000000000000000421966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c31887141e974b52021-12-21 10:46:14.444root 11241100x8000000000000000421967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2821a238a2bece142021-12-21 10:46:14.445root 11241100x8000000000000000421968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f3bb8e7e9d3f1a2021-12-21 10:46:14.445root 11241100x8000000000000000421969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.367875d1c603a7b52021-12-21 10:46:14.943root 11241100x8000000000000000421970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f65345e0ce77389b2021-12-21 10:46:14.943root 11241100x8000000000000000421971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa9723d7045ee3a2021-12-21 10:46:14.943root 11241100x8000000000000000421972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e39c66e0d3765a682021-12-21 10:46:14.943root 11241100x8000000000000000421973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3216b7d2e1d7922f2021-12-21 10:46:14.943root 11241100x8000000000000000421974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6fabddbbc6f2892021-12-21 10:46:14.943root 11241100x8000000000000000421975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7a76a9d3342b67e2021-12-21 10:46:14.944root 11241100x8000000000000000421976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5396ccdc169aaf862021-12-21 10:46:14.944root 11241100x8000000000000000421977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e3c269bad668992021-12-21 10:46:14.944root 11241100x8000000000000000421978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba557e8ffb226bb42021-12-21 10:46:14.944root 11241100x8000000000000000421979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a6d912dab81e5392021-12-21 10:46:14.944root 11241100x8000000000000000421980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d26a1378f4087572021-12-21 10:46:14.944root 11241100x8000000000000000421981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.845b6446c7290a462021-12-21 10:46:14.944root 11241100x8000000000000000421982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.187ac34a59f702952021-12-21 10:46:14.944root 11241100x8000000000000000421983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b168fe65c14e0112021-12-21 10:46:14.944root 11241100x8000000000000000421984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85dbedfb956215f12021-12-21 10:46:14.944root 354300x8000000000000000421985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:15.191{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47574-false10.0.1.12-8000- 11241100x8000000000000000421986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3956cab41310540b2021-12-21 10:46:15.443root 11241100x8000000000000000421987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f7d716861787b522021-12-21 10:46:15.443root 11241100x8000000000000000421988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a3d4efc2f481222021-12-21 10:46:15.443root 11241100x8000000000000000421989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e8817866cd3e452021-12-21 10:46:15.443root 11241100x8000000000000000421990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e5665e705b0d9ff2021-12-21 10:46:15.443root 11241100x8000000000000000421991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d339897276aa4e892021-12-21 10:46:15.443root 11241100x8000000000000000421992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1fa79eb2de6b82f2021-12-21 10:46:15.443root 11241100x8000000000000000421993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24957370d789d9172021-12-21 10:46:15.443root 11241100x8000000000000000421994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c414f2c0d79372be2021-12-21 10:46:15.444root 11241100x8000000000000000421995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d73cca48c522f22021-12-21 10:46:15.444root 11241100x8000000000000000421996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3078cb26aa14ea8b2021-12-21 10:46:15.444root 11241100x8000000000000000421997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a5f61c95b1e3a22021-12-21 10:46:15.444root 11241100x8000000000000000421998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d8d2bc3e0f1a9e2021-12-21 10:46:15.444root 11241100x8000000000000000421999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af5ee56e3d775fb22021-12-21 10:46:15.444root 11241100x8000000000000000422000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c2f40427482ab5a2021-12-21 10:46:15.444root 11241100x8000000000000000422001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af77868925b4bb92021-12-21 10:46:15.444root 11241100x8000000000000000422002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ce14d4b0c677312021-12-21 10:46:15.444root 11241100x8000000000000000422003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b86d83966084ab8f2021-12-21 10:46:15.943root 11241100x8000000000000000422004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f53f712a6f2a992021-12-21 10:46:15.943root 11241100x8000000000000000422005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.967758d954cf86d82021-12-21 10:46:15.943root 11241100x8000000000000000422006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3b1ada280b9b0a12021-12-21 10:46:15.943root 11241100x8000000000000000422007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6b52180fff4e9f52021-12-21 10:46:15.944root 11241100x8000000000000000422008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6768403fc71e94352021-12-21 10:46:15.944root 11241100x8000000000000000422009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e085a9980e4059ca2021-12-21 10:46:15.944root 11241100x8000000000000000422010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d0d639fd0771902021-12-21 10:46:15.944root 11241100x8000000000000000422011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea6b931de03821a2021-12-21 10:46:15.944root 11241100x8000000000000000422012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c5adb77a0d6dff2021-12-21 10:46:15.944root 11241100x8000000000000000422013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ec20d3b74247dd2021-12-21 10:46:15.944root 11241100x8000000000000000422014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71526e573b7fc6982021-12-21 10:46:15.944root 11241100x8000000000000000422015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f31c8a9285d504662021-12-21 10:46:15.944root 11241100x8000000000000000422016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c39d1bffba14022021-12-21 10:46:15.944root 11241100x8000000000000000422017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b8797f2ac32d1c2021-12-21 10:46:15.944root 11241100x8000000000000000422018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e0117fd60c84262021-12-21 10:46:15.944root 11241100x8000000000000000422019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96fe163c8e5dac282021-12-21 10:46:15.944root 11241100x8000000000000000422020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f11342200100b2e2021-12-21 10:46:16.443root 11241100x8000000000000000422021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d4820e707527782021-12-21 10:46:16.443root 11241100x8000000000000000422022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b60ee1ebacdedcb2021-12-21 10:46:16.443root 11241100x8000000000000000422023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b338d56f88e8c70e2021-12-21 10:46:16.443root 11241100x8000000000000000422024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee96bd2581ebd922021-12-21 10:46:16.443root 11241100x8000000000000000422025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e7e1a9cb2d71062021-12-21 10:46:16.443root 11241100x8000000000000000422026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5fea16f45a3e92b2021-12-21 10:46:16.444root 11241100x8000000000000000422027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a881672114afc52021-12-21 10:46:16.444root 11241100x8000000000000000422028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d8ec0a21f10fe732021-12-21 10:46:16.444root 11241100x8000000000000000422029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c0d675725889962021-12-21 10:46:16.444root 11241100x8000000000000000422030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33bb65d50917a6a02021-12-21 10:46:16.444root 11241100x8000000000000000422031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e744f2dd22755e2021-12-21 10:46:16.444root 11241100x8000000000000000422032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca70d4ad6ef8fa432021-12-21 10:46:16.444root 11241100x8000000000000000422033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.861491a4371e0d902021-12-21 10:46:16.444root 11241100x8000000000000000422034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aaa862e2da0d6162021-12-21 10:46:16.444root 11241100x8000000000000000422035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2848d1ab65e82f9b2021-12-21 10:46:16.444root 11241100x8000000000000000422036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94848ef48dc4f2cd2021-12-21 10:46:16.444root 11241100x8000000000000000422037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ba933fba68c991a2021-12-21 10:46:16.943root 11241100x8000000000000000422038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b6d2b5139bff302021-12-21 10:46:16.943root 11241100x8000000000000000422039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2882a9113b50f242021-12-21 10:46:16.943root 11241100x8000000000000000422040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf0262e50d1d1fb2021-12-21 10:46:16.943root 11241100x8000000000000000422041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcd7ff7c1a5488352021-12-21 10:46:16.943root 11241100x8000000000000000422042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e8df9df02bf7d62021-12-21 10:46:16.943root 11241100x8000000000000000422043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d0e85c29cdfac12021-12-21 10:46:16.943root 11241100x8000000000000000422044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6c4cff5e24f0362021-12-21 10:46:16.944root 11241100x8000000000000000422045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad62de592f92e1012021-12-21 10:46:16.944root 11241100x8000000000000000422046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a2a2733b776a8862021-12-21 10:46:16.944root 11241100x8000000000000000422047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.402ce2ed1bacbc7e2021-12-21 10:46:16.944root 11241100x8000000000000000422048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e567c95f2dc2ad632021-12-21 10:46:16.944root 11241100x8000000000000000422049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f9f493508e3ee32021-12-21 10:46:16.944root 11241100x8000000000000000422050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1173b4677561bdb2021-12-21 10:46:16.944root 11241100x8000000000000000422051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6623f56040f4cd902021-12-21 10:46:16.944root 11241100x8000000000000000422052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e01177d520a6b42021-12-21 10:46:16.944root 11241100x8000000000000000422053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889241c03dafdddf2021-12-21 10:46:16.944root 11241100x8000000000000000422054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1afb61ee39c2d2812021-12-21 10:46:17.443root 11241100x8000000000000000422055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd2204e0adf8b61f2021-12-21 10:46:17.443root 11241100x8000000000000000422056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e11cf804b47a25232021-12-21 10:46:17.443root 11241100x8000000000000000422057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b115bf23338aa4112021-12-21 10:46:17.443root 11241100x8000000000000000422058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea8cb1d34997b19d2021-12-21 10:46:17.443root 11241100x8000000000000000422059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd06a44af9f736492021-12-21 10:46:17.443root 11241100x8000000000000000422060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6065f316fdb7542e2021-12-21 10:46:17.444root 11241100x8000000000000000422061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599ef69885f015352021-12-21 10:46:17.444root 11241100x8000000000000000422062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e824ddd5076491e2021-12-21 10:46:17.444root 11241100x8000000000000000422063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a045db5a86a735ba2021-12-21 10:46:17.444root 11241100x8000000000000000422064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f1b4e458ae3f592021-12-21 10:46:17.444root 11241100x8000000000000000422065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7317b47e76c9787b2021-12-21 10:46:17.444root 11241100x8000000000000000422066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faee128d3f7592b82021-12-21 10:46:17.444root 11241100x8000000000000000422067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d35f2959511cdcd2021-12-21 10:46:17.444root 11241100x8000000000000000422068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096a494f2b92c9272021-12-21 10:46:17.444root 11241100x8000000000000000422069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4722acd0b5c2ae7f2021-12-21 10:46:17.444root 11241100x8000000000000000422070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4bf6b08b334969e2021-12-21 10:46:17.444root 11241100x8000000000000000422071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500f262fcd1f5c672021-12-21 10:46:17.943root 11241100x8000000000000000422072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd4baaf4b2d2d9b2021-12-21 10:46:17.943root 11241100x8000000000000000422073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0174d92511744f512021-12-21 10:46:17.943root 11241100x8000000000000000422074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3dce9fa24e38c172021-12-21 10:46:17.943root 11241100x8000000000000000422075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c65c03c159fb49a52021-12-21 10:46:17.943root 11241100x8000000000000000422076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244a3e96bc9f253a2021-12-21 10:46:17.943root 11241100x8000000000000000422077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca745c0969f29102021-12-21 10:46:17.943root 11241100x8000000000000000422078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41040292bcc0e4f62021-12-21 10:46:17.944root 11241100x8000000000000000422079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd7a6034fb328172021-12-21 10:46:17.944root 11241100x8000000000000000422080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e611aa27d9c1c4d2021-12-21 10:46:17.944root 11241100x8000000000000000422081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031c3e0620e8839f2021-12-21 10:46:17.944root 11241100x8000000000000000422082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.704f731f826967c62021-12-21 10:46:17.944root 11241100x8000000000000000422083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88367a6652e2cfd22021-12-21 10:46:17.944root 11241100x8000000000000000422084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcacb0d038b62e032021-12-21 10:46:17.944root 11241100x8000000000000000422085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.457436015caa1c722021-12-21 10:46:17.944root 11241100x8000000000000000422086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3859cdd491c61f532021-12-21 10:46:17.945root 11241100x8000000000000000422087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b39da588aae128c72021-12-21 10:46:17.945root 11241100x8000000000000000422088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f2694f7fcbdc7d12021-12-21 10:46:17.945root 11241100x8000000000000000422089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8140389a3ba2d3732021-12-21 10:46:18.443root 11241100x8000000000000000422090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd086a86c791c8c22021-12-21 10:46:18.443root 11241100x8000000000000000422091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1692be051f7250d92021-12-21 10:46:18.443root 11241100x8000000000000000422092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6a06366f44dcef42021-12-21 10:46:18.443root 11241100x8000000000000000422093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb75ba4406259fbb2021-12-21 10:46:18.443root 11241100x8000000000000000422094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0aa15ffa2fad35e2021-12-21 10:46:18.444root 11241100x8000000000000000422095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4617b8789da7e4e2021-12-21 10:46:18.444root 11241100x8000000000000000422096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5053695c000ed2042021-12-21 10:46:18.444root 11241100x8000000000000000422097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70bc6ccdc5682c2e2021-12-21 10:46:18.444root 11241100x8000000000000000422098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b0eba7de7ecadd2021-12-21 10:46:18.444root 11241100x8000000000000000422099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d68512221f69b6e2021-12-21 10:46:18.444root 11241100x8000000000000000422100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.698595ee7440fee62021-12-21 10:46:18.444root 11241100x8000000000000000422101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b97529d553d389032021-12-21 10:46:18.444root 11241100x8000000000000000422102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaba3a544641b2e12021-12-21 10:46:18.444root 11241100x8000000000000000422103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b0a1a01e500a8b2021-12-21 10:46:18.444root 11241100x8000000000000000422104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54843ca4d7f7b8a92021-12-21 10:46:18.444root 11241100x8000000000000000422105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6412d1f5f9fa5ba2021-12-21 10:46:18.444root 23542300x8000000000000000422106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:18.612{ec2b6afe-b071-61c1-8062-3ae1dd550000}9786root/bin/nano/etc/.sudoers.tmp.swp--- 11241100x8000000000000000422107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:18.612{ec2b6afe-b071-61c1-8062-3ae1dd550000}9786/bin/nano/etc/.sudoers.tmp.swp2021-12-21 10:46:18.612root 11241100x8000000000000000422108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbaf7ddd8e3d64122021-12-21 10:46:18.943root 11241100x8000000000000000422109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bba1d6fe5983b3a2021-12-21 10:46:18.943root 11241100x8000000000000000422110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5efa2585d1dd00872021-12-21 10:46:18.943root 11241100x8000000000000000422111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f3d6ba4bd15f2942021-12-21 10:46:18.943root 11241100x8000000000000000422112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244d5e3cc2f128ba2021-12-21 10:46:18.943root 11241100x8000000000000000422113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.090f65ca03d7cb9d2021-12-21 10:46:18.943root 11241100x8000000000000000422114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42a0d7272413a8ce2021-12-21 10:46:18.944root 11241100x8000000000000000422115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd1f096c2878c7592021-12-21 10:46:18.944root 11241100x8000000000000000422116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34687db4c1dd54a22021-12-21 10:46:18.944root 11241100x8000000000000000422117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8532a873301f4e2b2021-12-21 10:46:18.944root 11241100x8000000000000000422118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1db70367756e26d2021-12-21 10:46:18.944root 11241100x8000000000000000422119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e9bef8090c84042021-12-21 10:46:18.944root 11241100x8000000000000000422120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e111fcb1f2e4832021-12-21 10:46:18.944root 11241100x8000000000000000422121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99c8fe354bf6d6702021-12-21 10:46:18.944root 11241100x8000000000000000422122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68088bbd9eb7c7932021-12-21 10:46:18.944root 11241100x8000000000000000422123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.663f6e9fab7243f42021-12-21 10:46:18.945root 11241100x8000000000000000422124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb3918247bc52c42021-12-21 10:46:18.945root 11241100x8000000000000000422125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e1f9d38ad99f802021-12-21 10:46:18.945root 11241100x8000000000000000422126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbdffb57d4096ac02021-12-21 10:46:18.945root 11241100x8000000000000000422127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6973379d083d395e2021-12-21 10:46:19.443root 11241100x8000000000000000422128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a5ac0ecb04deee2021-12-21 10:46:19.443root 11241100x8000000000000000422129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7814640069fd1f672021-12-21 10:46:19.443root 11241100x8000000000000000422130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d456215fea5bcff2021-12-21 10:46:19.443root 11241100x8000000000000000422131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c7a3b910b1e3a442021-12-21 10:46:19.443root 11241100x8000000000000000422132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9ff003c6678ee0c2021-12-21 10:46:19.443root 11241100x8000000000000000422133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a74562050365fce2021-12-21 10:46:19.444root 11241100x8000000000000000422134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ba926c1bfeb6a42021-12-21 10:46:19.444root 11241100x8000000000000000422135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44061665bb97a27e2021-12-21 10:46:19.444root 11241100x8000000000000000422136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff15600790d84212021-12-21 10:46:19.444root 11241100x8000000000000000422137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4460147fc4bb68602021-12-21 10:46:19.444root 11241100x8000000000000000422138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e8a1c567fe66c62021-12-21 10:46:19.444root 11241100x8000000000000000422139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7168798adf14fbe2021-12-21 10:46:19.444root 11241100x8000000000000000422140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3ff3b773fb6d9222021-12-21 10:46:19.444root 11241100x8000000000000000422141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9319b1cfe457c28a2021-12-21 10:46:19.444root 11241100x8000000000000000422142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d4167618e696a02021-12-21 10:46:19.444root 11241100x8000000000000000422143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8cd58aa72ca467e2021-12-21 10:46:19.445root 11241100x8000000000000000422144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7731a68a6527e1a2021-12-21 10:46:19.445root 11241100x8000000000000000422145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e50c89ce04777ed2021-12-21 10:46:19.445root 11241100x8000000000000000422146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:19.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00687784fba97ea92021-12-21 10:46:19.942root 11241100x8000000000000000422147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7378345017fe4e462021-12-21 10:46:19.943root 11241100x8000000000000000422148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99eec17e1082708c2021-12-21 10:46:19.943root 11241100x8000000000000000422149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ace8ade4d77ee92021-12-21 10:46:19.943root 11241100x8000000000000000422150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.658e160cc00d1fed2021-12-21 10:46:19.943root 11241100x8000000000000000422151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a58f39f0d5a3e74e2021-12-21 10:46:19.943root 11241100x8000000000000000422152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff64c7cdf4aa4c32021-12-21 10:46:19.943root 11241100x8000000000000000422153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb28470603467872021-12-21 10:46:19.943root 11241100x8000000000000000422154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99c4b10cf7e724912021-12-21 10:46:19.943root 11241100x8000000000000000422155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d0637c136697532021-12-21 10:46:19.943root 11241100x8000000000000000422156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c07995c067a399ed2021-12-21 10:46:19.943root 11241100x8000000000000000422157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.634f4b7c0a0d70882021-12-21 10:46:19.943root 11241100x8000000000000000422158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93499e49d126e0322021-12-21 10:46:19.944root 11241100x8000000000000000422159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b211f885d94be36b2021-12-21 10:46:19.944root 11241100x8000000000000000422160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775afe57c4b772ee2021-12-21 10:46:19.944root 11241100x8000000000000000422161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8734f0736e1c78b82021-12-21 10:46:19.944root 11241100x8000000000000000422162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3677106c7f5ac5442021-12-21 10:46:19.944root 11241100x8000000000000000422163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ccff92cee0d1e1b2021-12-21 10:46:19.944root 11241100x8000000000000000422164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f6b070a2d8e8562021-12-21 10:46:19.944root 11241100x8000000000000000422165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af8af3726f5f28e2021-12-21 10:46:19.944root 11241100x8000000000000000422166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c6e34387907b922021-12-21 10:46:19.944root 354300x8000000000000000422167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:20.198{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47576-false10.0.1.12-8000- 11241100x8000000000000000422168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:20.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48372fed61c6ba972021-12-21 10:46:20.199root 11241100x8000000000000000422169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:20.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c62ab30abbaab6d32021-12-21 10:46:20.199root 11241100x8000000000000000422170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:20.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaaa4d27bd0f986e2021-12-21 10:46:20.199root 11241100x8000000000000000422171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:20.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ad26a7058aeeba2021-12-21 10:46:20.199root 11241100x8000000000000000422172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:20.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.813faaa170b422f02021-12-21 10:46:20.200root 11241100x8000000000000000422173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:20.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.206c4df9f3a7787a2021-12-21 10:46:20.200root 11241100x8000000000000000422174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:20.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b50e34a995f42632021-12-21 10:46:20.200root 11241100x8000000000000000422175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:20.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21194d55b426bdb32021-12-21 10:46:20.200root 11241100x8000000000000000422176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:20.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0921bf14fe8bcff2021-12-21 10:46:20.200root 11241100x8000000000000000422177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:20.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f7ed100ed06d512021-12-21 10:46:20.200root 11241100x8000000000000000422178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:20.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2761b64bc98bc722021-12-21 10:46:20.200root 11241100x8000000000000000422179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:20.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d63c508cd199d1772021-12-21 10:46:20.200root 11241100x8000000000000000422180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:20.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e1a89b24c7319f02021-12-21 10:46:20.200root 11241100x8000000000000000422181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:20.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f7e036bca8d55a02021-12-21 10:46:20.200root 11241100x8000000000000000422182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:20.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3453b51a0a99bf8f2021-12-21 10:46:20.200root 11241100x8000000000000000422183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:20.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.301fddbc9893f5872021-12-21 10:46:20.200root 11241100x8000000000000000422184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:20.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.711977317dd875372021-12-21 10:46:20.200root 11241100x8000000000000000422185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:20.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f11fb025185949592021-12-21 10:46:20.201root 11241100x8000000000000000422186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:20.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6cffee1660a81882021-12-21 10:46:20.201root 11241100x8000000000000000422187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:20.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff94947f768cc9ae2021-12-21 10:46:20.201root 11241100x8000000000000000422188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:20.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a7f5f8539007382021-12-21 10:46:20.201root 11241100x8000000000000000422189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:20.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27c46ce01a9a3a712021-12-21 10:46:20.201root 11241100x8000000000000000422190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:20.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e1c60815db8c4e2021-12-21 10:46:20.201root 11241100x8000000000000000422191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fff380e74589e232021-12-21 10:46:20.693root 11241100x8000000000000000422192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1625476d7b22402021-12-21 10:46:20.693root 11241100x8000000000000000422193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.786ba6a1266ad71e2021-12-21 10:46:20.693root 11241100x8000000000000000422194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.405af9b78b2e9f852021-12-21 10:46:20.693root 11241100x8000000000000000422195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d148b4a63e4cd69a2021-12-21 10:46:20.693root 11241100x8000000000000000422196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7390408b7bce94432021-12-21 10:46:20.694root 11241100x8000000000000000422197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292431c72eb5bcc52021-12-21 10:46:20.694root 11241100x8000000000000000422198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69edd30dccc079402021-12-21 10:46:20.694root 11241100x8000000000000000422199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a4233e6eca0d3882021-12-21 10:46:20.694root 11241100x8000000000000000422200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e815d13ae437712021-12-21 10:46:20.694root 11241100x8000000000000000422201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1106503b32a5b39a2021-12-21 10:46:20.694root 11241100x8000000000000000422202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf01bf1ed7f2013b2021-12-21 10:46:20.694root 11241100x8000000000000000422203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.908dae7e4b6030a52021-12-21 10:46:20.694root 11241100x8000000000000000422204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f675d623c0d4972021-12-21 10:46:20.695root 11241100x8000000000000000422205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa2dd6a4940e941a2021-12-21 10:46:20.695root 11241100x8000000000000000422206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4368ee286fb19b362021-12-21 10:46:20.695root 11241100x8000000000000000422207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b893a8af16bdd0162021-12-21 10:46:20.695root 11241100x8000000000000000422208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bfe73c714972c262021-12-21 10:46:20.695root 11241100x8000000000000000422209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1536c05e1dc04062021-12-21 10:46:20.695root 11241100x8000000000000000422210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97bdb0f456037a42021-12-21 10:46:20.695root 11241100x8000000000000000422211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4855d500a57f81032021-12-21 10:46:21.193root 11241100x8000000000000000422212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d0d93635e506a022021-12-21 10:46:21.193root 11241100x8000000000000000422213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51de143a892542f82021-12-21 10:46:21.193root 11241100x8000000000000000422214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.288614698f0016142021-12-21 10:46:21.193root 11241100x8000000000000000422215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4052c37354a510d2021-12-21 10:46:21.193root 11241100x8000000000000000422216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bef519a8420e77af2021-12-21 10:46:21.194root 11241100x8000000000000000422217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5834209c91746af12021-12-21 10:46:21.194root 11241100x8000000000000000422218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efdb3e9467aab1012021-12-21 10:46:21.194root 11241100x8000000000000000422219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2fe2693375b648f2021-12-21 10:46:21.194root 11241100x8000000000000000422220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce574853a6758c4f2021-12-21 10:46:21.194root 11241100x8000000000000000422221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c248450ec8e5b5f62021-12-21 10:46:21.194root 11241100x8000000000000000422222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae918ca8a53a4c92021-12-21 10:46:21.194root 11241100x8000000000000000422223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04532912d9d3c5722021-12-21 10:46:21.194root 11241100x8000000000000000422224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.286edcb0b24481592021-12-21 10:46:21.194root 11241100x8000000000000000422225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7239c029f748cf82021-12-21 10:46:21.194root 11241100x8000000000000000422226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b11892a2302fdf2021-12-21 10:46:21.194root 11241100x8000000000000000422227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.894aa91ee443316a2021-12-21 10:46:21.194root 11241100x8000000000000000422228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d1d281c98be7b02021-12-21 10:46:21.194root 11241100x8000000000000000422229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7deea8699a6415352021-12-21 10:46:21.194root 11241100x8000000000000000422230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59fe4407448f51a62021-12-21 10:46:21.194root 23542300x8000000000000000422231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.578{ec2b6afe-b071-61c1-8062-3ae1dd550000}9786root/bin/nano/etc/.sudoers.tmp.swp--- 534500x8000000000000000422232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.578{ec2b6afe-b071-61c1-8062-3ae1dd550000}9786/bin/nanoroot 11241100x8000000000000000422233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.578{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.770565220941667b2021-12-21 10:46:21.578root 11241100x8000000000000000422234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.578{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a42a19de8efa2d782021-12-21 10:46:21.578root 11241100x8000000000000000422235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.579{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.341242677e695ff62021-12-21 10:46:21.579root 11241100x8000000000000000422236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.579{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ef0252714a4bd32021-12-21 10:46:21.579root 11241100x8000000000000000422237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.579{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.558ac781ab086c312021-12-21 10:46:21.579root 11241100x8000000000000000422238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.579{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.039a63269079f8902021-12-21 10:46:21.579root 11241100x8000000000000000422239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.579{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10a028c5907ce652021-12-21 10:46:21.579root 11241100x8000000000000000422240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.579{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9961d1904e945e222021-12-21 10:46:21.579root 534500x8000000000000000422241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.579{ec2b6afe-b071-61c1-68bd-76d991550000}9785/usr/sbin/visudoroot 11241100x8000000000000000422242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.579{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd5f30d8cdd93f822021-12-21 10:46:21.579root 11241100x8000000000000000422243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.579{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23cda84318d5f9ca2021-12-21 10:46:21.579root 11241100x8000000000000000422244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.579{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d30750315594882021-12-21 10:46:21.579root 11241100x8000000000000000422245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.579{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d0f7c8dafa20792021-12-21 10:46:21.579root 11241100x8000000000000000422246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.579{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.affe5c3850b3dc392021-12-21 10:46:21.579root 11241100x8000000000000000422247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.580{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c4e749802c34872021-12-21 10:46:21.580root 11241100x8000000000000000422248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.580{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccfe547c6674f1d62021-12-21 10:46:21.580root 11241100x8000000000000000422249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.580{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfeaaa0f3fc267892021-12-21 10:46:21.580root 11241100x8000000000000000422250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.580{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4ee58a0d920e92f2021-12-21 10:46:21.580root 534500x8000000000000000422251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.580{ec2b6afe-b071-61c1-080e-3d21a7550000}9784/usr/bin/sudoroot 11241100x8000000000000000422252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.580{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ad54228c31f2b72021-12-21 10:46:21.580root 11241100x8000000000000000422253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.580{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7670ccf64276f5e2021-12-21 10:46:21.580root 11241100x8000000000000000422254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.580{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b434b59890224aec2021-12-21 10:46:21.580root 11241100x8000000000000000422255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.580{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6b402b4e54d633a2021-12-21 10:46:21.580root 11241100x8000000000000000422256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.580{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1052d7382f390c402021-12-21 10:46:21.580root 11241100x8000000000000000422257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.580{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b0e80d558c5e4d62021-12-21 10:46:21.580root 11241100x8000000000000000422258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.580{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e85232afb6f00c92021-12-21 10:46:21.580root 11241100x8000000000000000422259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.580{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b81b63d6126c5f2021-12-21 10:46:21.580root 11241100x8000000000000000422260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.580{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd2c741231ce5d5d2021-12-21 10:46:21.580root 11241100x8000000000000000422261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ea8d98f800c71522021-12-21 10:46:21.943root 11241100x8000000000000000422262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08cf396e3058983c2021-12-21 10:46:21.943root 11241100x8000000000000000422263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff11104757ffb122021-12-21 10:46:21.943root 11241100x8000000000000000422264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.751767c8b328f3962021-12-21 10:46:21.943root 11241100x8000000000000000422265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0950b8d3925992042021-12-21 10:46:21.943root 11241100x8000000000000000422266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01db59a7edc65af72021-12-21 10:46:21.944root 11241100x8000000000000000422267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea87ff5decfd5f402021-12-21 10:46:21.944root 11241100x8000000000000000422268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd93280572e2e3a12021-12-21 10:46:21.944root 11241100x8000000000000000422269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368bd45fcd7a2a2b2021-12-21 10:46:21.944root 11241100x8000000000000000422270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57f02b82ad9f950f2021-12-21 10:46:21.944root 11241100x8000000000000000422271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d78093c9d0b9972021-12-21 10:46:21.944root 11241100x8000000000000000422272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d638488b9fa5672021-12-21 10:46:21.944root 11241100x8000000000000000422273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.611d870921541ad12021-12-21 10:46:21.944root 11241100x8000000000000000422274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6717f9b14e23971c2021-12-21 10:46:21.944root 11241100x8000000000000000422275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed1a8d0bccde27e2021-12-21 10:46:21.944root 11241100x8000000000000000422276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c683de9b37e8b6412021-12-21 10:46:21.944root 11241100x8000000000000000422277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f13a3ceee23404af2021-12-21 10:46:21.944root 11241100x8000000000000000422278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38312bdeefe295c52021-12-21 10:46:21.944root 11241100x8000000000000000422279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5309ce6386b67d72021-12-21 10:46:21.945root 11241100x8000000000000000422280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81808d5fda840f1e2021-12-21 10:46:21.945root 11241100x8000000000000000422281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bc0c537a21985522021-12-21 10:46:21.945root 11241100x8000000000000000422282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfb93f864cc579a22021-12-21 10:46:21.945root 11241100x8000000000000000422283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.575c5c6b78a0f7c02021-12-21 10:46:21.945root 11241100x8000000000000000422284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b99c53269e96fc82021-12-21 10:46:21.945root 11241100x8000000000000000422285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df2e6b0f7049f16e2021-12-21 10:46:22.443root 11241100x8000000000000000422286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c66865d353f439dc2021-12-21 10:46:22.443root 11241100x8000000000000000422287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f71b8f80bb432ca2021-12-21 10:46:22.443root 11241100x8000000000000000422288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe49e571bc4b0d42021-12-21 10:46:22.444root 11241100x8000000000000000422289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be135b07a40fbf12021-12-21 10:46:22.444root 11241100x8000000000000000422290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecc27ae135e27ecb2021-12-21 10:46:22.444root 11241100x8000000000000000422291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f892631d8bf452f42021-12-21 10:46:22.444root 11241100x8000000000000000422292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b3fa6b8ebd63c12021-12-21 10:46:22.444root 11241100x8000000000000000422293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0280dea11b5a65652021-12-21 10:46:22.444root 11241100x8000000000000000422294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0670739ddd6ca0722021-12-21 10:46:22.444root 11241100x8000000000000000422295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd22368a020469ba2021-12-21 10:46:22.444root 11241100x8000000000000000422296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c3bfb8670b0946f2021-12-21 10:46:22.444root 11241100x8000000000000000422297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.156804ae842d42b42021-12-21 10:46:22.444root 11241100x8000000000000000422298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b8123de34abc682021-12-21 10:46:22.444root 11241100x8000000000000000422299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0fd74a7f0e6af92021-12-21 10:46:22.444root 11241100x8000000000000000422300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ce78a44cca6be392021-12-21 10:46:22.444root 11241100x8000000000000000422301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8b1e430af7f61172021-12-21 10:46:22.444root 11241100x8000000000000000422302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c33994363b43c32021-12-21 10:46:22.444root 11241100x8000000000000000422303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56aa8b50c3bc60ba2021-12-21 10:46:22.445root 11241100x8000000000000000422304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7110a58a600bf2122021-12-21 10:46:22.445root 11241100x8000000000000000422305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b4ddd0271e72dc72021-12-21 10:46:22.445root 11241100x8000000000000000422306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f5103124652e052021-12-21 10:46:22.445root 11241100x8000000000000000422307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81395ba5529d1d7f2021-12-21 10:46:22.445root 11241100x8000000000000000422308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de987040a637ae12021-12-21 10:46:22.445root 11241100x8000000000000000422309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3370dfa0375b6062021-12-21 10:46:22.943root 11241100x8000000000000000422310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889faf3252aed6ac2021-12-21 10:46:22.943root 11241100x8000000000000000422311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e590e6885ee0d0712021-12-21 10:46:22.943root 11241100x8000000000000000422312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff3f4dd190a3939d2021-12-21 10:46:22.943root 11241100x8000000000000000422313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8170c6b942e2027c2021-12-21 10:46:22.943root 11241100x8000000000000000422314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.920032b97750327d2021-12-21 10:46:22.943root 11241100x8000000000000000422315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c10f1014b362b0d92021-12-21 10:46:22.943root 11241100x8000000000000000422316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b64da84cfcf28c172021-12-21 10:46:22.943root 11241100x8000000000000000422317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e775e8fb9d6d1c242021-12-21 10:46:22.943root 11241100x8000000000000000422318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea02f0de8a9ddc842021-12-21 10:46:22.943root 11241100x8000000000000000422319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dcc3a97954b2a012021-12-21 10:46:22.944root 11241100x8000000000000000422320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c8a037200333d192021-12-21 10:46:22.944root 11241100x8000000000000000422321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c742f9d22dad0b842021-12-21 10:46:22.944root 11241100x8000000000000000422322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8be26b42686d3dcc2021-12-21 10:46:22.944root 11241100x8000000000000000422323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f60449cc7f18786c2021-12-21 10:46:22.944root 11241100x8000000000000000422324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e06604bbfa5c36802021-12-21 10:46:22.944root 11241100x8000000000000000422325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ec4232ee4c3d342021-12-21 10:46:22.944root 11241100x8000000000000000422326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17aa235315ce0792021-12-21 10:46:22.944root 11241100x8000000000000000422327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9315c61df589a502021-12-21 10:46:22.944root 11241100x8000000000000000422328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6311c69c5fc6d34e2021-12-21 10:46:22.945root 11241100x8000000000000000422329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84133bc96f965b6b2021-12-21 10:46:22.945root 11241100x8000000000000000422330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f9817bd13f6e4f2021-12-21 10:46:22.945root 11241100x8000000000000000422331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd1076a0ffb086472021-12-21 10:46:22.945root 11241100x8000000000000000422332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d122184f0871cac2021-12-21 10:46:22.945root 11241100x8000000000000000422333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d48f42d1ac6086dd2021-12-21 10:46:22.945root 11241100x8000000000000000422334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac5eb002d1ee6d752021-12-21 10:46:22.945root 11241100x8000000000000000422335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e31849174de1aaf2021-12-21 10:46:22.945root 11241100x8000000000000000422336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f91d1f33c4dff172021-12-21 10:46:23.443root 11241100x8000000000000000422337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d7b60cf5d55180c2021-12-21 10:46:23.443root 11241100x8000000000000000422338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b092692cc62a011a2021-12-21 10:46:23.443root 11241100x8000000000000000422339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d2af0cb2a57c79d2021-12-21 10:46:23.443root 11241100x8000000000000000422340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cc032e444c91bf72021-12-21 10:46:23.443root 11241100x8000000000000000422341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2df2515686e49322021-12-21 10:46:23.443root 11241100x8000000000000000422342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d9a167d2cc0cdd32021-12-21 10:46:23.443root 11241100x8000000000000000422343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d804cf74cd84fd922021-12-21 10:46:23.444root 11241100x8000000000000000422344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be4ce91aaec5c102021-12-21 10:46:23.444root 11241100x8000000000000000422345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e1ad84afa5118f32021-12-21 10:46:23.444root 11241100x8000000000000000422346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31379fb1f25eff572021-12-21 10:46:23.444root 11241100x8000000000000000422347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.818b584fbb0a7ca22021-12-21 10:46:23.444root 11241100x8000000000000000422348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5c2e89066146ef2021-12-21 10:46:23.444root 11241100x8000000000000000422349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9536fcc40eba56552021-12-21 10:46:23.444root 11241100x8000000000000000422350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581305724e1a9fa92021-12-21 10:46:23.444root 11241100x8000000000000000422351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc3951fdefb1f6102021-12-21 10:46:23.444root 11241100x8000000000000000422352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.076f350107ce09f22021-12-21 10:46:23.444root 11241100x8000000000000000422353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d600b264a7950d762021-12-21 10:46:23.444root 11241100x8000000000000000422354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.083a72e2b0d1a3d02021-12-21 10:46:23.444root 11241100x8000000000000000422355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4200ea89efdd70282021-12-21 10:46:23.444root 11241100x8000000000000000422356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b4d1158826d6012021-12-21 10:46:23.444root 11241100x8000000000000000422357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071cff24de5d87222021-12-21 10:46:23.444root 11241100x8000000000000000422358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.544d959b462c562d2021-12-21 10:46:23.445root 11241100x8000000000000000422359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a451f9950de7022021-12-21 10:46:23.445root 11241100x8000000000000000422360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee299542c2d223b2021-12-21 10:46:23.943root 11241100x8000000000000000422361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdef0a78f9b2dce62021-12-21 10:46:23.943root 11241100x8000000000000000422362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c138e56762506c2021-12-21 10:46:23.944root 11241100x8000000000000000422363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf3a099d0cc748702021-12-21 10:46:23.944root 11241100x8000000000000000422364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21d4f94e84cdd2e42021-12-21 10:46:23.944root 11241100x8000000000000000422365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bd9f63d118e43322021-12-21 10:46:23.944root 11241100x8000000000000000422366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79def4f6f03fd0f22021-12-21 10:46:23.944root 11241100x8000000000000000422367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01449eb6ab3f36f22021-12-21 10:46:23.944root 11241100x8000000000000000422368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c1d96d7241aee62021-12-21 10:46:23.944root 11241100x8000000000000000422369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f56a5f27e2c3bb922021-12-21 10:46:23.945root 11241100x8000000000000000422370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fec26eb40cca2f82021-12-21 10:46:23.945root 11241100x8000000000000000422371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.156cfb23c60d2f332021-12-21 10:46:23.945root 11241100x8000000000000000422372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f055211fd12a162021-12-21 10:46:23.945root 11241100x8000000000000000422373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6676555e2a6532502021-12-21 10:46:23.945root 11241100x8000000000000000422374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d025495b9747f942021-12-21 10:46:23.945root 11241100x8000000000000000422375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.904640a17e523a8e2021-12-21 10:46:23.945root 11241100x8000000000000000422376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c4122079a74a76b2021-12-21 10:46:23.945root 11241100x8000000000000000422377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.749f07cd7cba842a2021-12-21 10:46:23.945root 11241100x8000000000000000422378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c9b63848056779b2021-12-21 10:46:23.945root 11241100x8000000000000000422379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c12085491f1fee42021-12-21 10:46:23.945root 11241100x8000000000000000422380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a644f9f55eb553c2021-12-21 10:46:23.945root 11241100x8000000000000000422381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7191a7af0a5458c12021-12-21 10:46:23.945root 11241100x8000000000000000422382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df6c554516333b1c2021-12-21 10:46:23.945root 11241100x8000000000000000422383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef89c69958241d452021-12-21 10:46:23.945root 11241100x8000000000000000422384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48bd72d8d8ac14cf2021-12-21 10:46:24.443root 11241100x8000000000000000422385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.240efe79a49797d42021-12-21 10:46:24.443root 11241100x8000000000000000422386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c8e0b1c6caeab12021-12-21 10:46:24.443root 11241100x8000000000000000422387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f6b8a7700ee9a762021-12-21 10:46:24.444root 11241100x8000000000000000422388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81679440188414422021-12-21 10:46:24.444root 11241100x8000000000000000422389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b733e8f8832858c2021-12-21 10:46:24.444root 11241100x8000000000000000422390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d72664b208c3fb62021-12-21 10:46:24.444root 11241100x8000000000000000422391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ca91f3def0b23f42021-12-21 10:46:24.445root 11241100x8000000000000000422392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69692792480d4d802021-12-21 10:46:24.445root 11241100x8000000000000000422393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7b246ccbe18c1952021-12-21 10:46:24.445root 11241100x8000000000000000422394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7649025b14af4abb2021-12-21 10:46:24.445root 11241100x8000000000000000422395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bb128b2c4736c942021-12-21 10:46:24.445root 11241100x8000000000000000422396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f8440998e4eac2c2021-12-21 10:46:24.445root 11241100x8000000000000000422397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059ba69034dd647f2021-12-21 10:46:24.446root 11241100x8000000000000000422398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b444e1670582b56f2021-12-21 10:46:24.446root 11241100x8000000000000000422399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.743640ceef3308ad2021-12-21 10:46:24.446root 11241100x8000000000000000422400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab43fdc615c13742021-12-21 10:46:24.446root 11241100x8000000000000000422401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb9c61d31421a472021-12-21 10:46:24.446root 11241100x8000000000000000422402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69e7498f1b9230b2021-12-21 10:46:24.446root 11241100x8000000000000000422403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6db6d17de6fff842021-12-21 10:46:24.446root 11241100x8000000000000000422404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7086dd005000eca72021-12-21 10:46:24.446root 11241100x8000000000000000422405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b27d04ea4f6c6c2b2021-12-21 10:46:24.446root 11241100x8000000000000000422406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:24.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc8acacd2dacc6242021-12-21 10:46:24.447root 11241100x8000000000000000422407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:24.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88afa4bbcd374a822021-12-21 10:46:24.447root 11241100x8000000000000000422408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad6186192deb09082021-12-21 10:46:24.943root 11241100x8000000000000000422409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a60a8eb76418ca82021-12-21 10:46:24.943root 11241100x8000000000000000422410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b2aa42d1d9c01c02021-12-21 10:46:24.943root 11241100x8000000000000000422411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9f08689426f5b92021-12-21 10:46:24.943root 11241100x8000000000000000422412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b77f6054a85bb2f52021-12-21 10:46:24.943root 11241100x8000000000000000422413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.642cc80f0a2f16c52021-12-21 10:46:24.943root 11241100x8000000000000000422414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bf25991c00365f12021-12-21 10:46:24.943root 11241100x8000000000000000422415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6539727aedcccdc52021-12-21 10:46:24.943root 11241100x8000000000000000422416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430c3114785134652021-12-21 10:46:24.944root 11241100x8000000000000000422417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69a2bb1a4d14b5a62021-12-21 10:46:24.944root 11241100x8000000000000000422418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef9febec9f55465f2021-12-21 10:46:24.944root 11241100x8000000000000000422419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e23fce6f743470632021-12-21 10:46:24.944root 11241100x8000000000000000422420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85eda750aa8bd2712021-12-21 10:46:24.944root 11241100x8000000000000000422421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebba92d2b74af01a2021-12-21 10:46:24.944root 11241100x8000000000000000422422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d4a9ff3a2fa95832021-12-21 10:46:24.945root 11241100x8000000000000000422423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84657680e48a5e3b2021-12-21 10:46:24.945root 11241100x8000000000000000422424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec148120a44a86bd2021-12-21 10:46:24.945root 11241100x8000000000000000422425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c814e237f1a46f802021-12-21 10:46:24.945root 11241100x8000000000000000422426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86136695e7599e422021-12-21 10:46:24.945root 11241100x8000000000000000422427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff6bae677a2c85f42021-12-21 10:46:24.946root 11241100x8000000000000000422428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c088ce94533a31b2021-12-21 10:46:24.946root 11241100x8000000000000000422429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d42890fc2180d02021-12-21 10:46:24.946root 11241100x8000000000000000422430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e885a854ca6a42ea2021-12-21 10:46:24.946root 11241100x8000000000000000422431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.779b43084c0e91622021-12-21 10:46:24.946root 11241100x8000000000000000422432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e287df495f90b95b2021-12-21 10:46:24.946root 11241100x8000000000000000422433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b5d2f7c81f7403b2021-12-21 10:46:24.947root 11241100x8000000000000000422434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4aef8338308aaa72021-12-21 10:46:24.947root 11241100x8000000000000000422435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0071fd2ac2b51fb32021-12-21 10:46:24.947root 11241100x8000000000000000422436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.964980071229f00f2021-12-21 10:46:24.947root 11241100x8000000000000000422437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a966b59fc2be1c62021-12-21 10:46:24.947root 11241100x8000000000000000422438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b3c44b40f73e702021-12-21 10:46:24.947root 11241100x8000000000000000422439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:24.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b90bf46ce755a6522021-12-21 10:46:24.948root 354300x8000000000000000422440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.231{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-34642-false10.0.1.12-8089- 11241100x8000000000000000422441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.232{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fda56c5348b0fb2d2021-12-21 10:46:25.232root 11241100x8000000000000000422442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.232{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46b1bd2c5d5b0bf2021-12-21 10:46:25.232root 11241100x8000000000000000422443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.232{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d82df667223b1072021-12-21 10:46:25.232root 11241100x8000000000000000422444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.233{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c54286f80f8c402021-12-21 10:46:25.233root 11241100x8000000000000000422445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.233{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67277c099e36fe8f2021-12-21 10:46:25.233root 11241100x8000000000000000422446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.233{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fede5321ad9ea3b72021-12-21 10:46:25.233root 11241100x8000000000000000422447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.233{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f02ac3675aa1b0ef2021-12-21 10:46:25.233root 11241100x8000000000000000422448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.233{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d24c441d1b6bfe2021-12-21 10:46:25.233root 11241100x8000000000000000422449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.233{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f1b446b77837432021-12-21 10:46:25.233root 11241100x8000000000000000422450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.233{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a67e4d1ecd903c62021-12-21 10:46:25.233root 11241100x8000000000000000422451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d6e783c054600b2021-12-21 10:46:25.234root 11241100x8000000000000000422452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b232b32924574a4a2021-12-21 10:46:25.234root 11241100x8000000000000000422453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a032663a6284722021-12-21 10:46:25.234root 11241100x8000000000000000422454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba05105b1d62c1d62021-12-21 10:46:25.234root 11241100x8000000000000000422455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da10f1dd3c4f44d2021-12-21 10:46:25.234root 11241100x8000000000000000422456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f6da713fd253be42021-12-21 10:46:25.235root 11241100x8000000000000000422457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a41274a0ceb4a32c2021-12-21 10:46:25.235root 11241100x8000000000000000422458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb02097e5cd7f422021-12-21 10:46:25.235root 11241100x8000000000000000422459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc15636109788c5f2021-12-21 10:46:25.236root 11241100x8000000000000000422460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.623db861c69dc14f2021-12-21 10:46:25.236root 11241100x8000000000000000422461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7e4c0f891d742f2021-12-21 10:46:25.236root 11241100x8000000000000000422462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e20349918c02382021-12-21 10:46:25.237root 11241100x8000000000000000422463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddafbf66b92259342021-12-21 10:46:25.237root 11241100x8000000000000000422464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd603581d480ad42021-12-21 10:46:25.237root 11241100x8000000000000000422465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a35bfe845243fec72021-12-21 10:46:25.238root 11241100x8000000000000000422466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.920792090cccb8d72021-12-21 10:46:25.238root 11241100x8000000000000000422467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2edb7123247c44f12021-12-21 10:46:25.238root 11241100x8000000000000000422468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99da9f15ee4bea32021-12-21 10:46:25.238root 11241100x8000000000000000422469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb0898701d001d22021-12-21 10:46:25.240root 11241100x8000000000000000422470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f163b965f7b9d1352021-12-21 10:46:25.240root 11241100x8000000000000000422471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b61453d852971fc02021-12-21 10:46:25.241root 11241100x8000000000000000422472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df3805c4acba694a2021-12-21 10:46:25.241root 11241100x8000000000000000422473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea908ee65de5af9c2021-12-21 10:46:25.241root 11241100x8000000000000000422474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d8785617c8693c02021-12-21 10:46:25.241root 11241100x8000000000000000422475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e68398d84c12b9092021-12-21 10:46:25.241root 11241100x8000000000000000422476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.246dcf90974d04802021-12-21 10:46:25.242root 11241100x8000000000000000422477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46221d047f90f6ee2021-12-21 10:46:25.242root 11241100x8000000000000000422478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef26d480a3c2b0322021-12-21 10:46:25.242root 11241100x8000000000000000422479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c36b88005c62e2492021-12-21 10:46:25.243root 11241100x8000000000000000422480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f91efea4ee11d42021-12-21 10:46:25.244root 11241100x8000000000000000422481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f255ae0ff424ed0a2021-12-21 10:46:25.692root 11241100x8000000000000000422482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f903700b8fc8c42021-12-21 10:46:25.693root 11241100x8000000000000000422483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe53232e053eee72021-12-21 10:46:25.693root 11241100x8000000000000000422484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.735e8627118253d52021-12-21 10:46:25.693root 11241100x8000000000000000422485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04dab07103c953ee2021-12-21 10:46:25.693root 11241100x8000000000000000422486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0afd9e1a3d18bd7c2021-12-21 10:46:25.693root 11241100x8000000000000000422487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae4ebc5eeb4a8812021-12-21 10:46:25.693root 11241100x8000000000000000422488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f45a435c9042802021-12-21 10:46:25.693root 11241100x8000000000000000422489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1edad212cf3cf762021-12-21 10:46:25.693root 11241100x8000000000000000422490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61a58b7a761ae542021-12-21 10:46:25.694root 11241100x8000000000000000422491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3109523b827a8b622021-12-21 10:46:25.694root 11241100x8000000000000000422492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.364df14aad360fee2021-12-21 10:46:25.694root 11241100x8000000000000000422493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca2908c67e6445ba2021-12-21 10:46:25.694root 11241100x8000000000000000422494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5205026b9dc247b82021-12-21 10:46:25.694root 11241100x8000000000000000422495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28795a51a25e13832021-12-21 10:46:25.694root 11241100x8000000000000000422496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c5bd84b5f46e622021-12-21 10:46:25.694root 11241100x8000000000000000422497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be31c30caa4b358e2021-12-21 10:46:25.694root 11241100x8000000000000000422498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fea38a26c18ba452021-12-21 10:46:25.695root 11241100x8000000000000000422499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.676040e2ab7558962021-12-21 10:46:25.695root 11241100x8000000000000000422500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc8aea6e86f23f42021-12-21 10:46:25.695root 11241100x8000000000000000422501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dcac587c8086fab2021-12-21 10:46:25.695root 11241100x8000000000000000422502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f4dcf4832d0d8cf2021-12-21 10:46:25.695root 11241100x8000000000000000422503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.114231a565a5acdb2021-12-21 10:46:25.696root 11241100x8000000000000000422504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08a3ee1540bfaae02021-12-21 10:46:25.696root 11241100x8000000000000000422505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.962132106b31060e2021-12-21 10:46:25.696root 11241100x8000000000000000422506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99dc69169305eea32021-12-21 10:46:25.696root 11241100x8000000000000000422507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:25.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea1a0e262863352f2021-12-21 10:46:25.696root 354300x8000000000000000422508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.011{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47580-false10.0.1.12-8000- 11241100x8000000000000000422509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.013{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a9d928d4f93b86f2021-12-21 10:46:26.013root 11241100x8000000000000000422510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.013{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ebe2ab4ffe8d2592021-12-21 10:46:26.013root 11241100x8000000000000000422511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.013{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed37e80f36a37fe2021-12-21 10:46:26.013root 11241100x8000000000000000422512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.013{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ebaabafdb9c534b2021-12-21 10:46:26.013root 11241100x8000000000000000422513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.014{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e8cf44be2f10de02021-12-21 10:46:26.014root 11241100x8000000000000000422514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.014{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df41be414d3d5d4c2021-12-21 10:46:26.014root 11241100x8000000000000000422515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.014{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c82588ecc383b82021-12-21 10:46:26.014root 11241100x8000000000000000422516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.015{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c925f67186beb05f2021-12-21 10:46:26.015root 11241100x8000000000000000422517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.015{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84c620825b7558e82021-12-21 10:46:26.015root 11241100x8000000000000000422518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.015{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c112c68f9c5829112021-12-21 10:46:26.015root 11241100x8000000000000000422519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.016{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.798dddeda6f91c1e2021-12-21 10:46:26.016root 11241100x8000000000000000422520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.016{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d208363a61a43fa2021-12-21 10:46:26.016root 11241100x8000000000000000422521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.016{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc9482177f96e54e2021-12-21 10:46:26.016root 11241100x8000000000000000422522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.016{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27296ab1bcba63a22021-12-21 10:46:26.016root 11241100x8000000000000000422523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.017{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.214392ac4d0fbf4d2021-12-21 10:46:26.017root 11241100x8000000000000000422524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.017{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b122d4a39e87fa42021-12-21 10:46:26.017root 11241100x8000000000000000422525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.017{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ab5a8a93ac930b2021-12-21 10:46:26.017root 11241100x8000000000000000422526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.018{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c45cb56482d1023b2021-12-21 10:46:26.018root 11241100x8000000000000000422527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.018{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a90b9c88b36d9ad2021-12-21 10:46:26.018root 11241100x8000000000000000422528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.019{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.005cda6a04689bd22021-12-21 10:46:26.019root 11241100x8000000000000000422529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.019{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42013fb1953d7fbc2021-12-21 10:46:26.019root 11241100x8000000000000000422530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.019{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2647ec7771eb4dee2021-12-21 10:46:26.019root 11241100x8000000000000000422531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.019{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff087edc5933331b2021-12-21 10:46:26.019root 11241100x8000000000000000422532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.019{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7215fa9b1ca658292021-12-21 10:46:26.019root 11241100x8000000000000000422533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.019{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b324b378b7b1834d2021-12-21 10:46:26.019root 11241100x8000000000000000422534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.019{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a37acd36b650510b2021-12-21 10:46:26.019root 11241100x8000000000000000422535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.020{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a9a43c1bf929262021-12-21 10:46:26.020root 11241100x8000000000000000422536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.020{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a45d7d918b6197362021-12-21 10:46:26.020root 11241100x8000000000000000422537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.020{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a24076fa458bd1872021-12-21 10:46:26.020root 11241100x8000000000000000422538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.020{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a488c08c8317df32021-12-21 10:46:26.020root 11241100x8000000000000000422539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac0cd467c73c4592021-12-21 10:46:26.443root 11241100x8000000000000000422540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7707f60707e809a52021-12-21 10:46:26.443root 11241100x8000000000000000422541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.697b774ca1f0e3c42021-12-21 10:46:26.443root 11241100x8000000000000000422542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081f570aa469f5912021-12-21 10:46:26.443root 11241100x8000000000000000422543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c7a303ae904e3c2021-12-21 10:46:26.443root 11241100x8000000000000000422544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09cf1c3eb20b96be2021-12-21 10:46:26.444root 11241100x8000000000000000422545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a12e6dd5f5c65a2021-12-21 10:46:26.444root 11241100x8000000000000000422546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c4dd621e9b6dfcc2021-12-21 10:46:26.444root 11241100x8000000000000000422547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0cb862aa3427ae32021-12-21 10:46:26.444root 11241100x8000000000000000422548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ef3c09acb330402021-12-21 10:46:26.444root 11241100x8000000000000000422549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f9c6dafd54e6732021-12-21 10:46:26.444root 11241100x8000000000000000422550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87716b0cfe0c55332021-12-21 10:46:26.444root 11241100x8000000000000000422551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3196879919c95a372021-12-21 10:46:26.444root 11241100x8000000000000000422552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7ddda3e5d090e652021-12-21 10:46:26.444root 11241100x8000000000000000422553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3364d4834dd7e6922021-12-21 10:46:26.444root 11241100x8000000000000000422554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f1a0f38d3cca6ec2021-12-21 10:46:26.445root 11241100x8000000000000000422555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f470c7635dc6f2a82021-12-21 10:46:26.445root 11241100x8000000000000000422556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02a805df64485cb82021-12-21 10:46:26.445root 11241100x8000000000000000422557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.724d7ac337c1e85a2021-12-21 10:46:26.445root 11241100x8000000000000000422558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aad2619b9d10ed22021-12-21 10:46:26.445root 11241100x8000000000000000422559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0291c6c03581cb72021-12-21 10:46:26.445root 11241100x8000000000000000422560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf573399cc273f762021-12-21 10:46:26.445root 11241100x8000000000000000422561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0121091f120650da2021-12-21 10:46:26.445root 11241100x8000000000000000422562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.120a988574160c9f2021-12-21 10:46:26.445root 11241100x8000000000000000422563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb9b12ae8eeae702021-12-21 10:46:26.445root 11241100x8000000000000000422564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe59b1d1ca8c56e2021-12-21 10:46:26.445root 11241100x8000000000000000422565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc2ff7606f44f34f2021-12-21 10:46:26.943root 11241100x8000000000000000422566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe3cd5e7d58c8cf2021-12-21 10:46:26.943root 11241100x8000000000000000422567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbd1c5685e14fe4c2021-12-21 10:46:26.943root 11241100x8000000000000000422568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f8ca87dc426911a2021-12-21 10:46:26.943root 11241100x8000000000000000422569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68571d41c5bf0662021-12-21 10:46:26.943root 11241100x8000000000000000422570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1585bdca4fd51bef2021-12-21 10:46:26.943root 11241100x8000000000000000422571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f501b4f784102a222021-12-21 10:46:26.943root 11241100x8000000000000000422572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb88b2b0682deae22021-12-21 10:46:26.943root 11241100x8000000000000000422573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0516858eacf236822021-12-21 10:46:26.943root 11241100x8000000000000000422574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7916c9a03ad4b792021-12-21 10:46:26.944root 11241100x8000000000000000422575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8620f7ee1e2e2cee2021-12-21 10:46:26.944root 11241100x8000000000000000422576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62169c3b6481ff432021-12-21 10:46:26.944root 11241100x8000000000000000422577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dee7e470dd2dbdb12021-12-21 10:46:26.944root 11241100x8000000000000000422578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2e721eaad1fe312021-12-21 10:46:26.944root 11241100x8000000000000000422579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63305d57c51266182021-12-21 10:46:26.944root 11241100x8000000000000000422580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.940cc8cb3774bfcc2021-12-21 10:46:26.944root 11241100x8000000000000000422581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.522bbf34bb9c44792021-12-21 10:46:26.944root 11241100x8000000000000000422582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c3359479ed3d9a22021-12-21 10:46:26.944root 11241100x8000000000000000422583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d224f8b53196d1a2021-12-21 10:46:26.945root 11241100x8000000000000000422584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1f731e0fec9286f2021-12-21 10:46:26.945root 11241100x8000000000000000422585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.471b4df7f672bebf2021-12-21 10:46:26.945root 11241100x8000000000000000422586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d05cfee87f9662f62021-12-21 10:46:26.945root 11241100x8000000000000000422587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd1bd12db7f663d2021-12-21 10:46:26.945root 11241100x8000000000000000422588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.895f2d35d2e8f9fb2021-12-21 10:46:26.945root 11241100x8000000000000000422589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b00632190da7f682021-12-21 10:46:26.945root 11241100x8000000000000000422590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8b2e0e234ff7f482021-12-21 10:46:26.946root 11241100x8000000000000000422591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12289cda8abc20632021-12-21 10:46:26.946root 11241100x8000000000000000422592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.663ec01f85da76152021-12-21 10:46:26.946root 11241100x8000000000000000422593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3825ede4505decc42021-12-21 10:46:26.946root 11241100x8000000000000000422594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.235675d8707346702021-12-21 10:46:26.946root 11241100x8000000000000000422595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05525269debebace2021-12-21 10:46:26.946root 11241100x8000000000000000422596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06cfd8ca18cc90e72021-12-21 10:46:26.947root 11241100x8000000000000000422597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac545cb6a72d5cdb2021-12-21 10:46:26.947root 11241100x8000000000000000422598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a221d0baa3bb7102021-12-21 10:46:26.947root 11241100x8000000000000000422599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc10b704b86e91a2021-12-21 10:46:26.947root 11241100x8000000000000000422600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a9413a57c93c532021-12-21 10:46:26.947root 11241100x8000000000000000422601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df730ca9992961ec2021-12-21 10:46:26.947root 11241100x8000000000000000422602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1be9d4e00c09200f2021-12-21 10:46:26.948root 11241100x8000000000000000422603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f7b8fbdecee62192021-12-21 10:46:26.948root 11241100x8000000000000000422604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e8f4535420cfc392021-12-21 10:46:26.948root 11241100x8000000000000000422605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa155c1ae984d0b12021-12-21 10:46:26.948root 11241100x8000000000000000422606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2cf05b4b99c30682021-12-21 10:46:26.948root 11241100x8000000000000000422607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b185ffd72ac7fb222021-12-21 10:46:26.948root 11241100x8000000000000000422608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99960e6a1ee2f58e2021-12-21 10:46:26.948root 11241100x8000000000000000422609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6a2c69459359fff2021-12-21 10:46:26.949root 11241100x8000000000000000422610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f09e0975be972702021-12-21 10:46:26.949root 11241100x8000000000000000422611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55227ede5deda85d2021-12-21 10:46:26.949root 11241100x8000000000000000422612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a99543071cac2c32021-12-21 10:46:26.949root 11241100x8000000000000000422613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbf04142b23fae6a2021-12-21 10:46:26.949root 11241100x8000000000000000422614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.356bb4d37a3ad7f92021-12-21 10:46:26.949root 11241100x8000000000000000422615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:26.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae7850588ff15d702021-12-21 10:46:26.949root 11241100x8000000000000000422616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de94ed668775f4e52021-12-21 10:46:27.443root 11241100x8000000000000000422617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b464b36d2535644a2021-12-21 10:46:27.443root 11241100x8000000000000000422618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6846ef57ee61730b2021-12-21 10:46:27.443root 11241100x8000000000000000422619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35cddcbd9ae6d81a2021-12-21 10:46:27.443root 11241100x8000000000000000422620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a53a05a5ea625e82021-12-21 10:46:27.443root 11241100x8000000000000000422621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a960ff710e42006f2021-12-21 10:46:27.444root 11241100x8000000000000000422622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.669a1259d9d28fa42021-12-21 10:46:27.444root 11241100x8000000000000000422623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.617c613b4914f13f2021-12-21 10:46:27.444root 11241100x8000000000000000422624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea0988eb4ff208622021-12-21 10:46:27.444root 11241100x8000000000000000422625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25fb2cdb01a86b372021-12-21 10:46:27.444root 11241100x8000000000000000422626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.053da174cc9e4d1d2021-12-21 10:46:27.444root 11241100x8000000000000000422627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d9c9f7d24786c832021-12-21 10:46:27.444root 11241100x8000000000000000422628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea2dcbb38e1f3bf2021-12-21 10:46:27.444root 11241100x8000000000000000422629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7949031ffbc2f262021-12-21 10:46:27.445root 11241100x8000000000000000422630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0dcd1a3a8ffa1ca2021-12-21 10:46:27.445root 11241100x8000000000000000422631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e67c6d364ce297522021-12-21 10:46:27.445root 11241100x8000000000000000422632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c86fb7440fa3b562021-12-21 10:46:27.445root 11241100x8000000000000000422633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c510a50df03da8e2021-12-21 10:46:27.445root 11241100x8000000000000000422634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e2f1ba1d845ba552021-12-21 10:46:27.445root 11241100x8000000000000000422635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e5e6477b51894242021-12-21 10:46:27.446root 11241100x8000000000000000422636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3554d3c7ba0db0e2021-12-21 10:46:27.446root 11241100x8000000000000000422637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5919d391dc4ddb782021-12-21 10:46:27.446root 11241100x8000000000000000422638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.663e96b44b46d76c2021-12-21 10:46:27.446root 11241100x8000000000000000422639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f53b71168b12db52021-12-21 10:46:27.446root 11241100x8000000000000000422640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9235523e0708a472021-12-21 10:46:27.446root 11241100x8000000000000000422641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27fc876dafb1ef9f2021-12-21 10:46:27.446root 11241100x8000000000000000422642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cfde26d134ef14f2021-12-21 10:46:27.446root 11241100x8000000000000000422643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.790a768ae7f3f26a2021-12-21 10:46:27.447root 11241100x8000000000000000422644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea288923330d0c9c2021-12-21 10:46:27.447root 11241100x8000000000000000422645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce6d92187c7c902b2021-12-21 10:46:27.447root 11241100x8000000000000000422646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11146ef6833de8fc2021-12-21 10:46:27.447root 11241100x8000000000000000422647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd239ff25ccda5512021-12-21 10:46:27.447root 11241100x8000000000000000422648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af6edea7c3abe4482021-12-21 10:46:27.447root 11241100x8000000000000000422649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8729c0114f567d202021-12-21 10:46:27.448root 11241100x8000000000000000422650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d6bb6b42cd4c122021-12-21 10:46:27.448root 11241100x8000000000000000422651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e26b38c32a12cb462021-12-21 10:46:27.448root 11241100x8000000000000000422652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c77c25559c928332021-12-21 10:46:27.942root 11241100x8000000000000000422653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a57a072766df0b62021-12-21 10:46:27.943root 11241100x8000000000000000422654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ad5cbf44802b9132021-12-21 10:46:27.943root 11241100x8000000000000000422655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ab5203284a2b6c2021-12-21 10:46:27.943root 11241100x8000000000000000422656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b1fbded0f1b3692021-12-21 10:46:27.943root 11241100x8000000000000000422657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25cabc0a06255b082021-12-21 10:46:27.943root 11241100x8000000000000000422658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf5ba230832ffe8d2021-12-21 10:46:27.943root 11241100x8000000000000000422659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.763445cdba0aff9f2021-12-21 10:46:27.943root 11241100x8000000000000000422660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619312e68426b4fd2021-12-21 10:46:27.943root 11241100x8000000000000000422661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.211110ee6b189e562021-12-21 10:46:27.944root 11241100x8000000000000000422662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90060ecb4765d4e12021-12-21 10:46:27.944root 11241100x8000000000000000422663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9907dc490caeb5142021-12-21 10:46:27.944root 11241100x8000000000000000422664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca1aa86ce730800d2021-12-21 10:46:27.944root 11241100x8000000000000000422665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef3a862dc5590fcf2021-12-21 10:46:27.944root 11241100x8000000000000000422666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b4c783eb9c4e7b2021-12-21 10:46:27.944root 11241100x8000000000000000422667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b89f58f156103de2021-12-21 10:46:27.944root 11241100x8000000000000000422668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45acd1d989ed53dd2021-12-21 10:46:27.945root 11241100x8000000000000000422669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.994b0af97f4102d62021-12-21 10:46:27.945root 11241100x8000000000000000422670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40a9d338de2858fd2021-12-21 10:46:27.945root 11241100x8000000000000000422671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e4233d423f482de2021-12-21 10:46:27.945root 11241100x8000000000000000422672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfdea2bb6ae591c42021-12-21 10:46:27.945root 11241100x8000000000000000422673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.050f10fe0d9041422021-12-21 10:46:27.945root 11241100x8000000000000000422674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab552e715a9cac92021-12-21 10:46:27.945root 11241100x8000000000000000422675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.250934d44195abc32021-12-21 10:46:27.946root 11241100x8000000000000000422676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcfaa1ce3364c8a32021-12-21 10:46:27.946root 11241100x8000000000000000422677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4024f52d7cf8e02a2021-12-21 10:46:27.946root 11241100x8000000000000000422678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c66ba25329e95f472021-12-21 10:46:27.946root 11241100x8000000000000000422679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a56e2392b90536372021-12-21 10:46:27.946root 11241100x8000000000000000422680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a81fabc625527eab2021-12-21 10:46:27.946root 11241100x8000000000000000422681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128387679fbf96762021-12-21 10:46:27.947root 11241100x8000000000000000422682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3615017a10ce77d22021-12-21 10:46:27.947root 11241100x8000000000000000422683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d454a6a72a446eb52021-12-21 10:46:27.947root 11241100x8000000000000000422684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62f485d0c7686e02021-12-21 10:46:27.947root 11241100x8000000000000000422685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9090136b865e4af2021-12-21 10:46:27.947root 11241100x8000000000000000422686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7515b6a88045b42021-12-21 10:46:27.947root 11241100x8000000000000000422687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bc0f81cdae5489e2021-12-21 10:46:27.948root 11241100x8000000000000000422688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9abc8b45ffb9a3812021-12-21 10:46:27.948root 11241100x8000000000000000422689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a5a56ff6a1e70b2021-12-21 10:46:27.948root 11241100x8000000000000000422690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae7586c2155df0662021-12-21 10:46:27.948root 11241100x8000000000000000422691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e6d302308b8aa52021-12-21 10:46:27.948root 11241100x8000000000000000422692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97bd4a864cc1e3f02021-12-21 10:46:27.948root 11241100x8000000000000000422693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c88f7d09b204f8dd2021-12-21 10:46:27.948root 11241100x8000000000000000422694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:27.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd4050a977332a902021-12-21 10:46:27.948root 11241100x8000000000000000422695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ebfbbef483fd6b22021-12-21 10:46:28.443root 11241100x8000000000000000422696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f207b04ad1532fb52021-12-21 10:46:28.443root 11241100x8000000000000000422697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d74b8e9718f1ce52021-12-21 10:46:28.444root 11241100x8000000000000000422698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5b6778878dd5cb52021-12-21 10:46:28.444root 11241100x8000000000000000422699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b723a99f77f67fb62021-12-21 10:46:28.444root 11241100x8000000000000000422700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f692c3ce710362032021-12-21 10:46:28.444root 11241100x8000000000000000422701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1be7b16c92514eab2021-12-21 10:46:28.444root 11241100x8000000000000000422702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d10489743c34105f2021-12-21 10:46:28.445root 11241100x8000000000000000422703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b793adc01ae07802021-12-21 10:46:28.445root 11241100x8000000000000000422704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df27269ba74ac44c2021-12-21 10:46:28.445root 11241100x8000000000000000422705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20be291dd5ffa92d2021-12-21 10:46:28.445root 11241100x8000000000000000422706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d1fddde7d1cf20c2021-12-21 10:46:28.445root 11241100x8000000000000000422707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e6436537bdb23512021-12-21 10:46:28.446root 11241100x8000000000000000422708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b9cb0770f7a3a22021-12-21 10:46:28.446root 11241100x8000000000000000422709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b61969b0d52c56592021-12-21 10:46:28.446root 11241100x8000000000000000422710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ac8e2b0ff4d27bb2021-12-21 10:46:28.446root 11241100x8000000000000000422711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03151edb3affb4df2021-12-21 10:46:28.446root 11241100x8000000000000000422712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab407f35075c1812021-12-21 10:46:28.446root 11241100x8000000000000000422713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a97c0b5292f49ff2021-12-21 10:46:28.446root 11241100x8000000000000000422714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8aaeb7a326120202021-12-21 10:46:28.446root 11241100x8000000000000000422715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16294c7294c099f92021-12-21 10:46:28.446root 11241100x8000000000000000422716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26bfa734196fd5ea2021-12-21 10:46:28.446root 11241100x8000000000000000422717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25dbf9811989846d2021-12-21 10:46:28.446root 11241100x8000000000000000422718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6192d909bf4ad372021-12-21 10:46:28.446root 11241100x8000000000000000422719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59158903d0d82c762021-12-21 10:46:28.446root 11241100x8000000000000000422720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:28.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a6122cc5213237e2021-12-21 10:46:28.447root 11241100x8000000000000000422721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c693d3d3f412ba2021-12-21 10:46:28.943root 11241100x8000000000000000422722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ef5d0147814aea2021-12-21 10:46:28.943root 11241100x8000000000000000422723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500ff6ebd775df5e2021-12-21 10:46:28.944root 11241100x8000000000000000422724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8c7ac97643b823f2021-12-21 10:46:28.944root 11241100x8000000000000000422725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8293b7dd1685840c2021-12-21 10:46:28.944root 11241100x8000000000000000422726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.925b489b16177af72021-12-21 10:46:28.944root 11241100x8000000000000000422727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.792777b22ea422d02021-12-21 10:46:28.945root 11241100x8000000000000000422728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.930b1edbfad6071f2021-12-21 10:46:28.945root 11241100x8000000000000000422729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31968fbbbeb5a72d2021-12-21 10:46:28.945root 11241100x8000000000000000422730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf984d72d16fc3712021-12-21 10:46:28.946root 11241100x8000000000000000422731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b7ea086022f97a2021-12-21 10:46:28.946root 11241100x8000000000000000422732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d39c2a1ccf5434e52021-12-21 10:46:28.946root 11241100x8000000000000000422733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8efe3ce6d7df96b2021-12-21 10:46:28.946root 11241100x8000000000000000422734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64104630cc619792021-12-21 10:46:28.946root 11241100x8000000000000000422735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2cb344d9328a5042021-12-21 10:46:28.946root 11241100x8000000000000000422736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:28.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd0de7869919de22021-12-21 10:46:28.947root 11241100x8000000000000000422737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:28.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87789327feb568612021-12-21 10:46:28.947root 11241100x8000000000000000422738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:28.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78cece610e680d8e2021-12-21 10:46:28.947root 11241100x8000000000000000422739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:28.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b327dff27515f2b02021-12-21 10:46:28.947root 11241100x8000000000000000422740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:28.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a5f596d662cb9902021-12-21 10:46:28.947root 11241100x8000000000000000422741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:28.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e30fcbf7f5901cee2021-12-21 10:46:28.948root 11241100x8000000000000000422742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:28.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6bc366b40c4673c2021-12-21 10:46:28.948root 11241100x8000000000000000422743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:28.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acfd7980bb81e7242021-12-21 10:46:28.948root 11241100x8000000000000000422744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:28.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c179ec3a91106ca42021-12-21 10:46:28.948root 11241100x8000000000000000422745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:28.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd736a64061878c92021-12-21 10:46:28.948root 11241100x8000000000000000422746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:28.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.205a87215b207dc62021-12-21 10:46:28.948root 11241100x8000000000000000422747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:28.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79421b402602844a2021-12-21 10:46:28.948root 11241100x8000000000000000422748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:28.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f50582a12b779192021-12-21 10:46:28.949root 11241100x8000000000000000422749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:28.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0970c2455b538f82021-12-21 10:46:28.949root 11241100x8000000000000000422750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:28.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aae70a2e26b0ac52021-12-21 10:46:28.949root 11241100x8000000000000000422751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:28.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e943a3ab876e95092021-12-21 10:46:28.949root 11241100x8000000000000000422752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:28.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d73e36429c1de6e62021-12-21 10:46:28.949root 11241100x8000000000000000422753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc6450bda9fd40df2021-12-21 10:46:29.443root 11241100x8000000000000000422754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3656779bd8afacc2021-12-21 10:46:29.443root 11241100x8000000000000000422755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9921723c9c55c3a22021-12-21 10:46:29.443root 11241100x8000000000000000422756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b9fe3774cb650ee2021-12-21 10:46:29.444root 11241100x8000000000000000422757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e9076679ee8abce2021-12-21 10:46:29.444root 11241100x8000000000000000422758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e37188bd2c1de5892021-12-21 10:46:29.444root 11241100x8000000000000000422759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b804bbd9d2fde802021-12-21 10:46:29.444root 11241100x8000000000000000422760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfef59f728ec429e2021-12-21 10:46:29.444root 11241100x8000000000000000422761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de4dfdb1b6d9a06b2021-12-21 10:46:29.444root 11241100x8000000000000000422762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2fbc0301c267aca2021-12-21 10:46:29.444root 11241100x8000000000000000422763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.928bdaf79699004c2021-12-21 10:46:29.444root 11241100x8000000000000000422764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c044a36bc004601d2021-12-21 10:46:29.444root 11241100x8000000000000000422765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6b512f7856cc2fc2021-12-21 10:46:29.445root 11241100x8000000000000000422766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfba6aba25c9cdd12021-12-21 10:46:29.445root 11241100x8000000000000000422767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.740c1bc62be3c0c42021-12-21 10:46:29.445root 11241100x8000000000000000422768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08874dcea3b5f19c2021-12-21 10:46:29.445root 11241100x8000000000000000422769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc4126840d7c56fc2021-12-21 10:46:29.445root 11241100x8000000000000000422770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ecc602e9350ed22021-12-21 10:46:29.445root 11241100x8000000000000000422771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3657bbdb481d9a042021-12-21 10:46:29.445root 11241100x8000000000000000422772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7053ca76a9841aac2021-12-21 10:46:29.445root 11241100x8000000000000000422773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.464baff9f9f4b18b2021-12-21 10:46:29.445root 11241100x8000000000000000422774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7584e6be9ae3f3862021-12-21 10:46:29.445root 11241100x8000000000000000422775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e949c4c0004f9b92021-12-21 10:46:29.445root 11241100x8000000000000000422776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd49cfa9e610a3642021-12-21 10:46:29.445root 11241100x8000000000000000422777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd9fe97a4a280ac92021-12-21 10:46:29.446root 11241100x8000000000000000422778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8579dca5e418e8782021-12-21 10:46:29.446root 11241100x8000000000000000422779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f86c9de82ec7a682021-12-21 10:46:29.446root 11241100x8000000000000000422780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86be361a3856a7e62021-12-21 10:46:29.943root 11241100x8000000000000000422781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2699a91ba7e4c0722021-12-21 10:46:29.943root 11241100x8000000000000000422782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bc33c5508e9e88f2021-12-21 10:46:29.943root 11241100x8000000000000000422783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff239c275baa71ce2021-12-21 10:46:29.943root 11241100x8000000000000000422784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd18024ee9a30b852021-12-21 10:46:29.944root 11241100x8000000000000000422785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa66d96062b4eea2021-12-21 10:46:29.944root 11241100x8000000000000000422786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09270b6e42f3eb972021-12-21 10:46:29.944root 11241100x8000000000000000422787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4daeac0927d569212021-12-21 10:46:29.944root 11241100x8000000000000000422788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0623b75c65cebc072021-12-21 10:46:29.944root 11241100x8000000000000000422789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb8b322c269bf2ed2021-12-21 10:46:29.944root 11241100x8000000000000000422790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a67d4313b8683c62021-12-21 10:46:29.944root 11241100x8000000000000000422791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27ef125be2ea588f2021-12-21 10:46:29.945root 11241100x8000000000000000422792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a2a3fc93b2973092021-12-21 10:46:29.945root 11241100x8000000000000000422793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103e8b3efb5200f92021-12-21 10:46:29.945root 11241100x8000000000000000422794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae96715ff51cc8b72021-12-21 10:46:29.945root 11241100x8000000000000000422795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79340c2e9cee34612021-12-21 10:46:29.945root 11241100x8000000000000000422796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.822855b7ce4bf3fd2021-12-21 10:46:29.945root 11241100x8000000000000000422797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c53164198348622021-12-21 10:46:29.945root 11241100x8000000000000000422798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.424dfdf98a81c0b02021-12-21 10:46:29.945root 11241100x8000000000000000422799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07472159ec8ab9b22021-12-21 10:46:29.945root 11241100x8000000000000000422800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94624a0788ad6c022021-12-21 10:46:29.946root 11241100x8000000000000000422801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69fb78e6e883c6352021-12-21 10:46:29.946root 11241100x8000000000000000422802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a547b3dd67ed762021-12-21 10:46:29.946root 11241100x8000000000000000422803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e852c66d1366619a2021-12-21 10:46:29.946root 11241100x8000000000000000422804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6250ac4f9ddb33be2021-12-21 10:46:29.946root 11241100x8000000000000000422805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a03c55f002e6c72021-12-21 10:46:29.946root 11241100x8000000000000000422806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8971b989b5ff6bc12021-12-21 10:46:29.946root 11241100x8000000000000000422807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500a423890a5651e2021-12-21 10:46:29.946root 11241100x8000000000000000422808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.933fed60bf3b1cc02021-12-21 10:46:29.946root 11241100x8000000000000000422809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b849e3bc3e7a982021-12-21 10:46:30.443root 11241100x8000000000000000422810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac12941efdd5d7eb2021-12-21 10:46:30.443root 11241100x8000000000000000422811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987b1921e5663cf32021-12-21 10:46:30.443root 11241100x8000000000000000422812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33cf5bf416572cf52021-12-21 10:46:30.443root 11241100x8000000000000000422813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e0cadbe869937e2021-12-21 10:46:30.444root 11241100x8000000000000000422814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc10fc6b0b85e0902021-12-21 10:46:30.444root 11241100x8000000000000000422815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989886331482ad5b2021-12-21 10:46:30.444root 11241100x8000000000000000422816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46fafb002421ec4f2021-12-21 10:46:30.444root 11241100x8000000000000000422817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f81847bcdc988b02021-12-21 10:46:30.444root 11241100x8000000000000000422818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc3a3f2b8f9d580a2021-12-21 10:46:30.444root 11241100x8000000000000000422819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac3e6dd488e806de2021-12-21 10:46:30.444root 11241100x8000000000000000422820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e93bb41118703a52021-12-21 10:46:30.445root 11241100x8000000000000000422821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b7566f2316d1cf82021-12-21 10:46:30.445root 11241100x8000000000000000422822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a0c866f43286b592021-12-21 10:46:30.445root 11241100x8000000000000000422823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e2ff9d3f5bdc6fa2021-12-21 10:46:30.445root 11241100x8000000000000000422824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbe641d95f65a7a32021-12-21 10:46:30.445root 11241100x8000000000000000422825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a48f042c15d1f512021-12-21 10:46:30.445root 11241100x8000000000000000422826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b3931a688c73ab12021-12-21 10:46:30.445root 11241100x8000000000000000422827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c3ef170f529f022021-12-21 10:46:30.445root 11241100x8000000000000000422828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca49f93a601b9ff2021-12-21 10:46:30.445root 11241100x8000000000000000422829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da7e00b39cbd3a0d2021-12-21 10:46:30.445root 11241100x8000000000000000422830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a184fe33bcfca1f42021-12-21 10:46:30.445root 11241100x8000000000000000422831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e8f3f607bbd66c2021-12-21 10:46:30.445root 11241100x8000000000000000422832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e398feafa68880082021-12-21 10:46:30.445root 11241100x8000000000000000422833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05dcd9cb721c05782021-12-21 10:46:30.445root 11241100x8000000000000000422834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:30.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f29e8dbec1d313b2021-12-21 10:46:30.446root 11241100x8000000000000000422835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:30.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bdf3f1e13d143d22021-12-21 10:46:30.446root 11241100x8000000000000000422836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:30.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b17dcdb4d4a406b32021-12-21 10:46:30.446root 11241100x8000000000000000422837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87213a095b5077b72021-12-21 10:46:30.943root 11241100x8000000000000000422838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.122786b0d99877412021-12-21 10:46:30.943root 11241100x8000000000000000422839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b345ebaf533e7bab2021-12-21 10:46:30.943root 11241100x8000000000000000422840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6041c22934f3231a2021-12-21 10:46:30.943root 11241100x8000000000000000422841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c0748cf45da35a2021-12-21 10:46:30.944root 11241100x8000000000000000422842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2aefe03d2fa9652021-12-21 10:46:30.944root 11241100x8000000000000000422843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.929b44c773fe467f2021-12-21 10:46:30.944root 11241100x8000000000000000422844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ada80bb9cfffb22021-12-21 10:46:30.945root 11241100x8000000000000000422845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e921f5c68b7226c02021-12-21 10:46:30.945root 11241100x8000000000000000422846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afe2d60a6c16f1152021-12-21 10:46:30.945root 11241100x8000000000000000422847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7cc3506b5adf5702021-12-21 10:46:30.945root 11241100x8000000000000000422848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e6bb98d5837a4022021-12-21 10:46:30.945root 11241100x8000000000000000422849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c9dae3454884242021-12-21 10:46:30.946root 11241100x8000000000000000422850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c6a5fdc431be6822021-12-21 10:46:30.946root 11241100x8000000000000000422851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e5a5ce92f7d4d052021-12-21 10:46:30.946root 11241100x8000000000000000422852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd2c41142af97be82021-12-21 10:46:30.946root 11241100x8000000000000000422853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e71b6b28b1a7de62021-12-21 10:46:30.946root 11241100x8000000000000000422854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:30.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b1c7d3f3e1d00c2021-12-21 10:46:30.947root 11241100x8000000000000000422855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:30.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.646b7c65217189772021-12-21 10:46:30.947root 11241100x8000000000000000422856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:30.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a6fd59f9163df402021-12-21 10:46:30.947root 11241100x8000000000000000422857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:30.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea6eaba3fab798d42021-12-21 10:46:30.947root 11241100x8000000000000000422858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:30.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64b8cecdff0178d82021-12-21 10:46:30.947root 11241100x8000000000000000422859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:30.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.007254a8092984162021-12-21 10:46:30.948root 11241100x8000000000000000422860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:30.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa69ad0feb32ab5a2021-12-21 10:46:30.948root 11241100x8000000000000000422861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:30.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb278b37a96b30872021-12-21 10:46:30.948root 11241100x8000000000000000422862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:30.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b8678c7a1b949792021-12-21 10:46:30.948root 354300x8000000000000000422863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.199{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47582-false10.0.1.12-8000- 11241100x8000000000000000422864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd1e9ecbb0b8b31e2021-12-21 10:46:31.200root 11241100x8000000000000000422865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.168901df5fe5b2362021-12-21 10:46:31.200root 11241100x8000000000000000422866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d72029d0e30d012021-12-21 10:46:31.200root 11241100x8000000000000000422867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1103513454095912021-12-21 10:46:31.200root 11241100x8000000000000000422868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21635e8074f1d3622021-12-21 10:46:31.200root 11241100x8000000000000000422869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3acf34e4762a5fe72021-12-21 10:46:31.200root 11241100x8000000000000000422870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.691db45eb7970aae2021-12-21 10:46:31.200root 11241100x8000000000000000422871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4acbe9c5933e02452021-12-21 10:46:31.201root 11241100x8000000000000000422872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e78c7b553304e042021-12-21 10:46:31.201root 11241100x8000000000000000422873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d05ae2ace53448622021-12-21 10:46:31.201root 11241100x8000000000000000422874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fde2a06efcdf5ab2021-12-21 10:46:31.201root 11241100x8000000000000000422875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3403d9559d235572021-12-21 10:46:31.201root 11241100x8000000000000000422876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088fbdb64e28a0eb2021-12-21 10:46:31.202root 11241100x8000000000000000422877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cc875e074f6cd952021-12-21 10:46:31.202root 11241100x8000000000000000422878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92c9f207ac30e3f42021-12-21 10:46:31.202root 11241100x8000000000000000422879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bd0e718fe1352352021-12-21 10:46:31.202root 11241100x8000000000000000422880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a16e4a118eb5f6782021-12-21 10:46:31.202root 11241100x8000000000000000422881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e376b698923f517e2021-12-21 10:46:31.202root 11241100x8000000000000000422882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4fb62520013a96c2021-12-21 10:46:31.202root 11241100x8000000000000000422883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bdb9c44f782cec62021-12-21 10:46:31.203root 11241100x8000000000000000422884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21419f29fb9d39a32021-12-21 10:46:31.203root 11241100x8000000000000000422885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.346e0d20f5b844902021-12-21 10:46:31.203root 11241100x8000000000000000422886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bb059a7d7cde6ff2021-12-21 10:46:31.203root 11241100x8000000000000000422887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2344e47acd9e42742021-12-21 10:46:31.203root 11241100x8000000000000000422888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2afc13f118544e5a2021-12-21 10:46:31.203root 11241100x8000000000000000422889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c56cd6a485b74a42021-12-21 10:46:31.203root 11241100x8000000000000000422890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d58a7d5f5b5db92c2021-12-21 10:46:31.203root 11241100x8000000000000000422891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a31d7fb5144801612021-12-21 10:46:31.204root 11241100x8000000000000000422892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5999cb3da002fcaf2021-12-21 10:46:31.204root 11241100x8000000000000000422893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf87075e8200e6f2021-12-21 10:46:31.204root 11241100x8000000000000000422894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ecdc8d0bcae832c2021-12-21 10:46:31.204root 11241100x8000000000000000422895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92980e72d71682ad2021-12-21 10:46:31.204root 11241100x8000000000000000422896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.870ce25f199e6d112021-12-21 10:46:31.204root 11241100x8000000000000000422897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6052c24dc5ff47b2021-12-21 10:46:31.204root 11241100x8000000000000000422898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d127d75b229cb3972021-12-21 10:46:31.205root 11241100x8000000000000000422899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.145b90aaca09fa922021-12-21 10:46:31.205root 11241100x8000000000000000422900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1bc7ed5001ff7b02021-12-21 10:46:31.205root 11241100x8000000000000000422901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec5792e61f5fcb92021-12-21 10:46:31.206root 11241100x8000000000000000422902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9131d95699ea336f2021-12-21 10:46:31.206root 11241100x8000000000000000422903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4a269ce4e78aaf2021-12-21 10:46:31.206root 11241100x8000000000000000422904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01c304ad9e3a96762021-12-21 10:46:31.206root 11241100x8000000000000000422905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e7f531db203f0a2021-12-21 10:46:31.206root 11241100x8000000000000000422906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07632df4d3ef4cee2021-12-21 10:46:31.206root 11241100x8000000000000000422907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.808fec733029d82d2021-12-21 10:46:31.207root 11241100x8000000000000000422908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea2f0123b0d459ea2021-12-21 10:46:31.207root 11241100x8000000000000000422909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc75ec82b17387ec2021-12-21 10:46:31.207root 11241100x8000000000000000422910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd6aeeca073572bd2021-12-21 10:46:31.207root 11241100x8000000000000000422911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b3e8dfc5b497af2021-12-21 10:46:31.207root 11241100x8000000000000000422912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fea9f22df504f522021-12-21 10:46:31.207root 11241100x8000000000000000422913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d90c78f961dae7b2021-12-21 10:46:31.208root 11241100x8000000000000000422914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fdcf2a87a2718a32021-12-21 10:46:31.208root 11241100x8000000000000000422915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a769678f6038dded2021-12-21 10:46:31.208root 11241100x8000000000000000422916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.924d6776e58224e12021-12-21 10:46:31.208root 11241100x8000000000000000422917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e78657ec8e1e042021-12-21 10:46:31.209root 11241100x8000000000000000422918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d969bb550c70f282021-12-21 10:46:31.209root 11241100x8000000000000000422919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0eff334026f19a52021-12-21 10:46:31.209root 11241100x8000000000000000422920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab4ec0773236b69c2021-12-21 10:46:31.209root 11241100x8000000000000000422921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d9941d7fb8832f2021-12-21 10:46:31.209root 11241100x8000000000000000422922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7294b393379860242021-12-21 10:46:31.693root 11241100x8000000000000000422923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0219d6ddc397bb682021-12-21 10:46:31.693root 11241100x8000000000000000422924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d575ab1af2a17c8e2021-12-21 10:46:31.693root 11241100x8000000000000000422925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f69e865becbe2cf62021-12-21 10:46:31.694root 11241100x8000000000000000422926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afccda4564e64af12021-12-21 10:46:31.694root 11241100x8000000000000000422927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adc16d515054a91e2021-12-21 10:46:31.694root 11241100x8000000000000000422928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f163dc44f2446f2021-12-21 10:46:31.694root 11241100x8000000000000000422929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a710d45e98c1e0402021-12-21 10:46:31.694root 11241100x8000000000000000422930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b64c35a0599f1cf52021-12-21 10:46:31.695root 11241100x8000000000000000422931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d78de18e6578ac292021-12-21 10:46:31.695root 11241100x8000000000000000422932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da5c6a12619761952021-12-21 10:46:31.695root 11241100x8000000000000000422933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fbb05160cc9fbac2021-12-21 10:46:31.695root 11241100x8000000000000000422934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a9fd3f06c0585c2021-12-21 10:46:31.695root 11241100x8000000000000000422935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ffe4f90323f26d2021-12-21 10:46:31.695root 11241100x8000000000000000422936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ee8b518fd0f7d22021-12-21 10:46:31.696root 11241100x8000000000000000422937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4980f2b662678e82021-12-21 10:46:31.696root 11241100x8000000000000000422938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0956ef1e4c577d752021-12-21 10:46:31.696root 11241100x8000000000000000422939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ea019374077a172021-12-21 10:46:31.696root 11241100x8000000000000000422940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb500f0e4c9d01762021-12-21 10:46:31.696root 11241100x8000000000000000422941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf545cd0800be9532021-12-21 10:46:31.696root 11241100x8000000000000000422942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b25b7344d862132021-12-21 10:46:31.696root 11241100x8000000000000000422943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88808d4831e03c5e2021-12-21 10:46:31.696root 11241100x8000000000000000422944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4959d95416d67a532021-12-21 10:46:31.696root 11241100x8000000000000000422945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1fe56b959358ba72021-12-21 10:46:31.696root 11241100x8000000000000000422946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b45682b02622f702021-12-21 10:46:31.696root 11241100x8000000000000000422947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a1145c0bf61c3b2021-12-21 10:46:31.697root 11241100x8000000000000000422948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7227ddbe44ba4bb2021-12-21 10:46:31.697root 11241100x8000000000000000422949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba1e2a1bc761c2f62021-12-21 10:46:31.697root 11241100x8000000000000000422950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c4fc6fcd498b4912021-12-21 10:46:31.697root 11241100x8000000000000000422951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ad598937e1b0972021-12-21 10:46:31.697root 11241100x8000000000000000422952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f7e738fdeb62782021-12-21 10:46:31.697root 11241100x8000000000000000422953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031470b1ab8b00532021-12-21 10:46:31.697root 11241100x8000000000000000422954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:31.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f1dca3faa47d5ec2021-12-21 10:46:31.697root 11241100x8000000000000000422955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b14d27f320243a02021-12-21 10:46:32.193root 11241100x8000000000000000422956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5421012d490da002021-12-21 10:46:32.193root 11241100x8000000000000000422957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eced0b1e3cfefcf92021-12-21 10:46:32.193root 11241100x8000000000000000422958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f9f146546f08ba2021-12-21 10:46:32.194root 11241100x8000000000000000422959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c7523d9d40db362021-12-21 10:46:32.194root 11241100x8000000000000000422960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08f759e9cb5ce9c62021-12-21 10:46:32.194root 11241100x8000000000000000422961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a504af5693c1142021-12-21 10:46:32.194root 11241100x8000000000000000422962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08731acd9662055c2021-12-21 10:46:32.194root 11241100x8000000000000000422963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fafac8b0292bca2e2021-12-21 10:46:32.194root 11241100x8000000000000000422964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d15839658291d12021-12-21 10:46:32.194root 11241100x8000000000000000422965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.623d2e3960f75c982021-12-21 10:46:32.194root 11241100x8000000000000000422966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01fb974d4bd1fbb12021-12-21 10:46:32.194root 11241100x8000000000000000422967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b26d8e5ddb640e802021-12-21 10:46:32.194root 11241100x8000000000000000422968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440c19fefac54ccc2021-12-21 10:46:32.195root 11241100x8000000000000000422969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9bfd65286e2da182021-12-21 10:46:32.195root 11241100x8000000000000000422970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9774075cb91c74ec2021-12-21 10:46:32.195root 11241100x8000000000000000422971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada630114754a42a2021-12-21 10:46:32.195root 11241100x8000000000000000422972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ebe3d20b746e3e52021-12-21 10:46:32.195root 11241100x8000000000000000422973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e8b6c5ae1aa17832021-12-21 10:46:32.195root 11241100x8000000000000000422974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463681da0260bb032021-12-21 10:46:32.195root 11241100x8000000000000000422975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4164e53f08fe3a5b2021-12-21 10:46:32.195root 11241100x8000000000000000422976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f11595dca66504ef2021-12-21 10:46:32.195root 11241100x8000000000000000422977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b82b7fddcbf1cc2021-12-21 10:46:32.195root 11241100x8000000000000000422978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd65568ff1a0aebc2021-12-21 10:46:32.195root 11241100x8000000000000000422979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb1fac7051ec0ab02021-12-21 10:46:32.196root 11241100x8000000000000000422980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da6945fc369064102021-12-21 10:46:32.196root 11241100x8000000000000000422981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e66ab83e1bd210842021-12-21 10:46:32.196root 11241100x8000000000000000422982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.497abf44e1029b7a2021-12-21 10:46:32.693root 11241100x8000000000000000422983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2fbb7a8dbdc080c2021-12-21 10:46:32.693root 11241100x8000000000000000422984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a11b26f4bb39ffdb2021-12-21 10:46:32.693root 11241100x8000000000000000422985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ae4289cf4ddd7982021-12-21 10:46:32.693root 11241100x8000000000000000422986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b1ef8b10e30c50b2021-12-21 10:46:32.694root 11241100x8000000000000000422987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e0fc9f1a63dd2e92021-12-21 10:46:32.694root 11241100x8000000000000000422988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f6cbcf8fab42eec2021-12-21 10:46:32.694root 11241100x8000000000000000422989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6b766ea218e2972021-12-21 10:46:32.694root 11241100x8000000000000000422990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77b1e51e4b6bb5c92021-12-21 10:46:32.694root 11241100x8000000000000000422991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdd97072794f20d42021-12-21 10:46:32.694root 11241100x8000000000000000422992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40508316dc9647882021-12-21 10:46:32.694root 11241100x8000000000000000422993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29357dcb2840158b2021-12-21 10:46:32.694root 11241100x8000000000000000422994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.597fe3e6569413662021-12-21 10:46:32.694root 11241100x8000000000000000422995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce4af1fd79e145bb2021-12-21 10:46:32.694root 11241100x8000000000000000422996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.087d949527974c0d2021-12-21 10:46:32.695root 11241100x8000000000000000422997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2d480d53d7276b2021-12-21 10:46:32.695root 11241100x8000000000000000422998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d2327c94fa822c2021-12-21 10:46:32.695root 11241100x8000000000000000422999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a87849ee665a322021-12-21 10:46:32.695root 11241100x8000000000000000423000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ae276c43b46d632021-12-21 10:46:32.695root 11241100x8000000000000000423001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6269be31ee791c42021-12-21 10:46:32.695root 11241100x8000000000000000423002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e058241ab3e011692021-12-21 10:46:32.695root 11241100x8000000000000000423003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ad9dc8a9ef887992021-12-21 10:46:32.695root 11241100x8000000000000000423004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90482fbcd6f6eb282021-12-21 10:46:32.695root 11241100x8000000000000000423005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de6b0aa9131088bc2021-12-21 10:46:32.696root 11241100x8000000000000000423006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b1f33fdba9e3df22021-12-21 10:46:32.696root 11241100x8000000000000000423007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e97f6a52fbb7fbd52021-12-21 10:46:32.696root 11241100x8000000000000000423008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f264c25b884743e72021-12-21 10:46:32.696root 11241100x8000000000000000423009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6ebb7c972327b082021-12-21 10:46:33.193root 11241100x8000000000000000423010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75258ef1eac770e02021-12-21 10:46:33.193root 11241100x8000000000000000423011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a549a739bf4d24af2021-12-21 10:46:33.193root 11241100x8000000000000000423012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16700bc927c15e872021-12-21 10:46:33.194root 11241100x8000000000000000423013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c11f7b99f335a6e2021-12-21 10:46:33.194root 11241100x8000000000000000423014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90891b3efd204ff02021-12-21 10:46:33.194root 11241100x8000000000000000423015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e579757249060b2021-12-21 10:46:33.194root 11241100x8000000000000000423016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beb20d3416b4c89c2021-12-21 10:46:33.194root 11241100x8000000000000000423017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c88a78613c21942f2021-12-21 10:46:33.194root 11241100x8000000000000000423018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d0bbb8934e0b4b32021-12-21 10:46:33.194root 11241100x8000000000000000423019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e49639dc47c11b2021-12-21 10:46:33.195root 11241100x8000000000000000423020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.318293198887dfc72021-12-21 10:46:33.195root 11241100x8000000000000000423021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5995e596a3f66b412021-12-21 10:46:33.195root 11241100x8000000000000000423022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca46f42b4ce3464f2021-12-21 10:46:33.195root 11241100x8000000000000000423023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b1ac0bdf2cbe9a82021-12-21 10:46:33.195root 11241100x8000000000000000423024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2178a42443c0682021-12-21 10:46:33.195root 11241100x8000000000000000423025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a2edee59da6eaa72021-12-21 10:46:33.195root 11241100x8000000000000000423026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da18695dbb6e58ef2021-12-21 10:46:33.196root 11241100x8000000000000000423027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dae227854e9725b2021-12-21 10:46:33.196root 11241100x8000000000000000423028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75efceed5e54b8102021-12-21 10:46:33.196root 11241100x8000000000000000423029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb9c814c8738dfe2021-12-21 10:46:33.196root 11241100x8000000000000000423030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f03ec5a2ab041b32021-12-21 10:46:33.196root 11241100x8000000000000000423031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f21b327238046f012021-12-21 10:46:33.196root 11241100x8000000000000000423032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.876d1101f0b720b72021-12-21 10:46:33.196root 11241100x8000000000000000423033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60016d553d3a95352021-12-21 10:46:33.196root 11241100x8000000000000000423034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f646ce273d51d22021-12-21 10:46:33.196root 11241100x8000000000000000423035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b5308299622ac22021-12-21 10:46:33.196root 11241100x8000000000000000423036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe44c7b0631dbdf32021-12-21 10:46:33.693root 11241100x8000000000000000423037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f3c2eea9b0f31762021-12-21 10:46:33.693root 11241100x8000000000000000423038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5083e3a04dcc4f632021-12-21 10:46:33.693root 11241100x8000000000000000423039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ee1e2bc8e8528a2021-12-21 10:46:33.693root 11241100x8000000000000000423040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb59a098753de4f2021-12-21 10:46:33.693root 11241100x8000000000000000423041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd14e5e612696d912021-12-21 10:46:33.693root 11241100x8000000000000000423042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6481d8edc6afb3f52021-12-21 10:46:33.694root 11241100x8000000000000000423043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc56dd14e8490e1a2021-12-21 10:46:33.694root 11241100x8000000000000000423044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d90692c2b9701722021-12-21 10:46:33.694root 11241100x8000000000000000423045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5385efdebfb93e32021-12-21 10:46:33.694root 11241100x8000000000000000423046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.042b888efcb63df32021-12-21 10:46:33.694root 11241100x8000000000000000423047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1304f971a07db1262021-12-21 10:46:33.694root 11241100x8000000000000000423048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0450c6cf684736dd2021-12-21 10:46:33.694root 11241100x8000000000000000423049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48eb7bc1b0d8f8482021-12-21 10:46:33.695root 11241100x8000000000000000423050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.730352ab7e08d4a22021-12-21 10:46:33.695root 11241100x8000000000000000423051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f7ed60914e745e22021-12-21 10:46:33.695root 11241100x8000000000000000423052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07773638d960f6922021-12-21 10:46:33.695root 11241100x8000000000000000423053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5daddab565b21a02021-12-21 10:46:33.695root 11241100x8000000000000000423054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e00e905702c756232021-12-21 10:46:33.695root 11241100x8000000000000000423055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf74152b775061c52021-12-21 10:46:33.695root 11241100x8000000000000000423056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26eaa483603cff032021-12-21 10:46:33.695root 11241100x8000000000000000423057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6460d8f6501715822021-12-21 10:46:33.696root 11241100x8000000000000000423058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d6cb88de0c76cf2021-12-21 10:46:33.696root 11241100x8000000000000000423059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a9a36e936ca0b102021-12-21 10:46:33.696root 11241100x8000000000000000423060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca3805494c51e4e2021-12-21 10:46:33.696root 11241100x8000000000000000423061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.454e562d8efa6b862021-12-21 10:46:33.696root 11241100x8000000000000000423062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde86a9ebe7daead2021-12-21 10:46:33.696root 11241100x8000000000000000423063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d129d3b148ceda42021-12-21 10:46:33.696root 11241100x8000000000000000423064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f617efe1cee061a12021-12-21 10:46:33.697root 11241100x8000000000000000423065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5218ab87de70c70e2021-12-21 10:46:33.697root 11241100x8000000000000000423066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab28deb3136a69f2021-12-21 10:46:33.697root 11241100x8000000000000000423067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff6ecaba82dcf51e2021-12-21 10:46:33.697root 11241100x8000000000000000423068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ef57c3b21a92e32021-12-21 10:46:33.697root 11241100x8000000000000000423069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:33.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ced9c1dbe75a9c2021-12-21 10:46:33.697root 11241100x8000000000000000423070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cd76551f6785f2c2021-12-21 10:46:34.193root 11241100x8000000000000000423071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc1b3e1db03e0162021-12-21 10:46:34.193root 11241100x8000000000000000423072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e770699d0fffefcb2021-12-21 10:46:34.194root 11241100x8000000000000000423073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32941587218b02042021-12-21 10:46:34.194root 11241100x8000000000000000423074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c8df8faa52ebc732021-12-21 10:46:34.194root 11241100x8000000000000000423075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.049567ee7f29b1882021-12-21 10:46:34.194root 11241100x8000000000000000423076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c8c28b0be637bbb2021-12-21 10:46:34.195root 11241100x8000000000000000423077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e21243c7e4c342e62021-12-21 10:46:34.195root 11241100x8000000000000000423078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828bbe9314a158f62021-12-21 10:46:34.195root 11241100x8000000000000000423079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b391442f27f45b52021-12-21 10:46:34.195root 11241100x8000000000000000423080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a640e8634abc803f2021-12-21 10:46:34.195root 11241100x8000000000000000423081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3702e47252e385522021-12-21 10:46:34.196root 11241100x8000000000000000423082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64fbe5577b8da6ce2021-12-21 10:46:34.196root 11241100x8000000000000000423083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30d2e40e811166b52021-12-21 10:46:34.196root 11241100x8000000000000000423084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20612a60b2c3bf972021-12-21 10:46:34.196root 11241100x8000000000000000423085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbc98caa6920f88b2021-12-21 10:46:34.196root 11241100x8000000000000000423086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.570f988f28f200642021-12-21 10:46:34.196root 11241100x8000000000000000423087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ef35f1de58e7082021-12-21 10:46:34.196root 11241100x8000000000000000423088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e94eb6414c278372021-12-21 10:46:34.196root 11241100x8000000000000000423089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e67ecae5a96ac0e2021-12-21 10:46:34.196root 11241100x8000000000000000423090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bcdb5f168ae5c622021-12-21 10:46:34.197root 11241100x8000000000000000423091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed4e7a6c5e13aa912021-12-21 10:46:34.197root 11241100x8000000000000000423092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75943796c9eccb082021-12-21 10:46:34.197root 11241100x8000000000000000423093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1040feb909423192021-12-21 10:46:34.197root 11241100x8000000000000000423094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.728edee048f4b7792021-12-21 10:46:34.197root 11241100x8000000000000000423095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbfcd8b0e301ea742021-12-21 10:46:34.197root 11241100x8000000000000000423096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95154aa1092771a22021-12-21 10:46:34.197root 11241100x8000000000000000423097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.094a34d85f797e592021-12-21 10:46:34.197root 11241100x8000000000000000423098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea8ab326c64d03b2021-12-21 10:46:34.197root 11241100x8000000000000000423099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae4dabed527db52b2021-12-21 10:46:34.693root 11241100x8000000000000000423100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2f71cabdb96cc22021-12-21 10:46:34.693root 11241100x8000000000000000423101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748984c8985c29a22021-12-21 10:46:34.693root 11241100x8000000000000000423102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f0ea223ec4f98c22021-12-21 10:46:34.694root 11241100x8000000000000000423103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8afeda89ae6c81de2021-12-21 10:46:34.694root 11241100x8000000000000000423104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fbe4d676e4225302021-12-21 10:46:34.694root 11241100x8000000000000000423105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f8aa6642cd960692021-12-21 10:46:34.695root 11241100x8000000000000000423106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2dcf2a74d57f9d12021-12-21 10:46:34.695root 11241100x8000000000000000423107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.689e7fd9af1887222021-12-21 10:46:34.695root 11241100x8000000000000000423108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a07316e8dd54632021-12-21 10:46:34.695root 11241100x8000000000000000423109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.943e6a84159c515f2021-12-21 10:46:34.695root 11241100x8000000000000000423110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09b59ac2dd0da10a2021-12-21 10:46:34.695root 11241100x8000000000000000423111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ce3eed6e5cd49452021-12-21 10:46:34.695root 11241100x8000000000000000423112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.183e7c9d2cc7188a2021-12-21 10:46:34.695root 11241100x8000000000000000423113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9538feeaa756580c2021-12-21 10:46:34.696root 11241100x8000000000000000423114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6cd7a95636aed8c2021-12-21 10:46:34.696root 11241100x8000000000000000423115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5bff142ef4c7e2c2021-12-21 10:46:34.696root 11241100x8000000000000000423116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf0f63da272488b2021-12-21 10:46:34.696root 11241100x8000000000000000423117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e26d9fbaf3e36b42021-12-21 10:46:34.696root 11241100x8000000000000000423118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d384436e8f8ac1f2021-12-21 10:46:34.697root 11241100x8000000000000000423119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81f00dc43a00cf642021-12-21 10:46:34.697root 11241100x8000000000000000423120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0617934197df57ab2021-12-21 10:46:34.697root 11241100x8000000000000000423121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9fba4935d468d472021-12-21 10:46:34.698root 11241100x8000000000000000423122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7925ce23c12457612021-12-21 10:46:34.698root 11241100x8000000000000000423123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf80416174c8ba82021-12-21 10:46:34.698root 11241100x8000000000000000423124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d765c0c90a0beaaa2021-12-21 10:46:34.698root 11241100x8000000000000000423125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91f6e02bb7fdde222021-12-21 10:46:34.698root 11241100x8000000000000000423126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def3f1d0323ec4162021-12-21 10:46:34.699root 11241100x8000000000000000423127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e5f30baeb8c025d2021-12-21 10:46:34.699root 11241100x8000000000000000423128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.635f61a0f1755f202021-12-21 10:46:34.700root 11241100x8000000000000000423129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:34.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eadf03c25b67fa62021-12-21 10:46:34.700root 11241100x8000000000000000423130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65abb45e6ff990a82021-12-21 10:46:35.193root 11241100x8000000000000000423131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a91e7e65e64d551e2021-12-21 10:46:35.193root 11241100x8000000000000000423132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3fe52ac2bade9122021-12-21 10:46:35.194root 11241100x8000000000000000423133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb7b6e61ab8bad322021-12-21 10:46:35.194root 11241100x8000000000000000423134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a1bcca37fcc8682021-12-21 10:46:35.194root 11241100x8000000000000000423135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1b984b711ca18882021-12-21 10:46:35.194root 11241100x8000000000000000423136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36dd084900961e0e2021-12-21 10:46:35.194root 11241100x8000000000000000423137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d71d1bd1fe86412021-12-21 10:46:35.194root 11241100x8000000000000000423138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb23d75a71a332f2021-12-21 10:46:35.194root 11241100x8000000000000000423139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad43576932a463d92021-12-21 10:46:35.195root 11241100x8000000000000000423140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52cbeee6d7998a982021-12-21 10:46:35.195root 11241100x8000000000000000423141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8abfb85f38a41602021-12-21 10:46:35.195root 11241100x8000000000000000423142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.735ff0e7cb4596302021-12-21 10:46:35.195root 11241100x8000000000000000423143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb7df8f7fe22d902021-12-21 10:46:35.195root 11241100x8000000000000000423144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b34200e10d38802021-12-21 10:46:35.195root 11241100x8000000000000000423145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec93005f4765e7b92021-12-21 10:46:35.195root 11241100x8000000000000000423146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47dc167ebc73e6c62021-12-21 10:46:35.195root 11241100x8000000000000000423147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c6c06f1114e9222021-12-21 10:46:35.195root 11241100x8000000000000000423148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2986bff8b263e6db2021-12-21 10:46:35.196root 11241100x8000000000000000423149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ff6e668f3e3aaf2021-12-21 10:46:35.196root 11241100x8000000000000000423150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b6f767840e44732021-12-21 10:46:35.196root 11241100x8000000000000000423151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c7af13bc99bed12021-12-21 10:46:35.196root 11241100x8000000000000000423152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59cd0c0c3d7472ee2021-12-21 10:46:35.196root 11241100x8000000000000000423153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f21fd9225b997e892021-12-21 10:46:35.196root 11241100x8000000000000000423154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad8d715ae6f2b442021-12-21 10:46:35.196root 11241100x8000000000000000423155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d85da0161f96e8c2021-12-21 10:46:35.196root 11241100x8000000000000000423156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b855b859fed80dab2021-12-21 10:46:35.196root 154100x8000000000000000423157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.343{ec2b6afe-b08b-61c1-6884-c359e0550000}9787/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 534500x8000000000000000423158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.354{ec2b6afe-b08b-61c1-6884-c359e0550000}9787/bin/psroot 11241100x8000000000000000423159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d9ec62f7bbad17a2021-12-21 10:46:35.693root 11241100x8000000000000000423160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b680db4fbcdf8822021-12-21 10:46:35.693root 11241100x8000000000000000423161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f41c0dd7535bebec2021-12-21 10:46:35.693root 11241100x8000000000000000423162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c23660a0c0302a422021-12-21 10:46:35.693root 11241100x8000000000000000423163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f27e10bf5aef5e662021-12-21 10:46:35.693root 11241100x8000000000000000423164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e32f8fab7c0ed9c12021-12-21 10:46:35.694root 11241100x8000000000000000423165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7fd7cdf855b7f0e2021-12-21 10:46:35.694root 11241100x8000000000000000423166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a634050c61009b2021-12-21 10:46:35.694root 11241100x8000000000000000423167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d143c3287af46c2021-12-21 10:46:35.694root 11241100x8000000000000000423168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1383073e1f8347e2021-12-21 10:46:35.695root 11241100x8000000000000000423169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c963a99c93fa77f2021-12-21 10:46:35.695root 11241100x8000000000000000423170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4691ed7cb9d44b872021-12-21 10:46:35.695root 11241100x8000000000000000423171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a8ab64107ebcad2021-12-21 10:46:35.695root 11241100x8000000000000000423172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed594a18c700d6dd2021-12-21 10:46:35.696root 11241100x8000000000000000423173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4609966269f1d852021-12-21 10:46:35.697root 11241100x8000000000000000423174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4885c4869e58727f2021-12-21 10:46:35.698root 11241100x8000000000000000423175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb2fac365241f112021-12-21 10:46:35.698root 11241100x8000000000000000423176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1441bd0b627ac8c12021-12-21 10:46:35.699root 11241100x8000000000000000423177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7251650c988e68852021-12-21 10:46:35.700root 11241100x8000000000000000423178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98fe09f9e7909c9f2021-12-21 10:46:35.700root 11241100x8000000000000000423179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe0028d6fcc3cc42021-12-21 10:46:35.700root 11241100x8000000000000000423180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0486ba36e777d1582021-12-21 10:46:35.700root 11241100x8000000000000000423181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b394d33f53b2fc22021-12-21 10:46:35.700root 11241100x8000000000000000423182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b8eb60c330366b12021-12-21 10:46:35.701root 11241100x8000000000000000423183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.893d1bded756eee22021-12-21 10:46:35.701root 11241100x8000000000000000423184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9795e486900ab4d12021-12-21 10:46:35.702root 11241100x8000000000000000423185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b359b0bb6ad66b2021-12-21 10:46:35.705root 11241100x8000000000000000423186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db61c79ceddbe1bf2021-12-21 10:46:35.705root 11241100x8000000000000000423187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82296994c913a1ab2021-12-21 10:46:35.705root 11241100x8000000000000000423188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fddbe6b704e108bf2021-12-21 10:46:35.705root 11241100x8000000000000000423189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8e701027fd88962021-12-21 10:46:35.705root 11241100x8000000000000000423190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c8555b8c802287c2021-12-21 10:46:35.705root 11241100x8000000000000000423191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d3afe11e3f6b7e02021-12-21 10:46:35.705root 11241100x8000000000000000423192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:35.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a48e60384217562c2021-12-21 10:46:35.705root 11241100x8000000000000000423193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9ab0194478c5e52021-12-21 10:46:36.193root 11241100x8000000000000000423194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c5025e279508d322021-12-21 10:46:36.194root 11241100x8000000000000000423195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71b9a4e8bf1a4d22021-12-21 10:46:36.194root 11241100x8000000000000000423196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f02c29420301c812021-12-21 10:46:36.194root 11241100x8000000000000000423197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bb4d8202a1ddde92021-12-21 10:46:36.194root 11241100x8000000000000000423198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c16809b3a378912021-12-21 10:46:36.195root 11241100x8000000000000000423199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85893ba644f66aa42021-12-21 10:46:36.195root 11241100x8000000000000000423200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c825ade98015e8ec2021-12-21 10:46:36.195root 11241100x8000000000000000423201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d98ff4f05fd41a02021-12-21 10:46:36.195root 11241100x8000000000000000423202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4fffa02c3c37662021-12-21 10:46:36.196root 11241100x8000000000000000423203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad9c8cbc77f212d2021-12-21 10:46:36.196root 11241100x8000000000000000423204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed854d6545228322021-12-21 10:46:36.196root 11241100x8000000000000000423205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff9dd246f9b1dee2021-12-21 10:46:36.196root 11241100x8000000000000000423206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14653f5df67338c62021-12-21 10:46:36.196root 11241100x8000000000000000423207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c24431e58cefa8d52021-12-21 10:46:36.197root 11241100x8000000000000000423208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a0058c08677c342021-12-21 10:46:36.197root 11241100x8000000000000000423209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db0c1c0828ee65c2021-12-21 10:46:36.197root 11241100x8000000000000000423210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f28c86dc61ee0ae2021-12-21 10:46:36.197root 11241100x8000000000000000423211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748e75494c157d5d2021-12-21 10:46:36.197root 11241100x8000000000000000423212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31ab52c5e274ed7f2021-12-21 10:46:36.197root 11241100x8000000000000000423213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d49c05ca89df924f2021-12-21 10:46:36.198root 11241100x8000000000000000423214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4648d7983ded09722021-12-21 10:46:36.198root 11241100x8000000000000000423215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d75f23e1ce36bb62021-12-21 10:46:36.198root 11241100x8000000000000000423216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2ab6709394da0252021-12-21 10:46:36.198root 11241100x8000000000000000423217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd7a92482de6fd072021-12-21 10:46:36.198root 11241100x8000000000000000423218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9fd9b779d1c3892021-12-21 10:46:36.199root 11241100x8000000000000000423219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb277328ee8e71ae2021-12-21 10:46:36.199root 11241100x8000000000000000423220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07981565184962332021-12-21 10:46:36.199root 11241100x8000000000000000423221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb198dee5624c8402021-12-21 10:46:36.200root 11241100x8000000000000000423222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.342{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 10:46:36.342root 11241100x8000000000000000423223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.847486a59cf0255d2021-12-21 10:46:36.693root 11241100x8000000000000000423224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec57d3aa96502122021-12-21 10:46:36.694root 11241100x8000000000000000423225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d045ce841784e02021-12-21 10:46:36.694root 11241100x8000000000000000423226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d164a95365fad1da2021-12-21 10:46:36.694root 11241100x8000000000000000423227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d824bef1670e7d02021-12-21 10:46:36.694root 11241100x8000000000000000423228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeed57b5a52cc57b2021-12-21 10:46:36.695root 11241100x8000000000000000423229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.133b7832770a2f142021-12-21 10:46:36.695root 11241100x8000000000000000423230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9998fc9e656bdd7e2021-12-21 10:46:36.695root 11241100x8000000000000000423231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25f0af88a0da26562021-12-21 10:46:36.695root 11241100x8000000000000000423232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bea3322fa408aa672021-12-21 10:46:36.695root 11241100x8000000000000000423233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e1cf23701f47472021-12-21 10:46:36.696root 11241100x8000000000000000423234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d659f09f414cdf2021-12-21 10:46:36.696root 11241100x8000000000000000423235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8866478b62b92ad62021-12-21 10:46:36.696root 11241100x8000000000000000423236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faa636e7c6ede5752021-12-21 10:46:36.696root 11241100x8000000000000000423237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136bac8bb2a0a1a32021-12-21 10:46:36.696root 11241100x8000000000000000423238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b96cde1012f6bc282021-12-21 10:46:36.697root 11241100x8000000000000000423239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c877728095835ef2021-12-21 10:46:36.697root 11241100x8000000000000000423240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e58227f5282dcd22021-12-21 10:46:36.697root 11241100x8000000000000000423241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72177fc68f9f4132021-12-21 10:46:36.697root 11241100x8000000000000000423242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85fc19b39a6dad4e2021-12-21 10:46:36.697root 11241100x8000000000000000423243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5fa708e8ffa96392021-12-21 10:46:36.698root 11241100x8000000000000000423244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4541b9ee9c76ceda2021-12-21 10:46:36.698root 11241100x8000000000000000423245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa1e4584750308f2021-12-21 10:46:36.698root 11241100x8000000000000000423246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6173c19cfc195a4f2021-12-21 10:46:36.698root 11241100x8000000000000000423247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b808c9b876ebf42021-12-21 10:46:36.698root 11241100x8000000000000000423248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a8ebbfc0f4cf992021-12-21 10:46:36.698root 11241100x8000000000000000423249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f02a49ecf77fff3f2021-12-21 10:46:36.699root 11241100x8000000000000000423250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9c7cea90faae5b2021-12-21 10:46:36.699root 11241100x8000000000000000423251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa8bc97d6534a692021-12-21 10:46:36.699root 11241100x8000000000000000423252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:36.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0638cb60a841a6942021-12-21 10:46:36.700root 354300x8000000000000000423253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.090{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47584-false10.0.1.12-8000- 11241100x8000000000000000423254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.091{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3581468fa909646b2021-12-21 10:46:37.091root 11241100x8000000000000000423255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.091{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b6e3c0f9f4a5622021-12-21 10:46:37.091root 11241100x8000000000000000423256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.092{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3472c3d4aa1cb4812021-12-21 10:46:37.092root 11241100x8000000000000000423257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.092{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a3bbcb0a0b108832021-12-21 10:46:37.092root 11241100x8000000000000000423258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.092{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f19afa3cdc2faa82021-12-21 10:46:37.092root 11241100x8000000000000000423259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.092{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02bd7dec7ccecc7d2021-12-21 10:46:37.092root 11241100x8000000000000000423260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.092{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df27504243856122021-12-21 10:46:37.092root 11241100x8000000000000000423261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.092{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6273555322175212021-12-21 10:46:37.092root 11241100x8000000000000000423262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.093{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40779b281f26e7f12021-12-21 10:46:37.093root 11241100x8000000000000000423263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.093{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.829d831fe64ba6a12021-12-21 10:46:37.093root 11241100x8000000000000000423264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.093{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2679b5de92503c982021-12-21 10:46:37.093root 11241100x8000000000000000423265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.093{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06a64468ef85ddfc2021-12-21 10:46:37.093root 11241100x8000000000000000423266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.093{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca75b9ce8d9237dd2021-12-21 10:46:37.093root 11241100x8000000000000000423267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1016f93a3c695e22021-12-21 10:46:37.094root 11241100x8000000000000000423268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b9409235badd8d2021-12-21 10:46:37.094root 11241100x8000000000000000423269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c07ca8a8b02d16a52021-12-21 10:46:37.094root 11241100x8000000000000000423270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b42bb700de72e8792021-12-21 10:46:37.094root 11241100x8000000000000000423271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.498312db3e7fb2a22021-12-21 10:46:37.094root 11241100x8000000000000000423272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fc5522e6bbbc4172021-12-21 10:46:37.094root 11241100x8000000000000000423273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3608f7606c86aaa2021-12-21 10:46:37.094root 11241100x8000000000000000423274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dcd01d1e2a504bc2021-12-21 10:46:37.094root 11241100x8000000000000000423275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7269abeba6439b4b2021-12-21 10:46:37.094root 11241100x8000000000000000423276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32334bbef1f5eb6f2021-12-21 10:46:37.095root 11241100x8000000000000000423277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65dd6e5d8a1ae0462021-12-21 10:46:37.095root 11241100x8000000000000000423278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2584f582f0692032021-12-21 10:46:37.095root 11241100x8000000000000000423279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7438bef1d56b5f1d2021-12-21 10:46:37.095root 11241100x8000000000000000423280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4cd27a5e55d4192021-12-21 10:46:37.095root 11241100x8000000000000000423281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b03d547c66efe852021-12-21 10:46:37.095root 11241100x8000000000000000423282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.047a9c38e684e8ab2021-12-21 10:46:37.095root 11241100x8000000000000000423283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c4ffae3a2f706942021-12-21 10:46:37.095root 11241100x8000000000000000423284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2fa8a5ed92559eb2021-12-21 10:46:37.095root 11241100x8000000000000000423285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d40c4cbba5bffe842021-12-21 10:46:37.095root 11241100x8000000000000000423286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e856dc48f990cd652021-12-21 10:46:37.095root 11241100x8000000000000000423287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1705b8c2bb7f0152021-12-21 10:46:37.095root 11241100x8000000000000000423288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a167976fd010cb842021-12-21 10:46:37.095root 11241100x8000000000000000423289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb237d13bc74c0432021-12-21 10:46:37.095root 11241100x8000000000000000423290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a38fb8a5713362bf2021-12-21 10:46:37.096root 11241100x8000000000000000423291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb3c5e68a25a6ca52021-12-21 10:46:37.096root 11241100x8000000000000000423292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e318ef08bbcd20e2021-12-21 10:46:37.096root 11241100x8000000000000000423293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec13b89db4ddb5f2021-12-21 10:46:37.096root 11241100x8000000000000000423294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c58aed013618fb2021-12-21 10:46:37.096root 11241100x8000000000000000423295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.509fabc729c77cbb2021-12-21 10:46:37.096root 11241100x8000000000000000423296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ad5c77396226252021-12-21 10:46:37.096root 11241100x8000000000000000423297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f876ba9c03b3440c2021-12-21 10:46:37.443root 11241100x8000000000000000423298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6728192c1061c992021-12-21 10:46:37.444root 11241100x8000000000000000423299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0779bad20d3170ad2021-12-21 10:46:37.444root 11241100x8000000000000000423300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cc6bb527be4b86f2021-12-21 10:46:37.444root 11241100x8000000000000000423301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a10d194199f54482021-12-21 10:46:37.444root 11241100x8000000000000000423302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea20e1cb16221632021-12-21 10:46:37.445root 11241100x8000000000000000423303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be46a086b0ccdee72021-12-21 10:46:37.445root 11241100x8000000000000000423304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7b50957596c5d922021-12-21 10:46:37.445root 11241100x8000000000000000423305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6f4db336aecba212021-12-21 10:46:37.445root 11241100x8000000000000000423306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b105c3003eed8fe22021-12-21 10:46:37.446root 11241100x8000000000000000423307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c968c9b8f3f194a2021-12-21 10:46:37.446root 11241100x8000000000000000423308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ef4ad35e12c4cf2021-12-21 10:46:37.446root 11241100x8000000000000000423309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3269e4bd60f06d02021-12-21 10:46:37.446root 11241100x8000000000000000423310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a25cd287f6a04a9b2021-12-21 10:46:37.446root 11241100x8000000000000000423311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b6ee4daccbf12e2021-12-21 10:46:37.446root 11241100x8000000000000000423312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bedb33224961449b2021-12-21 10:46:37.446root 11241100x8000000000000000423313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ab0a156edc0f4f2021-12-21 10:46:37.446root 11241100x8000000000000000423314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2357f2fa40d6e1e42021-12-21 10:46:37.446root 11241100x8000000000000000423315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da827cfbf3a305bd2021-12-21 10:46:37.446root 11241100x8000000000000000423316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10efe36464bc3c632021-12-21 10:46:37.446root 11241100x8000000000000000423317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.950a0d59f31fe3222021-12-21 10:46:37.446root 11241100x8000000000000000423318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b98ab8e5a93675d82021-12-21 10:46:37.446root 11241100x8000000000000000423319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430fc48a6785ec332021-12-21 10:46:37.447root 11241100x8000000000000000423320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.740590ec666a9b252021-12-21 10:46:37.447root 11241100x8000000000000000423321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6fe4e5eef656442021-12-21 10:46:37.447root 11241100x8000000000000000423322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46192e66f6dc66672021-12-21 10:46:37.447root 11241100x8000000000000000423323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d38cac770aa1b5092021-12-21 10:46:37.447root 11241100x8000000000000000423324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926523e3bd1b74bb2021-12-21 10:46:37.447root 11241100x8000000000000000423325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e709e2206a9f55f2021-12-21 10:46:37.447root 11241100x8000000000000000423326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a212f81fd034ad42021-12-21 10:46:37.447root 11241100x8000000000000000423327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf8b7021c6bdb782021-12-21 10:46:37.447root 11241100x8000000000000000423328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be6486f4a2265a442021-12-21 10:46:37.943root 11241100x8000000000000000423329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae45ef7a795b57702021-12-21 10:46:37.943root 11241100x8000000000000000423330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.017dcfae329aaf9f2021-12-21 10:46:37.943root 11241100x8000000000000000423331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f00bc5ba989cc792021-12-21 10:46:37.943root 11241100x8000000000000000423332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09143d38ba2179422021-12-21 10:46:37.944root 11241100x8000000000000000423333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0400e09e89a87622021-12-21 10:46:37.944root 11241100x8000000000000000423334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c6570167ad13282021-12-21 10:46:37.944root 11241100x8000000000000000423335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.620e5419230a842e2021-12-21 10:46:37.944root 11241100x8000000000000000423336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec6429de6bb896242021-12-21 10:46:37.944root 11241100x8000000000000000423337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bda44a20138dc812021-12-21 10:46:37.944root 11241100x8000000000000000423338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.891205cac764d0302021-12-21 10:46:37.944root 11241100x8000000000000000423339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d592e773a61d378b2021-12-21 10:46:37.945root 11241100x8000000000000000423340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a20de7f06ebb33d52021-12-21 10:46:37.945root 11241100x8000000000000000423341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac441771cd9d366d2021-12-21 10:46:37.945root 11241100x8000000000000000423342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.086368cfd6fd81152021-12-21 10:46:37.945root 11241100x8000000000000000423343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e5d1e0813b4aac2021-12-21 10:46:37.945root 11241100x8000000000000000423344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd82064cd154f9af2021-12-21 10:46:37.945root 11241100x8000000000000000423345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ce37c45300a8d02021-12-21 10:46:37.945root 11241100x8000000000000000423346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b04dc84090b1152021-12-21 10:46:37.945root 11241100x8000000000000000423347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1119fe1a4b23d3fb2021-12-21 10:46:37.945root 11241100x8000000000000000423348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce4fbb3a0efc99722021-12-21 10:46:37.945root 11241100x8000000000000000423349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed9047636004d05d2021-12-21 10:46:37.946root 11241100x8000000000000000423350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f23326d6c65e492021-12-21 10:46:37.946root 11241100x8000000000000000423351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8b7d47e2f8a3ab42021-12-21 10:46:37.946root 11241100x8000000000000000423352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f83612f1a91b8a2021-12-21 10:46:37.946root 11241100x8000000000000000423353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.935c9c3e247de5012021-12-21 10:46:37.946root 11241100x8000000000000000423354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.742cb1cbbed33b8b2021-12-21 10:46:37.946root 11241100x8000000000000000423355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.672aad0857ee4ba82021-12-21 10:46:37.946root 11241100x8000000000000000423356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.129a7afe12aa93eb2021-12-21 10:46:37.946root 11241100x8000000000000000423357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34403361aad058432021-12-21 10:46:37.946root 11241100x8000000000000000423358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14871ab151bb48852021-12-21 10:46:37.946root 11241100x8000000000000000423359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d9551d645c44a92021-12-21 10:46:37.946root 11241100x8000000000000000423360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7390ce294ffa6a802021-12-21 10:46:37.947root 11241100x8000000000000000423361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.720a57faf579c1602021-12-21 10:46:37.947root 11241100x8000000000000000423362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.543a5cb95b94b9f82021-12-21 10:46:37.947root 11241100x8000000000000000423363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.316af233979dbe3d2021-12-21 10:46:37.947root 11241100x8000000000000000423364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10beef30fe10b8832021-12-21 10:46:37.947root 11241100x8000000000000000423365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14111db8796acc242021-12-21 10:46:37.947root 11241100x8000000000000000423366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d2ef1b7f86b0a432021-12-21 10:46:37.947root 11241100x8000000000000000423367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fed4d9755c72cb0d2021-12-21 10:46:37.948root 11241100x8000000000000000423368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.510f398db6994b3e2021-12-21 10:46:37.948root 11241100x8000000000000000423369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:37.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.085dac19930ea7272021-12-21 10:46:37.948root 11241100x8000000000000000423370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b2ca579c20ed05a2021-12-21 10:46:38.443root 11241100x8000000000000000423371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f0da404340e4892021-12-21 10:46:38.443root 11241100x8000000000000000423372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4621da034ffe0c212021-12-21 10:46:38.443root 11241100x8000000000000000423373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74b3472a5bee851d2021-12-21 10:46:38.443root 11241100x8000000000000000423374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.606f56aa02953db32021-12-21 10:46:38.444root 11241100x8000000000000000423375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58769f2ba1354c542021-12-21 10:46:38.444root 11241100x8000000000000000423376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d32ccf06dfeb362021-12-21 10:46:38.444root 11241100x8000000000000000423377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b7450d5651a34402021-12-21 10:46:38.444root 11241100x8000000000000000423378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd3cdabcbf0704792021-12-21 10:46:38.444root 11241100x8000000000000000423379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af1524fcec45312f2021-12-21 10:46:38.444root 11241100x8000000000000000423380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d0538d544d1efb2021-12-21 10:46:38.444root 11241100x8000000000000000423381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2eafd5b877b754f2021-12-21 10:46:38.445root 11241100x8000000000000000423382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53f2935b08969852021-12-21 10:46:38.445root 11241100x8000000000000000423383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b30c6bc5f6abc5f32021-12-21 10:46:38.445root 11241100x8000000000000000423384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49df8450a0492a9b2021-12-21 10:46:38.445root 11241100x8000000000000000423385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0e059807efc3bf2021-12-21 10:46:38.445root 11241100x8000000000000000423386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53752a267b7a071e2021-12-21 10:46:38.445root 11241100x8000000000000000423387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e608d4346b2cdd2021-12-21 10:46:38.445root 11241100x8000000000000000423388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c433765bf940eaf2021-12-21 10:46:38.445root 11241100x8000000000000000423389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.085378c215ce991f2021-12-21 10:46:38.446root 11241100x8000000000000000423390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e9600f455da37c2021-12-21 10:46:38.446root 11241100x8000000000000000423391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a90513de2221812021-12-21 10:46:38.446root 11241100x8000000000000000423392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b6d0c70a61c5d22021-12-21 10:46:38.446root 11241100x8000000000000000423393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e9ab5463754f7b72021-12-21 10:46:38.446root 11241100x8000000000000000423394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2462696e1b4bbda2021-12-21 10:46:38.446root 11241100x8000000000000000423395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f31d09326e493c2021-12-21 10:46:38.446root 11241100x8000000000000000423396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e32a3d0779f9abe2021-12-21 10:46:38.447root 11241100x8000000000000000423397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18878e073bbcd5062021-12-21 10:46:38.447root 11241100x8000000000000000423398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1aceb06f2223c3d2021-12-21 10:46:38.447root 11241100x8000000000000000423399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1237e2950c06b042021-12-21 10:46:38.447root 11241100x8000000000000000423400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf44576d1f673d3e2021-12-21 10:46:38.447root 11241100x8000000000000000423401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.365422c400e53f022021-12-21 10:46:38.447root 11241100x8000000000000000423402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.339bc0a1c2bb1cb42021-12-21 10:46:38.448root 11241100x8000000000000000423403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db538a9e224a9dc42021-12-21 10:46:38.943root 11241100x8000000000000000423404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5c5a9f7e285eb6b2021-12-21 10:46:38.943root 11241100x8000000000000000423405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebaf101dde9f04832021-12-21 10:46:38.943root 11241100x8000000000000000423406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ddaea9b8784662e2021-12-21 10:46:38.944root 11241100x8000000000000000423407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aabc0e3b53c11ac42021-12-21 10:46:38.944root 11241100x8000000000000000423408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e040e38ed655ee682021-12-21 10:46:38.944root 11241100x8000000000000000423409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f851b0fd2c1148aa2021-12-21 10:46:38.944root 11241100x8000000000000000423410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc39774a6df3013e2021-12-21 10:46:38.944root 11241100x8000000000000000423411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35df4ebe068645382021-12-21 10:46:38.944root 11241100x8000000000000000423412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.014215a629ec85642021-12-21 10:46:38.944root 11241100x8000000000000000423413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14c0f7f3e9d944132021-12-21 10:46:38.944root 11241100x8000000000000000423414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c02931d0510b042021-12-21 10:46:38.944root 11241100x8000000000000000423415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccb6846b22e65b5e2021-12-21 10:46:38.944root 11241100x8000000000000000423416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.448a0612c98e40db2021-12-21 10:46:38.944root 11241100x8000000000000000423417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6718cb33a0ddbd132021-12-21 10:46:38.944root 11241100x8000000000000000423418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.356a7479c26fae172021-12-21 10:46:38.945root 11241100x8000000000000000423419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e315d64afcad1f2021-12-21 10:46:38.945root 11241100x8000000000000000423420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd09a1666f974aa92021-12-21 10:46:38.945root 11241100x8000000000000000423421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec1373d5b6c339d2021-12-21 10:46:38.945root 11241100x8000000000000000423422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1a7606a3b82c7cd2021-12-21 10:46:38.945root 11241100x8000000000000000423423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ecf67c3e734a972021-12-21 10:46:38.945root 11241100x8000000000000000423424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72b1d0921725833e2021-12-21 10:46:38.945root 11241100x8000000000000000423425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2358a0617512a3442021-12-21 10:46:38.945root 11241100x8000000000000000423426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c220c55bffe430ba2021-12-21 10:46:38.945root 11241100x8000000000000000423427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a71867dc1b992e82021-12-21 10:46:38.945root 11241100x8000000000000000423428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.415623089ca415512021-12-21 10:46:38.945root 11241100x8000000000000000423429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adee304bf52f13dd2021-12-21 10:46:38.945root 11241100x8000000000000000423430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a2218f82a646ca02021-12-21 10:46:38.945root 11241100x8000000000000000423431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c60c459fdc90892021-12-21 10:46:38.945root 11241100x8000000000000000423432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1546578069e92fc52021-12-21 10:46:38.945root 11241100x8000000000000000423433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c5b3044481af0b2021-12-21 10:46:38.945root 11241100x8000000000000000423434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c789063b7e6788082021-12-21 10:46:38.945root 23542300x8000000000000000423435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.343{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000423436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.344{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecb4cc102abf6baa2021-12-21 10:46:39.344root 11241100x8000000000000000423437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c5f68dcb31d22d2021-12-21 10:46:39.345root 11241100x8000000000000000423438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f673f1d71c731e2021-12-21 10:46:39.345root 11241100x8000000000000000423439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d40c343b4721ace92021-12-21 10:46:39.345root 11241100x8000000000000000423440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.751de3a95e883e502021-12-21 10:46:39.345root 11241100x8000000000000000423441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a80b1aee7abf76b2021-12-21 10:46:39.345root 11241100x8000000000000000423442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62103b1895d03c4b2021-12-21 10:46:39.345root 11241100x8000000000000000423443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbb04b65c44dd4ba2021-12-21 10:46:39.345root 11241100x8000000000000000423444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209e62c14805b3d42021-12-21 10:46:39.345root 11241100x8000000000000000423445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a38286b9a5d44832021-12-21 10:46:39.345root 11241100x8000000000000000423446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7836c839c80e0e322021-12-21 10:46:39.345root 11241100x8000000000000000423447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf0e292c0c70fd422021-12-21 10:46:39.345root 11241100x8000000000000000423448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf8632c772bf445f2021-12-21 10:46:39.346root 11241100x8000000000000000423449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89438e0f9b4d8d092021-12-21 10:46:39.346root 11241100x8000000000000000423450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47929b2d6700c3522021-12-21 10:46:39.346root 11241100x8000000000000000423451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b17290385b3cf22021-12-21 10:46:39.346root 11241100x8000000000000000423452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44336e37669c7e4f2021-12-21 10:46:39.346root 11241100x8000000000000000423453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94374b6d0eb9a0ae2021-12-21 10:46:39.346root 11241100x8000000000000000423454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d5a80f664f2a7ed2021-12-21 10:46:39.346root 11241100x8000000000000000423455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7089d1ca4dc414da2021-12-21 10:46:39.346root 11241100x8000000000000000423456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.361c05ddf6629fd82021-12-21 10:46:39.346root 11241100x8000000000000000423457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb49a612aca0de482021-12-21 10:46:39.346root 11241100x8000000000000000423458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.347{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ff602f1d5a1e0c2021-12-21 10:46:39.347root 11241100x8000000000000000423459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.347{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf0ff40852a6c182021-12-21 10:46:39.347root 11241100x8000000000000000423460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.347{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.555f5f77cbe366f32021-12-21 10:46:39.347root 11241100x8000000000000000423461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.347{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adf903dea68b83e62021-12-21 10:46:39.347root 11241100x8000000000000000423462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.347{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0892fa48ab5071d42021-12-21 10:46:39.347root 11241100x8000000000000000423463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.347{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad6d62038409a96b2021-12-21 10:46:39.347root 11241100x8000000000000000423464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe8e27a838f989bb2021-12-21 10:46:39.348root 11241100x8000000000000000423465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d361334a444ce332021-12-21 10:46:39.348root 11241100x8000000000000000423466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7ff8bedbb9a089b2021-12-21 10:46:39.348root 11241100x8000000000000000423467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30360ad5d7e5db612021-12-21 10:46:39.348root 11241100x8000000000000000423468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79424dd51c1c66a92021-12-21 10:46:39.348root 11241100x8000000000000000423469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c074fe0b91e6fd5f2021-12-21 10:46:39.348root 11241100x8000000000000000423470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7850a538b28cae182021-12-21 10:46:39.348root 11241100x8000000000000000423471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4a64a19753dd352021-12-21 10:46:39.349root 11241100x8000000000000000423472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d6f2e09c708864b2021-12-21 10:46:39.349root 11241100x8000000000000000423473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.debee337e808b0752021-12-21 10:46:39.349root 11241100x8000000000000000423474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2716360f3ed21312021-12-21 10:46:39.693root 11241100x8000000000000000423475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5861555e4752c842021-12-21 10:46:39.693root 11241100x8000000000000000423476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7988fcca55535172021-12-21 10:46:39.693root 11241100x8000000000000000423477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.564c2bfef7f2d7982021-12-21 10:46:39.693root 11241100x8000000000000000423478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4605edaaa44cc322021-12-21 10:46:39.694root 11241100x8000000000000000423479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78cd0562c31e47f62021-12-21 10:46:39.694root 11241100x8000000000000000423480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c0100f1e11bacd2021-12-21 10:46:39.694root 11241100x8000000000000000423481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a92302dc592479b62021-12-21 10:46:39.694root 11241100x8000000000000000423482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.268e1a8659fdc0e32021-12-21 10:46:39.694root 11241100x8000000000000000423483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d1970a468685a032021-12-21 10:46:39.694root 11241100x8000000000000000423484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a24a728590205a82021-12-21 10:46:39.694root 11241100x8000000000000000423485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.073934a7e7c73bce2021-12-21 10:46:39.694root 11241100x8000000000000000423486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8ef1ceb8a4168342021-12-21 10:46:39.694root 11241100x8000000000000000423487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9062396eb2831f22021-12-21 10:46:39.694root 11241100x8000000000000000423488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a1164018b636ecd2021-12-21 10:46:39.695root 11241100x8000000000000000423489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d620cb9fe770de2021-12-21 10:46:39.695root 11241100x8000000000000000423490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f8be39e81c08a1f2021-12-21 10:46:39.695root 11241100x8000000000000000423491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97527aa467b91402021-12-21 10:46:39.695root 11241100x8000000000000000423492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d69d3d39cd2fa0c2021-12-21 10:46:39.695root 11241100x8000000000000000423493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62dcd8003ed5f1452021-12-21 10:46:39.695root 11241100x8000000000000000423494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9728b4f0575849a52021-12-21 10:46:39.695root 11241100x8000000000000000423495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dfbb13d9c0e484d2021-12-21 10:46:39.695root 11241100x8000000000000000423496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b225b94f17a235e42021-12-21 10:46:39.695root 11241100x8000000000000000423497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af7915057f9489972021-12-21 10:46:39.695root 11241100x8000000000000000423498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.669d33a63ec412be2021-12-21 10:46:39.695root 11241100x8000000000000000423499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1590fdb8da356932021-12-21 10:46:39.696root 11241100x8000000000000000423500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b81c3790848f49762021-12-21 10:46:39.696root 11241100x8000000000000000423501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.865eb210573e4bed2021-12-21 10:46:39.696root 11241100x8000000000000000423502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d27ac0bdf50955e22021-12-21 10:46:39.696root 11241100x8000000000000000423503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e46306c4b3a3775f2021-12-21 10:46:39.696root 11241100x8000000000000000423504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba9d2c9da3a8e052021-12-21 10:46:39.696root 11241100x8000000000000000423505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d3ac6beb4a84612021-12-21 10:46:39.696root 11241100x8000000000000000423506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ffdd1d836f7e0762021-12-21 10:46:40.193root 11241100x8000000000000000423507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f449e4a6f269961c2021-12-21 10:46:40.193root 11241100x8000000000000000423508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0edf76d3faa9a9432021-12-21 10:46:40.193root 11241100x8000000000000000423509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39a6a8697508caa72021-12-21 10:46:40.193root 11241100x8000000000000000423510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cbdc8377253aa182021-12-21 10:46:40.193root 11241100x8000000000000000423511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74dbbf940c04b22d2021-12-21 10:46:40.193root 11241100x8000000000000000423512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c80eabec4611e72021-12-21 10:46:40.193root 11241100x8000000000000000423513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84eada540c552e332021-12-21 10:46:40.193root 11241100x8000000000000000423514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9fe7053b07457e72021-12-21 10:46:40.193root 11241100x8000000000000000423515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b7996946e0da2412021-12-21 10:46:40.193root 11241100x8000000000000000423516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db31aab8dfab8ac2021-12-21 10:46:40.194root 11241100x8000000000000000423517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7bc061c23b3e92c2021-12-21 10:46:40.194root 11241100x8000000000000000423518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d3fbfcff4acb6be2021-12-21 10:46:40.194root 11241100x8000000000000000423519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d5afa4ea6dd3922021-12-21 10:46:40.194root 11241100x8000000000000000423520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac957f59cc5ba41d2021-12-21 10:46:40.194root 11241100x8000000000000000423521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a865c6ff29641322021-12-21 10:46:40.194root 11241100x8000000000000000423522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ac727fe784737552021-12-21 10:46:40.194root 11241100x8000000000000000423523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03bfeb592e247912021-12-21 10:46:40.194root 11241100x8000000000000000423524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd5f58ae1c4cb9a2021-12-21 10:46:40.194root 11241100x8000000000000000423525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf6de3caf24326f2021-12-21 10:46:40.194root 11241100x8000000000000000423526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43090115c8113fa12021-12-21 10:46:40.194root 11241100x8000000000000000423527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43cf8f50d2699cb02021-12-21 10:46:40.195root 11241100x8000000000000000423528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d9d52ee4d98b5c2021-12-21 10:46:40.195root 11241100x8000000000000000423529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d36d24f1ef96d3d2021-12-21 10:46:40.195root 11241100x8000000000000000423530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d911c08c5c9636ff2021-12-21 10:46:40.195root 11241100x8000000000000000423531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4468b4b7b703cbd22021-12-21 10:46:40.195root 11241100x8000000000000000423532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13df3bb6e3d092ae2021-12-21 10:46:40.195root 11241100x8000000000000000423533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b97a34955217922021-12-21 10:46:40.195root 11241100x8000000000000000423534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.347ab5b3ec2df79a2021-12-21 10:46:40.196root 11241100x8000000000000000423535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7efe39b76c9c7cdd2021-12-21 10:46:40.196root 11241100x8000000000000000423536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ef2f1f49c635582021-12-21 10:46:40.196root 11241100x8000000000000000423537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92fc6bbbfeee66be2021-12-21 10:46:40.196root 11241100x8000000000000000423538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93a07b3af584a9142021-12-21 10:46:40.196root 11241100x8000000000000000423539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e76621d6697849f2021-12-21 10:46:40.694root 11241100x8000000000000000423540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d825cfc7dedc582021-12-21 10:46:40.694root 11241100x8000000000000000423541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ade322de8f9553a22021-12-21 10:46:40.694root 11241100x8000000000000000423542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d7b058e161f0f262021-12-21 10:46:40.694root 11241100x8000000000000000423543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b1792ecf39213a2021-12-21 10:46:40.694root 11241100x8000000000000000423544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6011835b45b68c32021-12-21 10:46:40.694root 11241100x8000000000000000423545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae1da15257b3b3e2021-12-21 10:46:40.694root 11241100x8000000000000000423546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a38f620a9590cd812021-12-21 10:46:40.694root 11241100x8000000000000000423547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e2209d7ee056bd42021-12-21 10:46:40.694root 11241100x8000000000000000423548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.995a99d63505417c2021-12-21 10:46:40.695root 11241100x8000000000000000423549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a7256777ffa50a2021-12-21 10:46:40.695root 11241100x8000000000000000423550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d6b42ebe7aa6c42021-12-21 10:46:40.695root 11241100x8000000000000000423551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4c053b42be73d62021-12-21 10:46:40.695root 11241100x8000000000000000423552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d64ef9c6ba4b792021-12-21 10:46:40.695root 11241100x8000000000000000423553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb5ddf35a55a950a2021-12-21 10:46:40.695root 11241100x8000000000000000423554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10e42cc87c4e6a492021-12-21 10:46:40.695root 11241100x8000000000000000423555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.052db94028d45d582021-12-21 10:46:40.695root 11241100x8000000000000000423556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2c76a0137421ac92021-12-21 10:46:40.695root 11241100x8000000000000000423557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.354b140cf9cfe1bc2021-12-21 10:46:40.696root 11241100x8000000000000000423558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6136e5826b20ad732021-12-21 10:46:40.696root 11241100x8000000000000000423559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.392af586b07802542021-12-21 10:46:40.696root 11241100x8000000000000000423560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db04e90845aa8a52021-12-21 10:46:40.696root 11241100x8000000000000000423561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33dbe2a9ca6628012021-12-21 10:46:40.696root 11241100x8000000000000000423562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752b2adcda4289642021-12-21 10:46:40.696root 11241100x8000000000000000423563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c370606fe477f9c2021-12-21 10:46:40.696root 11241100x8000000000000000423564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa17c92f0f0ede2e2021-12-21 10:46:40.697root 11241100x8000000000000000423565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90fed08e45fcf5da2021-12-21 10:46:40.697root 11241100x8000000000000000423566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f87ad831dc4f702021-12-21 10:46:40.697root 11241100x8000000000000000423567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9726b1f6d670c4692021-12-21 10:46:40.697root 11241100x8000000000000000423568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aa35cecb0fc9b3d2021-12-21 10:46:40.697root 11241100x8000000000000000423569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e730bf09bce8d32021-12-21 10:46:40.697root 11241100x8000000000000000423570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:40.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa62b8e8de3a7702021-12-21 10:46:40.697root 11241100x8000000000000000423571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa36fadc8c1416442021-12-21 10:46:41.193root 11241100x8000000000000000423572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa3a29eea6f273e72021-12-21 10:46:41.194root 11241100x8000000000000000423573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a947db3c2a857312021-12-21 10:46:41.194root 11241100x8000000000000000423574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88faa276a5152f1c2021-12-21 10:46:41.195root 11241100x8000000000000000423575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e246511386ba73482021-12-21 10:46:41.195root 11241100x8000000000000000423576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131a32845798eac12021-12-21 10:46:41.196root 11241100x8000000000000000423577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.280d05eab3c6feef2021-12-21 10:46:41.196root 11241100x8000000000000000423578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a696fc4eb56a872021-12-21 10:46:41.197root 11241100x8000000000000000423579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a18e8784d2daa24a2021-12-21 10:46:41.197root 11241100x8000000000000000423580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93128da4ca08f1a22021-12-21 10:46:41.198root 11241100x8000000000000000423581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a7ae4ba83750272021-12-21 10:46:41.198root 11241100x8000000000000000423582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb63933ad20b93f2021-12-21 10:46:41.198root 11241100x8000000000000000423583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f043ca7bf23eff02021-12-21 10:46:41.199root 11241100x8000000000000000423584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2567ec01b54b8b652021-12-21 10:46:41.199root 11241100x8000000000000000423585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ab216cc29eb0ddf2021-12-21 10:46:41.199root 11241100x8000000000000000423586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b2b8f185d865862021-12-21 10:46:41.200root 11241100x8000000000000000423587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d60a35630209082021-12-21 10:46:41.200root 11241100x8000000000000000423588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67bf53881a55cd462021-12-21 10:46:41.201root 11241100x8000000000000000423589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b299b314a51d822021-12-21 10:46:41.201root 11241100x8000000000000000423590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38cf777ed3c6e06c2021-12-21 10:46:41.202root 11241100x8000000000000000423591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35eb3248b7eb28942021-12-21 10:46:41.203root 11241100x8000000000000000423592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.923042b4f0d203d22021-12-21 10:46:41.204root 11241100x8000000000000000423593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6803234b36769342021-12-21 10:46:41.204root 11241100x8000000000000000423594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e048293bed339b2021-12-21 10:46:41.205root 11241100x8000000000000000423595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d902b907c433182021-12-21 10:46:41.205root 11241100x8000000000000000423596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20051fadfc05470b2021-12-21 10:46:41.206root 11241100x8000000000000000423597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ade33749bf787132021-12-21 10:46:41.206root 11241100x8000000000000000423598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5c3d40f474697a2021-12-21 10:46:41.207root 11241100x8000000000000000423599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af56046e72da526d2021-12-21 10:46:41.207root 11241100x8000000000000000423600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00923a4229dcc7912021-12-21 10:46:41.207root 11241100x8000000000000000423601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9932ee9a2d2f8d82021-12-21 10:46:41.208root 11241100x8000000000000000423602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a0121e9499a2b22021-12-21 10:46:41.208root 11241100x8000000000000000423603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c60a05ec714ed8b12021-12-21 10:46:41.693root 11241100x8000000000000000423604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84fd0466862168f82021-12-21 10:46:41.694root 11241100x8000000000000000423605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.390a71d5646359bc2021-12-21 10:46:41.694root 11241100x8000000000000000423606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c05899b6d47809ea2021-12-21 10:46:41.695root 11241100x8000000000000000423607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aa8d6e5b4af0bc02021-12-21 10:46:41.695root 11241100x8000000000000000423608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a02198856ea4f1b72021-12-21 10:46:41.695root 11241100x8000000000000000423609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1748807577b2ef092021-12-21 10:46:41.695root 11241100x8000000000000000423610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cbb4e45f890c4932021-12-21 10:46:41.695root 11241100x8000000000000000423611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b174edee3f5da352021-12-21 10:46:41.695root 11241100x8000000000000000423612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4adb57e47a19e5222021-12-21 10:46:41.695root 11241100x8000000000000000423613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e1cb40c71a62ea2021-12-21 10:46:41.696root 11241100x8000000000000000423614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49fa5148808846bf2021-12-21 10:46:41.696root 11241100x8000000000000000423615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c1dbe71a2b3a692021-12-21 10:46:41.696root 11241100x8000000000000000423616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4d64248971cc292021-12-21 10:46:41.696root 11241100x8000000000000000423617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46706ed86ef80032021-12-21 10:46:41.696root 11241100x8000000000000000423618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.688775de858f88ef2021-12-21 10:46:41.696root 11241100x8000000000000000423619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82577d968770f6b2021-12-21 10:46:41.696root 11241100x8000000000000000423620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0daa536ab9d2ab432021-12-21 10:46:41.696root 11241100x8000000000000000423621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f212900c47435d2021-12-21 10:46:41.697root 11241100x8000000000000000423622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38953458642b7f4d2021-12-21 10:46:41.697root 11241100x8000000000000000423623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63d51a50c10359842021-12-21 10:46:41.697root 11241100x8000000000000000423624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a6bd909cb5f46f92021-12-21 10:46:41.697root 11241100x8000000000000000423625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca59b31d9897e4f2021-12-21 10:46:41.697root 11241100x8000000000000000423626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb61138ff725bb72021-12-21 10:46:41.697root 11241100x8000000000000000423627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de0ab94b5f4c605b2021-12-21 10:46:41.697root 11241100x8000000000000000423628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ec2a46c3b200b62021-12-21 10:46:41.697root 11241100x8000000000000000423629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4c35db1d4162822021-12-21 10:46:41.697root 11241100x8000000000000000423630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.235b6d289fbdd4172021-12-21 10:46:41.697root 11241100x8000000000000000423631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60f86a3b473fc83b2021-12-21 10:46:41.698root 11241100x8000000000000000423632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faffba8b04c1e1572021-12-21 10:46:41.698root 11241100x8000000000000000423633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46be27437f39fe312021-12-21 10:46:41.698root 11241100x8000000000000000423634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:41.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527f15df1010cec22021-12-21 10:46:41.698root 354300x8000000000000000423635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.154{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47586-false10.0.1.12-8000- 11241100x8000000000000000423636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.155{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4573ee4278c59652021-12-21 10:46:42.155root 11241100x8000000000000000423637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.155{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c0cb4922bfe1dc2021-12-21 10:46:42.155root 11241100x8000000000000000423638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.155{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d587f75a533955852021-12-21 10:46:42.155root 11241100x8000000000000000423639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.155{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f61577ada2d1bb32021-12-21 10:46:42.155root 11241100x8000000000000000423640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.155{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e472ad3c976f5b2021-12-21 10:46:42.155root 11241100x8000000000000000423641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.155{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aca757423bdd91c2021-12-21 10:46:42.155root 11241100x8000000000000000423642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.156{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aaa0fdc5ac26d1b2021-12-21 10:46:42.156root 11241100x8000000000000000423643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.156{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb25dda36bea04c82021-12-21 10:46:42.156root 11241100x8000000000000000423644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.156{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbad0b76f6cb774d2021-12-21 10:46:42.156root 11241100x8000000000000000423645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.156{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a9556a67679cb42021-12-21 10:46:42.156root 11241100x8000000000000000423646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.156{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de0c18e7c400660b2021-12-21 10:46:42.156root 11241100x8000000000000000423647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.156{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fbc4bd88cf25c6f2021-12-21 10:46:42.156root 11241100x8000000000000000423648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.156{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.867a0b4006b28db22021-12-21 10:46:42.156root 11241100x8000000000000000423649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.156{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.667c5c0628567fe82021-12-21 10:46:42.156root 11241100x8000000000000000423650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.156{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e51c304c50fd7e2021-12-21 10:46:42.156root 11241100x8000000000000000423651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.156{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d607e1a0f3775c02021-12-21 10:46:42.156root 11241100x8000000000000000423652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f9fb41a102852982021-12-21 10:46:42.157root 11241100x8000000000000000423653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b6fd375431ac8942021-12-21 10:46:42.157root 11241100x8000000000000000423654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4abce7d60969d1072021-12-21 10:46:42.157root 11241100x8000000000000000423655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3835045d5af33cee2021-12-21 10:46:42.157root 11241100x8000000000000000423656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d194f2a2a0b525472021-12-21 10:46:42.157root 11241100x8000000000000000423657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.239d374af52c7e662021-12-21 10:46:42.157root 11241100x8000000000000000423658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9774997073e6c8602021-12-21 10:46:42.157root 11241100x8000000000000000423659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb5a19d6d418c65d2021-12-21 10:46:42.157root 11241100x8000000000000000423660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.157{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4fbf9c908cd02442021-12-21 10:46:42.157root 11241100x8000000000000000423661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.158{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e33e759ea55db4532021-12-21 10:46:42.158root 11241100x8000000000000000423662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.158{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd4e2ef40eb0a902021-12-21 10:46:42.158root 11241100x8000000000000000423663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.158{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.379da91bd74b13a72021-12-21 10:46:42.158root 11241100x8000000000000000423664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.158{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf4748c44ea799f2021-12-21 10:46:42.158root 11241100x8000000000000000423665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.159{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0877a984edef67a2021-12-21 10:46:42.159root 11241100x8000000000000000423666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.159{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431ab01b603cb5ae2021-12-21 10:46:42.159root 11241100x8000000000000000423667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.159{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ad9f702fd0b5db2021-12-21 10:46:42.159root 11241100x8000000000000000423668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.160{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.163dedaf8864b7fd2021-12-21 10:46:42.160root 11241100x8000000000000000423669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.160{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25cce0c9036e61662021-12-21 10:46:42.160root 11241100x8000000000000000423670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.160{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da64044fae6c62b2021-12-21 10:46:42.160root 11241100x8000000000000000423671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.161{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fd15467e0300b922021-12-21 10:46:42.161root 11241100x8000000000000000423672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.162{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed7c9670ab17f3e92021-12-21 10:46:42.162root 11241100x8000000000000000423673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.162{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57dfe311079f44f42021-12-21 10:46:42.162root 11241100x8000000000000000423674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.162{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d555bb014e53d48d2021-12-21 10:46:42.162root 11241100x8000000000000000423675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.162{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3279af887e56034e2021-12-21 10:46:42.162root 11241100x8000000000000000423676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.162{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa6ca2c5e926f4032021-12-21 10:46:42.162root 11241100x8000000000000000423677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.163{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d752c5032193f82021-12-21 10:46:42.163root 11241100x8000000000000000423678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.163{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f6da653d514c2842021-12-21 10:46:42.163root 11241100x8000000000000000423679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.163{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13da0d5d85fd6f572021-12-21 10:46:42.163root 11241100x8000000000000000423680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.163{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c588ce12f0e8392021-12-21 10:46:42.163root 11241100x8000000000000000423681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.163{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16b90ea5e5ff80ec2021-12-21 10:46:42.163root 11241100x8000000000000000423682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.164{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.079ae57014ff7e352021-12-21 10:46:42.164root 11241100x8000000000000000423683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.164{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed289a2973466542021-12-21 10:46:42.164root 11241100x8000000000000000423684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.164{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d4c8da96e228fe2021-12-21 10:46:42.164root 11241100x8000000000000000423685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.164{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02137dbe5b1dd5602021-12-21 10:46:42.164root 11241100x8000000000000000423686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.164{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4e32969ce56ed5a2021-12-21 10:46:42.164root 11241100x8000000000000000423687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.164{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce826abc871164ed2021-12-21 10:46:42.164root 11241100x8000000000000000423688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.165{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1fafca2a4baecff2021-12-21 10:46:42.165root 11241100x8000000000000000423689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.165{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ace44786da8a3a5e2021-12-21 10:46:42.165root 11241100x8000000000000000423690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.165{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9959987d06137dd2021-12-21 10:46:42.165root 11241100x8000000000000000423691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.165{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86900ad4aaacb9b92021-12-21 10:46:42.165root 11241100x8000000000000000423692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.165{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078f2be3d9c1963d2021-12-21 10:46:42.165root 11241100x8000000000000000423693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.165{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200bc452987a315a2021-12-21 10:46:42.165root 11241100x8000000000000000423694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.166{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfdb84ce019580012021-12-21 10:46:42.166root 11241100x8000000000000000423695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.166{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0909549c22e5e2c2021-12-21 10:46:42.166root 11241100x8000000000000000423696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.166{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d70e558e81ef8672021-12-21 10:46:42.166root 11241100x8000000000000000423697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.166{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd01ccc6fcda97ee2021-12-21 10:46:42.166root 11241100x8000000000000000423698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.166{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9aff4f985b78e702021-12-21 10:46:42.166root 11241100x8000000000000000423699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.167{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b040a7ccbcf580fa2021-12-21 10:46:42.167root 11241100x8000000000000000423700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.167{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c16a4c9da4a09b2021-12-21 10:46:42.167root 11241100x8000000000000000423701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.167{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f3142d6cd7fe8ec2021-12-21 10:46:42.167root 11241100x8000000000000000423702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.167{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b24883c033c8a7282021-12-21 10:46:42.167root 11241100x8000000000000000423703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.167{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6185cd61c61c2d842021-12-21 10:46:42.167root 11241100x8000000000000000423704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.168{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21326f45068984be2021-12-21 10:46:42.168root 11241100x8000000000000000423705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.168{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15cc1b8a020b00472021-12-21 10:46:42.168root 11241100x8000000000000000423706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.168{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1ecb9ded6b0eb6b2021-12-21 10:46:42.168root 11241100x8000000000000000423707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.168{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa89258935ade0832021-12-21 10:46:42.168root 11241100x8000000000000000423708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.168{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe4e37bedd415c82021-12-21 10:46:42.168root 11241100x8000000000000000423709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc5c97711f6aa4d2021-12-21 10:46:42.443root 11241100x8000000000000000423710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dc05978f066ea0d2021-12-21 10:46:42.443root 11241100x8000000000000000423711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3886ee1eb45850f72021-12-21 10:46:42.443root 11241100x8000000000000000423712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d4f523b6f8831d2021-12-21 10:46:42.443root 11241100x8000000000000000423713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba8c8ad2529ae8be2021-12-21 10:46:42.444root 11241100x8000000000000000423714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec8bf493758450062021-12-21 10:46:42.444root 11241100x8000000000000000423715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdeab2d053859ae62021-12-21 10:46:42.444root 11241100x8000000000000000423716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.819c0bd96f48b0df2021-12-21 10:46:42.444root 11241100x8000000000000000423717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d467e43cdcea53ab2021-12-21 10:46:42.444root 11241100x8000000000000000423718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f0e83a8b46d94f2021-12-21 10:46:42.444root 11241100x8000000000000000423719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c29914698d4e2e62021-12-21 10:46:42.444root 11241100x8000000000000000423720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d623765e25d6eb82021-12-21 10:46:42.444root 11241100x8000000000000000423721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf8a35dafcb7360c2021-12-21 10:46:42.444root 11241100x8000000000000000423722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.862f141a123b77732021-12-21 10:46:42.444root 11241100x8000000000000000423723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e3d9ba8fbf4c7e2021-12-21 10:46:42.444root 11241100x8000000000000000423724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a63ed4c7bbaaf61d2021-12-21 10:46:42.445root 11241100x8000000000000000423725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e701b0188955c202021-12-21 10:46:42.445root 11241100x8000000000000000423726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e53eeee60199e1062021-12-21 10:46:42.445root 11241100x8000000000000000423727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c16c69f4153100c62021-12-21 10:46:42.445root 11241100x8000000000000000423728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9b696e13518e4452021-12-21 10:46:42.445root 11241100x8000000000000000423729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1485e5c6cd50f0372021-12-21 10:46:42.446root 11241100x8000000000000000423730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e70f95f1df9bb4432021-12-21 10:46:42.446root 11241100x8000000000000000423731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc236469e6eae9072021-12-21 10:46:42.446root 11241100x8000000000000000423732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb4b5f1893002b12021-12-21 10:46:42.446root 11241100x8000000000000000423733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5986e34c28db0a832021-12-21 10:46:42.446root 11241100x8000000000000000423734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4248ed62b258386a2021-12-21 10:46:42.446root 11241100x8000000000000000423735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1138d4c89c529c42021-12-21 10:46:42.447root 11241100x8000000000000000423736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f64936ecd086c3d02021-12-21 10:46:42.447root 11241100x8000000000000000423737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d6c02529e9687452021-12-21 10:46:42.447root 11241100x8000000000000000423738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a57bad1c7be870612021-12-21 10:46:42.447root 11241100x8000000000000000423739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d24ec0592e8dfc2021-12-21 10:46:42.447root 11241100x8000000000000000423740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a8bfc08271d04512021-12-21 10:46:42.448root 11241100x8000000000000000423741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6043e9a613bb702c2021-12-21 10:46:42.449root 11241100x8000000000000000423742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b226bb5d0255eb12021-12-21 10:46:42.943root 11241100x8000000000000000423743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00fc02e27a14b1fc2021-12-21 10:46:42.943root 11241100x8000000000000000423744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6db762460b4738c2021-12-21 10:46:42.943root 11241100x8000000000000000423745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69ffe6c86faba84f2021-12-21 10:46:42.943root 11241100x8000000000000000423746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b348e0dd8dc88c2021-12-21 10:46:42.943root 11241100x8000000000000000423747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf3540737ee6217a2021-12-21 10:46:42.944root 11241100x8000000000000000423748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.852225b5326d038d2021-12-21 10:46:42.944root 11241100x8000000000000000423749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28fc4e17c4ade7822021-12-21 10:46:42.944root 11241100x8000000000000000423750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d4b3436b84a1fdd2021-12-21 10:46:42.944root 11241100x8000000000000000423751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afe2e945421710462021-12-21 10:46:42.944root 11241100x8000000000000000423752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e26ef2b8e7d4c02e2021-12-21 10:46:42.944root 11241100x8000000000000000423753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed9ffe551ed99e112021-12-21 10:46:42.944root 11241100x8000000000000000423754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca1ed71ebf9621932021-12-21 10:46:42.944root 11241100x8000000000000000423755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8792a55d629c7ed2021-12-21 10:46:42.945root 11241100x8000000000000000423756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3129f6b423b4415a2021-12-21 10:46:42.945root 11241100x8000000000000000423757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d73f083ad4ba4de2021-12-21 10:46:42.945root 11241100x8000000000000000423758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef9e31ac75067af2021-12-21 10:46:42.945root 11241100x8000000000000000423759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f01f0eeeff6e1062021-12-21 10:46:42.945root 11241100x8000000000000000423760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.797f786e5cae77272021-12-21 10:46:42.945root 11241100x8000000000000000423761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6065b5858bf40932021-12-21 10:46:42.945root 11241100x8000000000000000423762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc415e5424f85ce72021-12-21 10:46:42.945root 11241100x8000000000000000423763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ffb5023b77f4c5d2021-12-21 10:46:42.945root 11241100x8000000000000000423764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.470122c9cc517adb2021-12-21 10:46:42.946root 11241100x8000000000000000423765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa68eeb408990e212021-12-21 10:46:42.946root 11241100x8000000000000000423766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a067a296de672dcb2021-12-21 10:46:42.946root 11241100x8000000000000000423767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f35b2326892f3d32021-12-21 10:46:42.946root 11241100x8000000000000000423768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.281370439141c26a2021-12-21 10:46:42.946root 11241100x8000000000000000423769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81291db83f8b841c2021-12-21 10:46:42.946root 11241100x8000000000000000423770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a165cd34efbead62021-12-21 10:46:42.946root 11241100x8000000000000000423771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdcf8012038666732021-12-21 10:46:42.947root 11241100x8000000000000000423772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd9a45036a97e7b2021-12-21 10:46:42.947root 11241100x8000000000000000423773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86aba01a3f7d3a602021-12-21 10:46:42.947root 11241100x8000000000000000423774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:42.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6056870258749902021-12-21 10:46:42.948root 11241100x8000000000000000423775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c8679bdaad36b2f2021-12-21 10:46:43.442root 11241100x8000000000000000423776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef87c73d20bdb83a2021-12-21 10:46:43.443root 11241100x8000000000000000423777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2de200d6b3308092021-12-21 10:46:43.443root 11241100x8000000000000000423778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.214ef85c90e74d5d2021-12-21 10:46:43.443root 11241100x8000000000000000423779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b9fd41962807382021-12-21 10:46:43.444root 11241100x8000000000000000423780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.806d8c2dcb5f93402021-12-21 10:46:43.444root 11241100x8000000000000000423781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a710dcde0847719a2021-12-21 10:46:43.444root 11241100x8000000000000000423782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.975eea6c4ec4d3592021-12-21 10:46:43.444root 11241100x8000000000000000423783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a4d6d5d7d93e75f2021-12-21 10:46:43.444root 11241100x8000000000000000423784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d75224e1f1d87ba2021-12-21 10:46:43.444root 11241100x8000000000000000423785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1678ba80bd9ed4c2021-12-21 10:46:43.445root 11241100x8000000000000000423786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc9f72f7f0b195cd2021-12-21 10:46:43.445root 11241100x8000000000000000423787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e91e3be9aca191a2021-12-21 10:46:43.445root 11241100x8000000000000000423788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eba7e213c7fdd6ac2021-12-21 10:46:43.445root 11241100x8000000000000000423789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f396a08f43e9359b2021-12-21 10:46:43.445root 11241100x8000000000000000423790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2beaa60bb29845572021-12-21 10:46:43.445root 11241100x8000000000000000423791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645ed4b8f755e3d12021-12-21 10:46:43.445root 11241100x8000000000000000423792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e64fd332a69ccd22021-12-21 10:46:43.446root 11241100x8000000000000000423793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.554e2cfbbd33204a2021-12-21 10:46:43.446root 11241100x8000000000000000423794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab9e5aca8b722fa2021-12-21 10:46:43.446root 11241100x8000000000000000423795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7dcca72df8386042021-12-21 10:46:43.446root 11241100x8000000000000000423796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e676ea9dc19d8c2021-12-21 10:46:43.446root 11241100x8000000000000000423797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b57f7b12614544e2021-12-21 10:46:43.447root 11241100x8000000000000000423798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2afe25b8ceb9c56d2021-12-21 10:46:43.448root 11241100x8000000000000000423799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c44947678915d7842021-12-21 10:46:43.449root 11241100x8000000000000000423800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98e7ebda84cd8a572021-12-21 10:46:43.449root 11241100x8000000000000000423801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a20a6e86662b4dca2021-12-21 10:46:43.449root 11241100x8000000000000000423802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b16cb1f252c0df2021-12-21 10:46:43.449root 11241100x8000000000000000423803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99bf888a660a00ce2021-12-21 10:46:43.449root 11241100x8000000000000000423804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.111a9d3af9707fce2021-12-21 10:46:43.449root 11241100x8000000000000000423805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4f96f496d48ff22021-12-21 10:46:43.449root 11241100x8000000000000000423806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a39bfd0d4746bf42021-12-21 10:46:43.449root 11241100x8000000000000000423807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71944a7ab0d084e2021-12-21 10:46:43.449root 11241100x8000000000000000423808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c457fe17537fd22021-12-21 10:46:43.449root 11241100x8000000000000000423809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a489656bcbe92ae2021-12-21 10:46:43.449root 11241100x8000000000000000423810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.837ca33c82c4bed72021-12-21 10:46:43.450root 11241100x8000000000000000423811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b269d96b65bb6b112021-12-21 10:46:43.450root 11241100x8000000000000000423812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cadc4dd0b5a64662021-12-21 10:46:43.450root 11241100x8000000000000000423813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.182ace26b923911b2021-12-21 10:46:43.943root 11241100x8000000000000000423814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.526706fcf01fd7b62021-12-21 10:46:43.943root 11241100x8000000000000000423815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9836d9384c51cc2021-12-21 10:46:43.943root 11241100x8000000000000000423816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74c13bc604aa6ac32021-12-21 10:46:43.944root 11241100x8000000000000000423817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51e5fcf7164a6b992021-12-21 10:46:43.944root 11241100x8000000000000000423818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fafebe987d0e2f4f2021-12-21 10:46:43.944root 11241100x8000000000000000423819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac086037eff9c5592021-12-21 10:46:43.944root 11241100x8000000000000000423820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431b56d1d680ca532021-12-21 10:46:43.944root 11241100x8000000000000000423821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55053bed4b910c1a2021-12-21 10:46:43.944root 11241100x8000000000000000423822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bfa7116da23dbc52021-12-21 10:46:43.944root 11241100x8000000000000000423823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce607864961e533b2021-12-21 10:46:43.944root 11241100x8000000000000000423824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6644d5af244645ac2021-12-21 10:46:43.944root 11241100x8000000000000000423825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24eae6951b53f4942021-12-21 10:46:43.944root 11241100x8000000000000000423826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53a5f208cc6acb632021-12-21 10:46:43.944root 11241100x8000000000000000423827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc2de467383f18a2021-12-21 10:46:43.945root 11241100x8000000000000000423828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff5d722ae082f9562021-12-21 10:46:43.945root 11241100x8000000000000000423829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32b931087dbb3fbd2021-12-21 10:46:43.945root 11241100x8000000000000000423830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6adeca40f1c34c2021-12-21 10:46:43.945root 11241100x8000000000000000423831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19cb33ed3ed9b1642021-12-21 10:46:43.945root 11241100x8000000000000000423832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f6e12f3f0a05552021-12-21 10:46:43.945root 11241100x8000000000000000423833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09f1a029b32c20e2021-12-21 10:46:43.945root 11241100x8000000000000000423834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4107437c7ea3140e2021-12-21 10:46:43.945root 11241100x8000000000000000423835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61d15930882520182021-12-21 10:46:43.945root 11241100x8000000000000000423836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1f616a80a24c5b92021-12-21 10:46:43.945root 11241100x8000000000000000423837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e6402ebbfb2e20d2021-12-21 10:46:43.945root 11241100x8000000000000000423838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c7b4b04f454a1632021-12-21 10:46:43.945root 11241100x8000000000000000423839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c11d06b9d2a3402021-12-21 10:46:43.945root 11241100x8000000000000000423840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d48375b1c0db27192021-12-21 10:46:43.945root 11241100x8000000000000000423841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f03980cb8159ffa82021-12-21 10:46:43.945root 11241100x8000000000000000423842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d36ffd2790f3fa0c2021-12-21 10:46:43.945root 11241100x8000000000000000423843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d8cf0445dd459332021-12-21 10:46:43.946root 11241100x8000000000000000423844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1ac075ba341bb862021-12-21 10:46:43.946root 11241100x8000000000000000423845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:43.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb9f2ee47cb5e3d22021-12-21 10:46:43.946root 11241100x8000000000000000423846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.932fbdaa6fe067212021-12-21 10:46:44.443root 11241100x8000000000000000423847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990571d0835126922021-12-21 10:46:44.443root 11241100x8000000000000000423848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1effcf61ef5c1ccb2021-12-21 10:46:44.443root 11241100x8000000000000000423849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5cc8010dab2697e2021-12-21 10:46:44.443root 11241100x8000000000000000423850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d95bed343eba6e62021-12-21 10:46:44.444root 11241100x8000000000000000423851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19324b1468ab058f2021-12-21 10:46:44.444root 11241100x8000000000000000423852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84473ec9c58232002021-12-21 10:46:44.444root 11241100x8000000000000000423853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c19ebaf0b65b744a2021-12-21 10:46:44.444root 11241100x8000000000000000423854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a51263d42cc7632021-12-21 10:46:44.444root 11241100x8000000000000000423855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ca7001270ca0ec2021-12-21 10:46:44.444root 11241100x8000000000000000423856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9383a3f0e3abf282021-12-21 10:46:44.444root 11241100x8000000000000000423857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4648cc30364de79f2021-12-21 10:46:44.444root 11241100x8000000000000000423858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee59e78b8c99bd962021-12-21 10:46:44.445root 11241100x8000000000000000423859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2350bc6bc0a68662021-12-21 10:46:44.445root 11241100x8000000000000000423860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d15252e23e1ffc92021-12-21 10:46:44.445root 11241100x8000000000000000423861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ee12a3a5bbbc1b2021-12-21 10:46:44.445root 11241100x8000000000000000423862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd5de917510192552021-12-21 10:46:44.445root 11241100x8000000000000000423863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3363d23408b69f222021-12-21 10:46:44.445root 11241100x8000000000000000423864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c87da0530aa0ef12021-12-21 10:46:44.446root 11241100x8000000000000000423865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b1650ccc3e9f7122021-12-21 10:46:44.446root 11241100x8000000000000000423866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd16f5c4a29330b2021-12-21 10:46:44.446root 11241100x8000000000000000423867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf3e3d03afc6a1372021-12-21 10:46:44.446root 11241100x8000000000000000423868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c036291316a00f2021-12-21 10:46:44.446root 11241100x8000000000000000423869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38df4c832b40e7182021-12-21 10:46:44.446root 11241100x8000000000000000423870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49fdb50ac3e0c3e92021-12-21 10:46:44.446root 11241100x8000000000000000423871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df05c1c3b80b59ee2021-12-21 10:46:44.447root 11241100x8000000000000000423872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b050ae96665f571b2021-12-21 10:46:44.447root 11241100x8000000000000000423873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dcbadac59233e9d2021-12-21 10:46:44.447root 11241100x8000000000000000423874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.426ffb67a53beb632021-12-21 10:46:44.447root 11241100x8000000000000000423875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c35bfaf05c094cdb2021-12-21 10:46:44.447root 11241100x8000000000000000423876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e75b9baee95a8e602021-12-21 10:46:44.447root 11241100x8000000000000000423877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee3526426d9653182021-12-21 10:46:44.447root 11241100x8000000000000000423878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae36290005354882021-12-21 10:46:44.447root 11241100x8000000000000000423879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe45a72acc4a24e52021-12-21 10:46:44.447root 11241100x8000000000000000423880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76557052e5f386d92021-12-21 10:46:44.942root 11241100x8000000000000000423881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09298b0cf664101a2021-12-21 10:46:44.943root 11241100x8000000000000000423882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e409b85d35506e72021-12-21 10:46:44.943root 11241100x8000000000000000423883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c44cc06a370b68742021-12-21 10:46:44.943root 11241100x8000000000000000423884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8961e5fea62a57fc2021-12-21 10:46:44.943root 11241100x8000000000000000423885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a7f2371f3ddcfb42021-12-21 10:46:44.943root 11241100x8000000000000000423886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be81142b867d2a062021-12-21 10:46:44.943root 11241100x8000000000000000423887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b6ede12e8477362021-12-21 10:46:44.943root 11241100x8000000000000000423888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.783e9da5ab2ba5892021-12-21 10:46:44.943root 11241100x8000000000000000423889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f6a0d3e364394272021-12-21 10:46:44.943root 11241100x8000000000000000423890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd0ca08bbb5e5762021-12-21 10:46:44.944root 11241100x8000000000000000423891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda8e3bba5ae34ea2021-12-21 10:46:44.944root 11241100x8000000000000000423892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47677c7fc69295452021-12-21 10:46:44.944root 11241100x8000000000000000423893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c59f683b6177811c2021-12-21 10:46:44.944root 11241100x8000000000000000423894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af0fa424b1611bdd2021-12-21 10:46:44.944root 11241100x8000000000000000423895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f012e9e6f1f00092021-12-21 10:46:44.944root 11241100x8000000000000000423896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60fa492d2aad4ab12021-12-21 10:46:44.944root 11241100x8000000000000000423897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed198c506ba3be92021-12-21 10:46:44.944root 11241100x8000000000000000423898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3cc0e85b9240d872021-12-21 10:46:44.944root 11241100x8000000000000000423899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.728f8b92830314222021-12-21 10:46:44.944root 11241100x8000000000000000423900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac1c192b92dff482021-12-21 10:46:44.944root 11241100x8000000000000000423901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b677a3cec1aa8202021-12-21 10:46:44.944root 11241100x8000000000000000423902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6286616cb4ed0e12021-12-21 10:46:44.944root 11241100x8000000000000000423903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20eea093d43539a62021-12-21 10:46:44.944root 11241100x8000000000000000423904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54cd6ee7e4aacc232021-12-21 10:46:44.944root 11241100x8000000000000000423905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4057afa49c3692852021-12-21 10:46:44.945root 11241100x8000000000000000423906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3315c569d19800352021-12-21 10:46:44.945root 11241100x8000000000000000423907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.769793246ff2a3252021-12-21 10:46:44.945root 11241100x8000000000000000423908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a7ea260aa07feb32021-12-21 10:46:44.945root 11241100x8000000000000000423909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f6a7857bf8b16e92021-12-21 10:46:44.945root 11241100x8000000000000000423910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d68a8a6aa515af32021-12-21 10:46:44.945root 11241100x8000000000000000423911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ed77b404d514552021-12-21 10:46:44.945root 11241100x8000000000000000423912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d08eba0ce1759af82021-12-21 10:46:44.945root 11241100x8000000000000000423913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7932e3a1abed5282021-12-21 10:46:44.945root 11241100x8000000000000000423914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd1418aaecee3ed32021-12-21 10:46:44.946root 11241100x8000000000000000423915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1954400a4aa10ee72021-12-21 10:46:44.946root 11241100x8000000000000000423916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9398d8969d0b08de2021-12-21 10:46:44.946root 11241100x8000000000000000423917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ed4e8b6fa4bd122021-12-21 10:46:45.443root 11241100x8000000000000000423918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.211f0e818f7097012021-12-21 10:46:45.443root 11241100x8000000000000000423919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63c5514185986dd82021-12-21 10:46:45.444root 11241100x8000000000000000423920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed8cb4a838b5a792021-12-21 10:46:45.444root 11241100x8000000000000000423921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e77b3dbd17c1b9692021-12-21 10:46:45.444root 11241100x8000000000000000423922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f28149077b18c732021-12-21 10:46:45.444root 11241100x8000000000000000423923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd700f8ecc5ba65a2021-12-21 10:46:45.444root 11241100x8000000000000000423924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f0c4fd720dfb602021-12-21 10:46:45.445root 11241100x8000000000000000423925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e49cc40654130e012021-12-21 10:46:45.445root 11241100x8000000000000000423926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b0e11da51062352021-12-21 10:46:45.445root 11241100x8000000000000000423927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.943bc77ed7ed2ac82021-12-21 10:46:45.445root 11241100x8000000000000000423928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.625a7a85dbfe2cd42021-12-21 10:46:45.446root 11241100x8000000000000000423929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e33ad39e1f64a9d2021-12-21 10:46:45.446root 11241100x8000000000000000423930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7717ef75505d3022021-12-21 10:46:45.446root 11241100x8000000000000000423931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de8d5078cced8362021-12-21 10:46:45.446root 11241100x8000000000000000423932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb0df5fe0e8ed8552021-12-21 10:46:45.446root 11241100x8000000000000000423933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4948efd510b20dda2021-12-21 10:46:45.446root 11241100x8000000000000000423934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dac869c2c9cf4b32021-12-21 10:46:45.447root 11241100x8000000000000000423935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4acb494da5e109a02021-12-21 10:46:45.447root 11241100x8000000000000000423936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b4c0733071832da2021-12-21 10:46:45.447root 11241100x8000000000000000423937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95f8f71c16ab90092021-12-21 10:46:45.447root 11241100x8000000000000000423938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fed6e90f3fa89662021-12-21 10:46:45.448root 11241100x8000000000000000423939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5da8bf1dfe205692021-12-21 10:46:45.448root 11241100x8000000000000000423940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da10094e95238e92021-12-21 10:46:45.448root 11241100x8000000000000000423941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0528aafd1998bfb82021-12-21 10:46:45.448root 11241100x8000000000000000423942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f362352ac12e4db2021-12-21 10:46:45.448root 11241100x8000000000000000423943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf2883876c2726d2021-12-21 10:46:45.448root 11241100x8000000000000000423944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e133ecb5fecaad2021-12-21 10:46:45.448root 11241100x8000000000000000423945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e754cfffbf76c82021-12-21 10:46:45.448root 11241100x8000000000000000423946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2369245889ddbeea2021-12-21 10:46:45.448root 11241100x8000000000000000423947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc19dc7f48ae70702021-12-21 10:46:45.448root 11241100x8000000000000000423948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.433e43122a7b16a52021-12-21 10:46:45.449root 11241100x8000000000000000423949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e13db7108927192021-12-21 10:46:45.449root 11241100x8000000000000000423950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7873144b3b7ba072021-12-21 10:46:45.943root 11241100x8000000000000000423951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a407ebb9228422332021-12-21 10:46:45.943root 11241100x8000000000000000423952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64c49c5f99a565e12021-12-21 10:46:45.943root 11241100x8000000000000000423953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c37a96b35ddff2b2021-12-21 10:46:45.944root 11241100x8000000000000000423954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.475a2276c8113b102021-12-21 10:46:45.944root 11241100x8000000000000000423955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f895fbc2c112ada02021-12-21 10:46:45.944root 11241100x8000000000000000423956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eae2da5bfac24012021-12-21 10:46:45.944root 11241100x8000000000000000423957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb6c9d1d52da013e2021-12-21 10:46:45.944root 11241100x8000000000000000423958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e8beebb7820d9f22021-12-21 10:46:45.944root 11241100x8000000000000000423959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.254aa90717edf8c82021-12-21 10:46:45.944root 11241100x8000000000000000423960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a28bc1b925ee8e9f2021-12-21 10:46:45.945root 11241100x8000000000000000423961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233a10f1870976cd2021-12-21 10:46:45.945root 11241100x8000000000000000423962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.716137a40ff5e5502021-12-21 10:46:45.945root 11241100x8000000000000000423963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.551371ee2b9c4ac62021-12-21 10:46:45.945root 11241100x8000000000000000423964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c006359e58fb32b82021-12-21 10:46:45.945root 11241100x8000000000000000423965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c708eedd142b2c5b2021-12-21 10:46:45.945root 11241100x8000000000000000423966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aebc9f2276a9158d2021-12-21 10:46:45.945root 11241100x8000000000000000423967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.735ab13727c2e9f62021-12-21 10:46:45.945root 11241100x8000000000000000423968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b993eab8bc60ebd2021-12-21 10:46:45.945root 11241100x8000000000000000423969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03b236c03b1f518d2021-12-21 10:46:45.945root 11241100x8000000000000000423970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca3d1347da34e1ec2021-12-21 10:46:45.945root 11241100x8000000000000000423971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d36d5c83faff0792021-12-21 10:46:45.946root 11241100x8000000000000000423972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.079f3c16b7c12c522021-12-21 10:46:45.946root 11241100x8000000000000000423973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dfad75effb152532021-12-21 10:46:45.946root 11241100x8000000000000000423974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eacaf1fe95406352021-12-21 10:46:45.946root 11241100x8000000000000000423975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cedb6544cd99dfc72021-12-21 10:46:45.946root 11241100x8000000000000000423976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4d36ab132fc9582021-12-21 10:46:45.946root 11241100x8000000000000000423977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a116fd9526c11b102021-12-21 10:46:45.946root 11241100x8000000000000000423978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.492b21a716f13c842021-12-21 10:46:45.946root 11241100x8000000000000000423979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d14ab1d550c2292021-12-21 10:46:45.946root 11241100x8000000000000000423980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdbb6a4c531aa7442021-12-21 10:46:45.946root 11241100x8000000000000000423981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e8b03d6ea3860002021-12-21 10:46:45.946root 11241100x8000000000000000423982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ddcee8a39811a2c2021-12-21 10:46:45.947root 11241100x8000000000000000423983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbe65cb0e784774b2021-12-21 10:46:45.947root 11241100x8000000000000000423984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de3da603fbd605ae2021-12-21 10:46:45.947root 11241100x8000000000000000423985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa1cc44330e27a502021-12-21 10:46:45.947root 11241100x8000000000000000423986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:45.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92dd2a6389b038542021-12-21 10:46:45.947root 11241100x8000000000000000423987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa178e570d0e2382021-12-21 10:46:46.443root 11241100x8000000000000000423988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae00f343f381c422021-12-21 10:46:46.443root 11241100x8000000000000000423989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d4f1c467453d152021-12-21 10:46:46.443root 11241100x8000000000000000423990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d6bda07ab886bdd2021-12-21 10:46:46.443root 11241100x8000000000000000423991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62f489f4271a98cc2021-12-21 10:46:46.444root 11241100x8000000000000000423992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f884ce0bd33941f2021-12-21 10:46:46.444root 11241100x8000000000000000423993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b43a3b1d4da038082021-12-21 10:46:46.444root 11241100x8000000000000000423994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48180d4ff87a06202021-12-21 10:46:46.444root 11241100x8000000000000000423995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e2971bb9355a6c2021-12-21 10:46:46.444root 11241100x8000000000000000423996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2761eb7ea74558572021-12-21 10:46:46.444root 11241100x8000000000000000423997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b7973c47dfe88e2021-12-21 10:46:46.444root 11241100x8000000000000000423998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f631537e2beb6c812021-12-21 10:46:46.444root 11241100x8000000000000000423999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b536cd1b639a6eda2021-12-21 10:46:46.445root 11241100x8000000000000000424000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b63c06606bce7b2021-12-21 10:46:46.445root 11241100x8000000000000000424001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4370876cd1ae359d2021-12-21 10:46:46.445root 11241100x8000000000000000424002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdfc67240216c6762021-12-21 10:46:46.445root 11241100x8000000000000000424003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b96339ded8ee0f2021-12-21 10:46:46.445root 11241100x8000000000000000424004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b9f03842c4e3a532021-12-21 10:46:46.445root 11241100x8000000000000000424005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177a748781d21d9b2021-12-21 10:46:46.445root 11241100x8000000000000000424006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d4560cd675387d32021-12-21 10:46:46.446root 11241100x8000000000000000424007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cac853f6ee7492b2021-12-21 10:46:46.446root 11241100x8000000000000000424008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b413c2e2f57c6082021-12-21 10:46:46.446root 11241100x8000000000000000424009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccbd473d4f17cbac2021-12-21 10:46:46.446root 11241100x8000000000000000424010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b79ec20a895f13d2021-12-21 10:46:46.446root 11241100x8000000000000000424011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e845fd7707a299ad2021-12-21 10:46:46.446root 11241100x8000000000000000424012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.667793ba1d6c5b8d2021-12-21 10:46:46.446root 11241100x8000000000000000424013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0630a454727b822021-12-21 10:46:46.446root 11241100x8000000000000000424014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1591ee093368989e2021-12-21 10:46:46.447root 11241100x8000000000000000424015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a5bedc72404bc6c2021-12-21 10:46:46.447root 11241100x8000000000000000424016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba18af3057d6a6052021-12-21 10:46:46.447root 11241100x8000000000000000424017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae66f769af0eff332021-12-21 10:46:46.447root 11241100x8000000000000000424018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e7b1af11d9fc552021-12-21 10:46:46.447root 11241100x8000000000000000424019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d691157a83e55cd2021-12-21 10:46:46.447root 11241100x8000000000000000424020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.478ef19527cecfdd2021-12-21 10:46:46.447root 11241100x8000000000000000424021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c4cb5111fabb73e2021-12-21 10:46:46.447root 11241100x8000000000000000424022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a19b9238712537182021-12-21 10:46:46.448root 11241100x8000000000000000424023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b228f16a39c9d7e2021-12-21 10:46:46.943root 11241100x8000000000000000424024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a6daf56ed0e8752021-12-21 10:46:46.943root 11241100x8000000000000000424025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.746cb003a53a30872021-12-21 10:46:46.943root 11241100x8000000000000000424026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e267c872bb95634d2021-12-21 10:46:46.943root 11241100x8000000000000000424027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.821d0da78cf7c66e2021-12-21 10:46:46.944root 11241100x8000000000000000424028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7122265e217f2ee12021-12-21 10:46:46.944root 11241100x8000000000000000424029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf95aaec7b5b2822021-12-21 10:46:46.944root 11241100x8000000000000000424030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4813b7b6319d0e792021-12-21 10:46:46.944root 11241100x8000000000000000424031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d99cf3b79420892021-12-21 10:46:46.944root 11241100x8000000000000000424032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb2ae3f5551847c32021-12-21 10:46:46.944root 11241100x8000000000000000424033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46d769d41747c4262021-12-21 10:46:46.944root 11241100x8000000000000000424034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.389a2c45934649332021-12-21 10:46:46.944root 11241100x8000000000000000424035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21515372435fbcba2021-12-21 10:46:46.944root 11241100x8000000000000000424036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a8fdba40b4616912021-12-21 10:46:46.944root 11241100x8000000000000000424037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd68dedb2a2762752021-12-21 10:46:46.944root 11241100x8000000000000000424038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b5471b9e36733e52021-12-21 10:46:46.945root 11241100x8000000000000000424039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c6128579c36e50d2021-12-21 10:46:46.945root 11241100x8000000000000000424040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c0623f23e5e240f2021-12-21 10:46:46.945root 11241100x8000000000000000424041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbed01559ffaf8f52021-12-21 10:46:46.945root 11241100x8000000000000000424042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e03cbc206d61722021-12-21 10:46:46.945root 11241100x8000000000000000424043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f561fc9b7ecd0782021-12-21 10:46:46.945root 11241100x8000000000000000424044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2abcd872536af3c2021-12-21 10:46:46.945root 11241100x8000000000000000424045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c89dd5c713bc5c872021-12-21 10:46:46.945root 11241100x8000000000000000424046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f84023e683c09c2021-12-21 10:46:46.945root 11241100x8000000000000000424047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da222e83202d998f2021-12-21 10:46:46.945root 11241100x8000000000000000424048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf717f78fe406282021-12-21 10:46:46.945root 11241100x8000000000000000424049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60819da66a5863bf2021-12-21 10:46:46.946root 11241100x8000000000000000424050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e004488f6015eb5b2021-12-21 10:46:46.946root 11241100x8000000000000000424051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7736f4ad2875f7b02021-12-21 10:46:46.946root 11241100x8000000000000000424052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9b6d1795216cbfb2021-12-21 10:46:46.946root 11241100x8000000000000000424053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2094b603f69b8bbb2021-12-21 10:46:46.946root 11241100x8000000000000000424054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8447e8cd51360862021-12-21 10:46:46.946root 11241100x8000000000000000424055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40bfaa873d36ba6d2021-12-21 10:46:46.946root 11241100x8000000000000000424056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb335470ef7c4ecc2021-12-21 10:46:46.946root 354300x8000000000000000424057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.217{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47588-false10.0.1.12-8000- 11241100x8000000000000000424058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82a006c449b1344c2021-12-21 10:46:47.217root 11241100x8000000000000000424059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8bacd13b24196612021-12-21 10:46:47.217root 11241100x8000000000000000424060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a141a2f9c2e6881c2021-12-21 10:46:47.217root 11241100x8000000000000000424061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.163a7947f872a8642021-12-21 10:46:47.218root 11241100x8000000000000000424062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.069ba335eb4a02372021-12-21 10:46:47.218root 11241100x8000000000000000424063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92a392deb30cd4b62021-12-21 10:46:47.218root 11241100x8000000000000000424064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da49d358f7eeb8bc2021-12-21 10:46:47.218root 11241100x8000000000000000424065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee23a48ae3c780d42021-12-21 10:46:47.218root 11241100x8000000000000000424066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9643c519a92ebd2c2021-12-21 10:46:47.218root 11241100x8000000000000000424067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3727a8b7499e7902021-12-21 10:46:47.218root 11241100x8000000000000000424068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1d272a2314cd82c2021-12-21 10:46:47.218root 11241100x8000000000000000424069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8ee329217a4017f2021-12-21 10:46:47.218root 11241100x8000000000000000424070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e85e78e53632632021-12-21 10:46:47.218root 11241100x8000000000000000424071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b8f7effca049a22021-12-21 10:46:47.218root 11241100x8000000000000000424072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4ad41736356358b2021-12-21 10:46:47.219root 11241100x8000000000000000424073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb9cee30228ef9d2021-12-21 10:46:47.219root 11241100x8000000000000000424074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba71a98ce12f1da12021-12-21 10:46:47.219root 11241100x8000000000000000424075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bfa954fcdc4629a2021-12-21 10:46:47.219root 11241100x8000000000000000424076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7565721bdaa7fa722021-12-21 10:46:47.219root 11241100x8000000000000000424077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cd0e74cf374cd002021-12-21 10:46:47.219root 11241100x8000000000000000424078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b93b6dcc687a8be22021-12-21 10:46:47.219root 11241100x8000000000000000424079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a377f515e61284472021-12-21 10:46:47.219root 11241100x8000000000000000424080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86153a9c4ab6346b2021-12-21 10:46:47.219root 11241100x8000000000000000424081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.421a615c599762cf2021-12-21 10:46:47.219root 11241100x8000000000000000424082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecfacde3c5949e6f2021-12-21 10:46:47.219root 11241100x8000000000000000424083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad2e02d42d4b43d2021-12-21 10:46:47.220root 11241100x8000000000000000424084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44239267d5e9bc9a2021-12-21 10:46:47.220root 11241100x8000000000000000424085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc895f981364b882021-12-21 10:46:47.220root 11241100x8000000000000000424086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e0eab3211385b7a2021-12-21 10:46:47.220root 11241100x8000000000000000424087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78294f747106d1b12021-12-21 10:46:47.220root 11241100x8000000000000000424088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c79fb151342a982021-12-21 10:46:47.220root 11241100x8000000000000000424089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b78c9cc9bdc5b9e12021-12-21 10:46:47.220root 11241100x8000000000000000424090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44fcfccff2d2c12d2021-12-21 10:46:47.220root 11241100x8000000000000000424091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.579b8ca7634ef24d2021-12-21 10:46:47.221root 11241100x8000000000000000424092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6eae0c81aaca7b62021-12-21 10:46:47.221root 11241100x8000000000000000424093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.719c5512631ef4882021-12-21 10:46:47.221root 11241100x8000000000000000424094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d096b3dbceb9269c2021-12-21 10:46:47.221root 11241100x8000000000000000424095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50bdcf683d8bfcc12021-12-21 10:46:47.221root 11241100x8000000000000000424096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a2d67ed82bb330f2021-12-21 10:46:47.221root 11241100x8000000000000000424097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f69d2ec20e5e292021-12-21 10:46:47.221root 11241100x8000000000000000424098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c7a51be6df2dbd72021-12-21 10:46:47.221root 11241100x8000000000000000424099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f9953f2885f8862021-12-21 10:46:47.221root 11241100x8000000000000000424100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc7915e4de16cf912021-12-21 10:46:47.221root 11241100x8000000000000000424101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ae43b03966f1252021-12-21 10:46:47.222root 11241100x8000000000000000424102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1fdcbd6f06bca7a2021-12-21 10:46:47.222root 11241100x8000000000000000424103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9b1f26e6204b2662021-12-21 10:46:47.222root 11241100x8000000000000000424104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0848d1e0909900332021-12-21 10:46:47.693root 11241100x8000000000000000424105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb96fafdca932e7b2021-12-21 10:46:47.693root 11241100x8000000000000000424106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8aff2aa999b51552021-12-21 10:46:47.693root 11241100x8000000000000000424107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.172c93a68fc5e8152021-12-21 10:46:47.693root 11241100x8000000000000000424108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc95c3d88b665f572021-12-21 10:46:47.693root 11241100x8000000000000000424109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec844ea5c31a23d2021-12-21 10:46:47.693root 11241100x8000000000000000424110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a4a8c941051fe22021-12-21 10:46:47.694root 11241100x8000000000000000424111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e4ba71ee8c4fab2021-12-21 10:46:47.694root 11241100x8000000000000000424112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1f37f7c6dcd59d22021-12-21 10:46:47.694root 11241100x8000000000000000424113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a887000f1063d212021-12-21 10:46:47.694root 11241100x8000000000000000424114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.940751ef1f0303862021-12-21 10:46:47.694root 11241100x8000000000000000424115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7316f38857c99c792021-12-21 10:46:47.694root 11241100x8000000000000000424116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a30ea22c1a394102021-12-21 10:46:47.694root 11241100x8000000000000000424117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a8b1f969045b1f72021-12-21 10:46:47.694root 11241100x8000000000000000424118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c3f1674be9a3ddc2021-12-21 10:46:47.694root 11241100x8000000000000000424119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b57579bccc642e9c2021-12-21 10:46:47.694root 11241100x8000000000000000424120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ef873aab78fae322021-12-21 10:46:47.694root 11241100x8000000000000000424121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4904f8b1d72ff02021-12-21 10:46:47.694root 11241100x8000000000000000424122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aea54ca1806b60f2021-12-21 10:46:47.694root 11241100x8000000000000000424123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70309cb04437396b2021-12-21 10:46:47.694root 11241100x8000000000000000424124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.528c302ba684318d2021-12-21 10:46:47.694root 11241100x8000000000000000424125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f98639f52f7b442021-12-21 10:46:47.695root 11241100x8000000000000000424126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fce4faf04d511082021-12-21 10:46:47.695root 11241100x8000000000000000424127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c37b35802124e62021-12-21 10:46:47.695root 11241100x8000000000000000424128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35cf9cfce0f4f9522021-12-21 10:46:47.695root 11241100x8000000000000000424129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5bd885c83b228a02021-12-21 10:46:47.695root 11241100x8000000000000000424130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.229d5005806a7a232021-12-21 10:46:47.695root 11241100x8000000000000000424131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2511b4ba2e2f11a92021-12-21 10:46:47.695root 11241100x8000000000000000424132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ec1d05877bfec222021-12-21 10:46:47.695root 11241100x8000000000000000424133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96ebb227ca392cff2021-12-21 10:46:47.695root 11241100x8000000000000000424134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.317496ca822351932021-12-21 10:46:47.695root 11241100x8000000000000000424135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d02fba0cf0e9fb802021-12-21 10:46:47.695root 11241100x8000000000000000424136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a769abc5c745469b2021-12-21 10:46:47.695root 11241100x8000000000000000424137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3656c1805a00f132021-12-21 10:46:47.695root 11241100x8000000000000000424138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.821e313ba65f22442021-12-21 10:46:47.695root 11241100x8000000000000000424139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df053a2af42a1922021-12-21 10:46:48.192root 11241100x8000000000000000424140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3033da10dc85afc2021-12-21 10:46:48.193root 11241100x8000000000000000424141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc6603d5b6c99292021-12-21 10:46:48.193root 11241100x8000000000000000424142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0250422794535a452021-12-21 10:46:48.193root 11241100x8000000000000000424143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91f2f64776ff02472021-12-21 10:46:48.193root 11241100x8000000000000000424144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a06f1e0efd23ec702021-12-21 10:46:48.193root 11241100x8000000000000000424145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beb83d4c39ce44c42021-12-21 10:46:48.193root 11241100x8000000000000000424146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a5eca3a4d6f4bf42021-12-21 10:46:48.193root 11241100x8000000000000000424147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63cfef4d5fb2d5a42021-12-21 10:46:48.193root 11241100x8000000000000000424148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7f23d2e71e43feb2021-12-21 10:46:48.193root 11241100x8000000000000000424149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a1344c16dc2d572021-12-21 10:46:48.194root 11241100x8000000000000000424150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c55459a98f0d07052021-12-21 10:46:48.194root 11241100x8000000000000000424151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4ad495ce8e6a1082021-12-21 10:46:48.194root 11241100x8000000000000000424152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1512613becbefe282021-12-21 10:46:48.194root 11241100x8000000000000000424153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c3ff50e37742fc2021-12-21 10:46:48.194root 11241100x8000000000000000424154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c27e400353ca4052021-12-21 10:46:48.194root 11241100x8000000000000000424155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cbe2719d0fa1f852021-12-21 10:46:48.194root 11241100x8000000000000000424156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c51d84d2e474fa92021-12-21 10:46:48.194root 11241100x8000000000000000424157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.072d4474298ba4622021-12-21 10:46:48.194root 11241100x8000000000000000424158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d59da7eaf465922021-12-21 10:46:48.194root 11241100x8000000000000000424159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.641669066efe576b2021-12-21 10:46:48.194root 11241100x8000000000000000424160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f06dfe5b6280138b2021-12-21 10:46:48.195root 11241100x8000000000000000424161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b980315db1a9a5b52021-12-21 10:46:48.195root 11241100x8000000000000000424162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae41cdcd3db86d192021-12-21 10:46:48.195root 11241100x8000000000000000424163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5b7102379d0f02b2021-12-21 10:46:48.195root 11241100x8000000000000000424164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0971e796817d9c52021-12-21 10:46:48.195root 11241100x8000000000000000424165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0a1be709af35ced2021-12-21 10:46:48.195root 11241100x8000000000000000424166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88210599bc8d613d2021-12-21 10:46:48.195root 11241100x8000000000000000424167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b70493befde81de12021-12-21 10:46:48.195root 11241100x8000000000000000424168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7782efc27b32151d2021-12-21 10:46:48.195root 11241100x8000000000000000424169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64aa65a06d5118e82021-12-21 10:46:48.195root 11241100x8000000000000000424170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.422b53a5e57ef4f52021-12-21 10:46:48.195root 11241100x8000000000000000424171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b263706286a5ebb52021-12-21 10:46:48.195root 11241100x8000000000000000424172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec6b04db90ed2e8a2021-12-21 10:46:48.196root 11241100x8000000000000000424173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb426b6ec337f60f2021-12-21 10:46:48.196root 11241100x8000000000000000424174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6d2d998835844be2021-12-21 10:46:48.196root 11241100x8000000000000000424175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a701c4f836dc7562021-12-21 10:46:48.196root 11241100x8000000000000000424176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b462492a6f2704a2021-12-21 10:46:48.693root 11241100x8000000000000000424177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d63d55eb63e8edd2021-12-21 10:46:48.693root 11241100x8000000000000000424178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef16edf451be6c642021-12-21 10:46:48.693root 11241100x8000000000000000424179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78cb5a563ac9b7f02021-12-21 10:46:48.693root 11241100x8000000000000000424180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a69af393b697d6232021-12-21 10:46:48.694root 11241100x8000000000000000424181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecb83b8dc996b62a2021-12-21 10:46:48.694root 11241100x8000000000000000424182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c406f48b44ce992021-12-21 10:46:48.694root 11241100x8000000000000000424183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d968c3eda36d713a2021-12-21 10:46:48.694root 11241100x8000000000000000424184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd60a625d3f291cd2021-12-21 10:46:48.694root 11241100x8000000000000000424185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de342b1205274ca72021-12-21 10:46:48.694root 11241100x8000000000000000424186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aabae6488a0c8ce2021-12-21 10:46:48.694root 11241100x8000000000000000424187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2956f70d95d91fda2021-12-21 10:46:48.694root 11241100x8000000000000000424188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa6fdc4c528638dd2021-12-21 10:46:48.694root 11241100x8000000000000000424189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.214ee46a8a2619022021-12-21 10:46:48.694root 11241100x8000000000000000424190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab366e4540b059ff2021-12-21 10:46:48.694root 11241100x8000000000000000424191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4d0552a5aab6632021-12-21 10:46:48.695root 11241100x8000000000000000424192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c03d27b4abccc90e2021-12-21 10:46:48.695root 11241100x8000000000000000424193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bfe727efda538722021-12-21 10:46:48.695root 11241100x8000000000000000424194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10589dc07cc698c62021-12-21 10:46:48.695root 11241100x8000000000000000424195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f20914dd01011b2021-12-21 10:46:48.695root 11241100x8000000000000000424196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69f44c25f812ab62021-12-21 10:46:48.695root 11241100x8000000000000000424197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba73d3da809474f2021-12-21 10:46:48.695root 11241100x8000000000000000424198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651d1100082387742021-12-21 10:46:48.695root 11241100x8000000000000000424199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e5208d035df007d2021-12-21 10:46:48.695root 11241100x8000000000000000424200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71944974a0a7259a2021-12-21 10:46:48.695root 11241100x8000000000000000424201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f663eb066b6ead2021-12-21 10:46:48.695root 11241100x8000000000000000424202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f7dba66fe038de32021-12-21 10:46:48.695root 11241100x8000000000000000424203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb2dd2b012a029972021-12-21 10:46:48.695root 11241100x8000000000000000424204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b9a44a444e3766c2021-12-21 10:46:48.696root 11241100x8000000000000000424205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7562f49f949ffa1d2021-12-21 10:46:48.696root 11241100x8000000000000000424206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc9ef46ccf76205d2021-12-21 10:46:48.696root 11241100x8000000000000000424207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527867f42da8cdd92021-12-21 10:46:48.696root 11241100x8000000000000000424208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39c9570713b18ae32021-12-21 10:46:48.696root 11241100x8000000000000000424209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52788adde40b9dd52021-12-21 10:46:48.696root 11241100x8000000000000000424210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bc1ae881e1c59c12021-12-21 10:46:48.696root 11241100x8000000000000000424211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d8b9f8a100979b02021-12-21 10:46:49.193root 11241100x8000000000000000424212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57fdbb7ba155e2fe2021-12-21 10:46:49.193root 11241100x8000000000000000424213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb7a8ec7a5953ea2021-12-21 10:46:49.193root 11241100x8000000000000000424214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22153765da4403722021-12-21 10:46:49.193root 11241100x8000000000000000424215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7144e8acc0c6f2952021-12-21 10:46:49.193root 11241100x8000000000000000424216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f8c93a9d9998f042021-12-21 10:46:49.193root 11241100x8000000000000000424217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d0c5c7c7a41af492021-12-21 10:46:49.193root 11241100x8000000000000000424218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400c88519f15340c2021-12-21 10:46:49.193root 11241100x8000000000000000424219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db8a7ae4e616aff82021-12-21 10:46:49.194root 11241100x8000000000000000424220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d020d254f940c532021-12-21 10:46:49.194root 11241100x8000000000000000424221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eddf2a174d6deee12021-12-21 10:46:49.194root 11241100x8000000000000000424222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f8fbf11362188fd2021-12-21 10:46:49.194root 11241100x8000000000000000424223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1aa16fdbbf42d32021-12-21 10:46:49.194root 11241100x8000000000000000424224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a18a0cea8ec2d822021-12-21 10:46:49.194root 11241100x8000000000000000424225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97177d80b1ac59a02021-12-21 10:46:49.194root 11241100x8000000000000000424226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df673081fca696f2021-12-21 10:46:49.194root 11241100x8000000000000000424227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0411f4e7a627ec52021-12-21 10:46:49.194root 11241100x8000000000000000424228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56c5c75cb25c39462021-12-21 10:46:49.194root 11241100x8000000000000000424229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f00119041d3ef7942021-12-21 10:46:49.195root 11241100x8000000000000000424230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5342a213625344df2021-12-21 10:46:49.195root 11241100x8000000000000000424231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b2b83f2217c9c162021-12-21 10:46:49.195root 11241100x8000000000000000424232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e252a69093fda382021-12-21 10:46:49.195root 11241100x8000000000000000424233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b2708d2420d714b2021-12-21 10:46:49.195root 11241100x8000000000000000424234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dafa082db9b113692021-12-21 10:46:49.195root 11241100x8000000000000000424235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.557b3906c1c7b2462021-12-21 10:46:49.195root 11241100x8000000000000000424236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d960508856bee2902021-12-21 10:46:49.195root 11241100x8000000000000000424237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c11d8d79a8eba02021-12-21 10:46:49.195root 11241100x8000000000000000424238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e3aeaf343e5af72021-12-21 10:46:49.196root 11241100x8000000000000000424239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e9206ca7223b6672021-12-21 10:46:49.196root 11241100x8000000000000000424240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee75c01d7dc45a362021-12-21 10:46:49.196root 11241100x8000000000000000424241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c8c24bbce3ba352021-12-21 10:46:49.196root 11241100x8000000000000000424242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa8e5fb1906455822021-12-21 10:46:49.196root 11241100x8000000000000000424243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a7f47356a81c74c2021-12-21 10:46:49.196root 11241100x8000000000000000424244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e6ca2ec5f67544a2021-12-21 10:46:49.196root 11241100x8000000000000000424245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5940c357b5a5e762021-12-21 10:46:49.196root 11241100x8000000000000000424246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46ad14ba16cbdb72021-12-21 10:46:49.196root 11241100x8000000000000000424247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.729771fd99bd48b12021-12-21 10:46:49.196root 11241100x8000000000000000424248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85faf156a95d0cb82021-12-21 10:46:49.197root 11241100x8000000000000000424249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dadae8df265e78f2021-12-21 10:46:49.197root 11241100x8000000000000000424250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baea7e0de4e55ef02021-12-21 10:46:49.197root 11241100x8000000000000000424251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82269beef1d46feb2021-12-21 10:46:49.693root 11241100x8000000000000000424252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf0874c295963892021-12-21 10:46:49.693root 11241100x8000000000000000424253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.977486c69e4f5fc42021-12-21 10:46:49.693root 11241100x8000000000000000424254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28047b53598ac6e12021-12-21 10:46:49.693root 11241100x8000000000000000424255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fed798b022addf6f2021-12-21 10:46:49.694root 11241100x8000000000000000424256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed6e761ad07ae1582021-12-21 10:46:49.694root 11241100x8000000000000000424257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62853575070e01272021-12-21 10:46:49.694root 11241100x8000000000000000424258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beea28072e48db7a2021-12-21 10:46:49.694root 11241100x8000000000000000424259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68e85178f6db09e62021-12-21 10:46:49.694root 11241100x8000000000000000424260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ca0791529c63a82021-12-21 10:46:49.694root 11241100x8000000000000000424261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50046aa1a5ff04792021-12-21 10:46:49.694root 11241100x8000000000000000424262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.579d2ea8f4cd4d072021-12-21 10:46:49.694root 11241100x8000000000000000424263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aaa20402255ea362021-12-21 10:46:49.694root 11241100x8000000000000000424264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1cac51ebde7b6f22021-12-21 10:46:49.694root 11241100x8000000000000000424265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce847a5b6579fbf62021-12-21 10:46:49.694root 11241100x8000000000000000424266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.873ca0dd41fd717c2021-12-21 10:46:49.695root 11241100x8000000000000000424267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c29bcde7fc19d522021-12-21 10:46:49.695root 11241100x8000000000000000424268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b0222395b230dcb2021-12-21 10:46:49.695root 11241100x8000000000000000424269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d9a2b46b5719052021-12-21 10:46:49.695root 11241100x8000000000000000424270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02fd9ebdbeead0bd2021-12-21 10:46:49.695root 11241100x8000000000000000424271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38b04eeac83bbb722021-12-21 10:46:49.695root 11241100x8000000000000000424272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b414922f440257ce2021-12-21 10:46:49.695root 11241100x8000000000000000424273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da2ba2a16b1673cf2021-12-21 10:46:49.695root 11241100x8000000000000000424274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c1bae0150307cb2021-12-21 10:46:49.695root 11241100x8000000000000000424275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd481765836f0dc62021-12-21 10:46:49.695root 11241100x8000000000000000424276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e4a91e2e3efb412021-12-21 10:46:49.696root 11241100x8000000000000000424277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.598da62eb6b2fccf2021-12-21 10:46:49.696root 11241100x8000000000000000424278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84de217a9a6c9abd2021-12-21 10:46:49.696root 11241100x8000000000000000424279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf2d020cb80b21b2021-12-21 10:46:49.696root 11241100x8000000000000000424280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c4db52d35a02e942021-12-21 10:46:49.696root 11241100x8000000000000000424281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.add8c0de55fdf2112021-12-21 10:46:49.696root 11241100x8000000000000000424282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd981f5534a3e2672021-12-21 10:46:49.696root 11241100x8000000000000000424283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffbd0ebff82d584d2021-12-21 10:46:49.696root 11241100x8000000000000000424284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e192525374baf00d2021-12-21 10:46:49.696root 11241100x8000000000000000424285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b65106728c0a71e2021-12-21 10:46:49.696root 11241100x8000000000000000424286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f413afc85cb2b72021-12-21 10:46:50.193root 11241100x8000000000000000424287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da28cc1d80b34db52021-12-21 10:46:50.193root 11241100x8000000000000000424288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02713e361da4213c2021-12-21 10:46:50.193root 11241100x8000000000000000424289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b15510948541e0e2021-12-21 10:46:50.193root 11241100x8000000000000000424290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7148fe6a79c0cf8d2021-12-21 10:46:50.193root 11241100x8000000000000000424291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.020979e226a4e33e2021-12-21 10:46:50.193root 11241100x8000000000000000424292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.393d27be928fe6dc2021-12-21 10:46:50.193root 11241100x8000000000000000424293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df69268e3b95fb3c2021-12-21 10:46:50.193root 11241100x8000000000000000424294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d89346d587c5d57c2021-12-21 10:46:50.193root 11241100x8000000000000000424295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ddadec31bcff4d52021-12-21 10:46:50.194root 11241100x8000000000000000424296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa7017fa54101f62021-12-21 10:46:50.194root 11241100x8000000000000000424297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eac6a6c15e6a2cb2021-12-21 10:46:50.194root 11241100x8000000000000000424298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9425645b240f992021-12-21 10:46:50.194root 11241100x8000000000000000424299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a0ee3dcd67324c2021-12-21 10:46:50.194root 11241100x8000000000000000424300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b26e1593bd8ac662021-12-21 10:46:50.194root 11241100x8000000000000000424301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba76b763af663e5a2021-12-21 10:46:50.194root 11241100x8000000000000000424302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059c6e926200eb962021-12-21 10:46:50.194root 11241100x8000000000000000424303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.537bf3f7d0a56b7d2021-12-21 10:46:50.194root 11241100x8000000000000000424304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f6ab5fa6c659402021-12-21 10:46:50.194root 11241100x8000000000000000424305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6688108b9e676bd32021-12-21 10:46:50.194root 11241100x8000000000000000424306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b413df924474c0a22021-12-21 10:46:50.195root 11241100x8000000000000000424307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b3b9eac7580eac2021-12-21 10:46:50.195root 11241100x8000000000000000424308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b68221e53490f6722021-12-21 10:46:50.195root 11241100x8000000000000000424309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abccd10c49e561612021-12-21 10:46:50.195root 11241100x8000000000000000424310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.993bbab92f8ebb102021-12-21 10:46:50.195root 11241100x8000000000000000424311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37788055b8515992021-12-21 10:46:50.195root 11241100x8000000000000000424312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8da07ba33aa57202021-12-21 10:46:50.195root 11241100x8000000000000000424313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f6e970d32dbbdd2021-12-21 10:46:50.196root 11241100x8000000000000000424314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db9613f348f9e892021-12-21 10:46:50.196root 11241100x8000000000000000424315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c17742f5bd705542021-12-21 10:46:50.196root 11241100x8000000000000000424316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.510b918ff369a9572021-12-21 10:46:50.196root 11241100x8000000000000000424317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9882f93061c40ef32021-12-21 10:46:50.196root 11241100x8000000000000000424318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.894ac205732df8512021-12-21 10:46:50.196root 11241100x8000000000000000424319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e1cfc9eff1a5cb2021-12-21 10:46:50.196root 11241100x8000000000000000424320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ce074b5028ad4a2021-12-21 10:46:50.196root 11241100x8000000000000000424321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a55b9fa4474ad34b2021-12-21 10:46:50.196root 11241100x8000000000000000424322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ade9e483cbe544022021-12-21 10:46:50.196root 11241100x8000000000000000424323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534bd7a5b4a392082021-12-21 10:46:50.197root 11241100x8000000000000000424324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8892694cbdba3f2a2021-12-21 10:46:50.197root 11241100x8000000000000000424325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac531541d2f5fc42021-12-21 10:46:50.693root 11241100x8000000000000000424326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5029eb25291d46fd2021-12-21 10:46:50.693root 11241100x8000000000000000424327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a31cfc07916df72021-12-21 10:46:50.693root 11241100x8000000000000000424328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8cf3991e4accca32021-12-21 10:46:50.693root 11241100x8000000000000000424329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb9329e142cc3762021-12-21 10:46:50.694root 11241100x8000000000000000424330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc6b8de9a2b9a812021-12-21 10:46:50.694root 11241100x8000000000000000424331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0deec0464075fc212021-12-21 10:46:50.694root 11241100x8000000000000000424332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410fa244d34205082021-12-21 10:46:50.694root 11241100x8000000000000000424333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2b2619e1d88f3622021-12-21 10:46:50.694root 11241100x8000000000000000424334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea739932a5b34c802021-12-21 10:46:50.695root 11241100x8000000000000000424335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e266c0e70efe53d02021-12-21 10:46:50.695root 11241100x8000000000000000424336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c499b0a0987e0b272021-12-21 10:46:50.695root 11241100x8000000000000000424337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f3daf205c8cae512021-12-21 10:46:50.695root 11241100x8000000000000000424338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39eb2e355641cc842021-12-21 10:46:50.695root 11241100x8000000000000000424339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58cbb65a8d53e45a2021-12-21 10:46:50.695root 11241100x8000000000000000424340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc35c17185256f582021-12-21 10:46:50.695root 11241100x8000000000000000424341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7cc7e6bfa165ca92021-12-21 10:46:50.695root 11241100x8000000000000000424342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8583f62e42a367872021-12-21 10:46:50.695root 11241100x8000000000000000424343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8737ddcc895bd292021-12-21 10:46:50.695root 11241100x8000000000000000424344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e55ca6d8a565d3782021-12-21 10:46:50.695root 11241100x8000000000000000424345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d981502d82992222021-12-21 10:46:50.695root 11241100x8000000000000000424346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fad3648b73afba7b2021-12-21 10:46:50.696root 11241100x8000000000000000424347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b53999e2ee910cd72021-12-21 10:46:50.696root 11241100x8000000000000000424348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe6f2fca02828242021-12-21 10:46:50.696root 11241100x8000000000000000424349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0668019e73bba6d72021-12-21 10:46:50.696root 11241100x8000000000000000424350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b908770c26cb892021-12-21 10:46:50.696root 11241100x8000000000000000424351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a7ee304a246ab732021-12-21 10:46:50.696root 11241100x8000000000000000424352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29820f792e87ed352021-12-21 10:46:50.696root 11241100x8000000000000000424353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be86442440bba0b2021-12-21 10:46:50.696root 11241100x8000000000000000424354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b3d61769c62fd6f2021-12-21 10:46:50.696root 11241100x8000000000000000424355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.750f17fdb662a66d2021-12-21 10:46:50.696root 11241100x8000000000000000424356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b03a3f3bfda5ea9e2021-12-21 10:46:50.696root 11241100x8000000000000000424357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89568344038e2b2e2021-12-21 10:46:50.696root 11241100x8000000000000000424358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a0e8630a071811a2021-12-21 10:46:50.696root 11241100x8000000000000000424359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e0a23c99c280ce2021-12-21 10:46:50.696root 11241100x8000000000000000424360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2967a9f3f1d79fc92021-12-21 10:46:50.696root 11241100x8000000000000000424361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ff0706c84302ae12021-12-21 10:46:50.696root 11241100x8000000000000000424362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca10df3f04f5fb742021-12-21 10:46:51.193root 11241100x8000000000000000424363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d4dcc788aa347982021-12-21 10:46:51.193root 11241100x8000000000000000424364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.814d0278c59bf9522021-12-21 10:46:51.193root 11241100x8000000000000000424365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b752ba08440678982021-12-21 10:46:51.194root 11241100x8000000000000000424366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78db78fdfb5630e42021-12-21 10:46:51.194root 11241100x8000000000000000424367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f722d0c90c57ec1b2021-12-21 10:46:51.194root 11241100x8000000000000000424368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c49431a805a49add2021-12-21 10:46:51.194root 11241100x8000000000000000424369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.742ffbd9fced22142021-12-21 10:46:51.194root 11241100x8000000000000000424370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24865cd09150bc742021-12-21 10:46:51.194root 11241100x8000000000000000424371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4ff01b3911cf512021-12-21 10:46:51.194root 11241100x8000000000000000424372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.099954b16845bbc82021-12-21 10:46:51.194root 11241100x8000000000000000424373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc71b35fee969a2e2021-12-21 10:46:51.195root 11241100x8000000000000000424374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b11f144ef6e0057e2021-12-21 10:46:51.195root 11241100x8000000000000000424375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.317043a822ebfbcf2021-12-21 10:46:51.195root 11241100x8000000000000000424376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e79c79cb944c7c32021-12-21 10:46:51.195root 11241100x8000000000000000424377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbf1679d7e37e89a2021-12-21 10:46:51.195root 11241100x8000000000000000424378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e972f7bce6b5ba82021-12-21 10:46:51.195root 11241100x8000000000000000424379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a43cbca26b7b25962021-12-21 10:46:51.195root 11241100x8000000000000000424380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d69b0dca4cad79b92021-12-21 10:46:51.195root 11241100x8000000000000000424381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.441d4db596fde90f2021-12-21 10:46:51.195root 11241100x8000000000000000424382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d16bf347e3d4db842021-12-21 10:46:51.195root 11241100x8000000000000000424383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7602d0823cb45a532021-12-21 10:46:51.195root 11241100x8000000000000000424384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a18cf96c21f0aa2021-12-21 10:46:51.195root 11241100x8000000000000000424385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c67b3d996b5bd2b32021-12-21 10:46:51.195root 11241100x8000000000000000424386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cef0e0b76b482742021-12-21 10:46:51.195root 11241100x8000000000000000424387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca4ee7dd89e68b22021-12-21 10:46:51.195root 11241100x8000000000000000424388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b47a7aff57166eb2021-12-21 10:46:51.195root 11241100x8000000000000000424389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28b7601ce21d7d52021-12-21 10:46:51.196root 11241100x8000000000000000424390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a83a48a224892082021-12-21 10:46:51.196root 11241100x8000000000000000424391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0773743b86b51e52021-12-21 10:46:51.196root 11241100x8000000000000000424392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f0fa671fd97c6f2021-12-21 10:46:51.196root 11241100x8000000000000000424393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b660dad34b445932021-12-21 10:46:51.196root 11241100x8000000000000000424394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19121e143af750fb2021-12-21 10:46:51.196root 11241100x8000000000000000424395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb98a8d75981a9db2021-12-21 10:46:51.196root 11241100x8000000000000000424396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d64e7b5819195962021-12-21 10:46:51.196root 11241100x8000000000000000424397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57f678b0d0abf4f12021-12-21 10:46:51.196root 11241100x8000000000000000424398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c54c52b294934cc12021-12-21 10:46:51.196root 11241100x8000000000000000424399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a4d0f8bed545792021-12-21 10:46:51.196root 11241100x8000000000000000424400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4898292b738429cd2021-12-21 10:46:51.196root 11241100x8000000000000000424401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3fe6fe106e7eb282021-12-21 10:46:51.196root 11241100x8000000000000000424402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3977ab69ede9f2de2021-12-21 10:46:51.197root 11241100x8000000000000000424403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aeae4c0e09700062021-12-21 10:46:51.197root 11241100x8000000000000000424404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00998680e036955b2021-12-21 10:46:51.197root 11241100x8000000000000000424405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe95faaf13be7752021-12-21 10:46:51.197root 11241100x8000000000000000424406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d53bd03371c4792021-12-21 10:46:51.694root 11241100x8000000000000000424407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5387f8436e50b512021-12-21 10:46:51.694root 11241100x8000000000000000424408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c8e6cda84c0cb72021-12-21 10:46:51.694root 11241100x8000000000000000424409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c03496f0ecc1d52021-12-21 10:46:51.694root 11241100x8000000000000000424410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ea57b8c3c0df8dd2021-12-21 10:46:51.694root 11241100x8000000000000000424411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5615bfd95aefe95a2021-12-21 10:46:51.694root 11241100x8000000000000000424412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7927b3ae6beddefd2021-12-21 10:46:51.694root 11241100x8000000000000000424413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1ad222544f082ad2021-12-21 10:46:51.694root 11241100x8000000000000000424414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99fac14e738670342021-12-21 10:46:51.694root 11241100x8000000000000000424415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7021a80a9a71d392021-12-21 10:46:51.695root 11241100x8000000000000000424416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eecc850fdbc2f5d32021-12-21 10:46:51.695root 11241100x8000000000000000424417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0096e3074f4879a2021-12-21 10:46:51.695root 11241100x8000000000000000424418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84cb34b0c84e4eed2021-12-21 10:46:51.695root 11241100x8000000000000000424419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c181c5b19b6023f62021-12-21 10:46:51.695root 11241100x8000000000000000424420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea98ceb3513b6042021-12-21 10:46:51.695root 11241100x8000000000000000424421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaa06ba7ae9e817b2021-12-21 10:46:51.695root 11241100x8000000000000000424422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e56e2756442d8b2021-12-21 10:46:51.695root 11241100x8000000000000000424423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acc7f5e2d4b1aed82021-12-21 10:46:51.695root 11241100x8000000000000000424424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7901a5318e2440842021-12-21 10:46:51.695root 11241100x8000000000000000424425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990b8aa3a44bf04d2021-12-21 10:46:51.695root 11241100x8000000000000000424426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd863514e72340222021-12-21 10:46:51.695root 11241100x8000000000000000424427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a2e03f326568a62021-12-21 10:46:51.696root 11241100x8000000000000000424428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95349747e43d29652021-12-21 10:46:51.696root 11241100x8000000000000000424429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.191bd590068c5dac2021-12-21 10:46:51.696root 11241100x8000000000000000424430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05be9dd6111738922021-12-21 10:46:51.696root 11241100x8000000000000000424431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64f09f04070417c02021-12-21 10:46:51.696root 11241100x8000000000000000424432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c0a00899adf1072021-12-21 10:46:51.696root 11241100x8000000000000000424433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a38781100b6f323d2021-12-21 10:46:51.696root 11241100x8000000000000000424434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b5033c0940169a2021-12-21 10:46:51.696root 11241100x8000000000000000424435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9a30a32e2df9e2c2021-12-21 10:46:51.696root 11241100x8000000000000000424436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f6cd4d778b5ad82021-12-21 10:46:51.696root 11241100x8000000000000000424437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a47337b2c1624b752021-12-21 10:46:51.696root 11241100x8000000000000000424438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987a49ac5a4df0512021-12-21 10:46:51.696root 11241100x8000000000000000424439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:51.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a0013c49c9d41d2021-12-21 10:46:51.697root 11241100x8000000000000000424440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d78adde06315822021-12-21 10:46:52.193root 11241100x8000000000000000424441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428f8e0c3e2216112021-12-21 10:46:52.193root 11241100x8000000000000000424442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.202adb0fbc9187392021-12-21 10:46:52.194root 11241100x8000000000000000424443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e96e61fc1f0c392021-12-21 10:46:52.194root 11241100x8000000000000000424444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f3383328a32ef1e2021-12-21 10:46:52.194root 11241100x8000000000000000424445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec22584b4c354ff2021-12-21 10:46:52.194root 11241100x8000000000000000424446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.692c58a3b0d690cf2021-12-21 10:46:52.194root 11241100x8000000000000000424447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49e500235ec17f732021-12-21 10:46:52.194root 11241100x8000000000000000424448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.905b1da84a4782dd2021-12-21 10:46:52.194root 11241100x8000000000000000424449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e14960db52813a52021-12-21 10:46:52.194root 11241100x8000000000000000424450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.563e00bad2ad294e2021-12-21 10:46:52.194root 11241100x8000000000000000424451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24f350ede49773022021-12-21 10:46:52.194root 11241100x8000000000000000424452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27cc2ccacbbd0e212021-12-21 10:46:52.194root 11241100x8000000000000000424453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd198581d165a572021-12-21 10:46:52.194root 11241100x8000000000000000424454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0124f2b162811062021-12-21 10:46:52.194root 11241100x8000000000000000424455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd4602a4e541193e2021-12-21 10:46:52.194root 11241100x8000000000000000424456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7f8f4415a051882021-12-21 10:46:52.194root 11241100x8000000000000000424457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec8fc2a983b451fa2021-12-21 10:46:52.195root 11241100x8000000000000000424458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aea2e2190c6e72b2021-12-21 10:46:52.195root 11241100x8000000000000000424459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e75f196e1a1c83c12021-12-21 10:46:52.195root 11241100x8000000000000000424460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29c939635493e33b2021-12-21 10:46:52.195root 11241100x8000000000000000424461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.110ea3f03e97910b2021-12-21 10:46:52.195root 11241100x8000000000000000424462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe5dd8d6c1ebe17a2021-12-21 10:46:52.195root 11241100x8000000000000000424463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0418eaaf11a90da52021-12-21 10:46:52.195root 11241100x8000000000000000424464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.803cb4453b60fcf12021-12-21 10:46:52.195root 11241100x8000000000000000424465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f383bd9aebe4d2f2021-12-21 10:46:52.195root 11241100x8000000000000000424466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f5945352651d8c2021-12-21 10:46:52.196root 11241100x8000000000000000424467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae0db3118c23734e2021-12-21 10:46:52.196root 11241100x8000000000000000424468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ff62d70922efe42021-12-21 10:46:52.196root 11241100x8000000000000000424469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f5abdf1cf080ec12021-12-21 10:46:52.196root 11241100x8000000000000000424470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c04150a218b9d42021-12-21 10:46:52.196root 11241100x8000000000000000424471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec28686583f59c52021-12-21 10:46:52.196root 11241100x8000000000000000424472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28ac0c9e072570a42021-12-21 10:46:52.196root 11241100x8000000000000000424473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd05d108476f7cf52021-12-21 10:46:52.196root 11241100x8000000000000000424474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9cc53c92f8d1142021-12-21 10:46:52.694root 11241100x8000000000000000424475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9443006ba2d736c2021-12-21 10:46:52.694root 11241100x8000000000000000424476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cac816eb572ca582021-12-21 10:46:52.694root 11241100x8000000000000000424477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a518e8f61a6d3d12021-12-21 10:46:52.694root 11241100x8000000000000000424478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3cd3e522b76a3de2021-12-21 10:46:52.694root 11241100x8000000000000000424479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9142d09b6b497c02021-12-21 10:46:52.694root 11241100x8000000000000000424480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da419ce47c32bb12021-12-21 10:46:52.694root 11241100x8000000000000000424481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa9677fc45a0ad3c2021-12-21 10:46:52.694root 11241100x8000000000000000424482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f9c5bcdccdd8102021-12-21 10:46:52.694root 11241100x8000000000000000424483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d180ba0fb6a896de2021-12-21 10:46:52.694root 11241100x8000000000000000424484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c2692d8002d5172021-12-21 10:46:52.694root 11241100x8000000000000000424485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e73cfe499bde02062021-12-21 10:46:52.694root 11241100x8000000000000000424486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b82983db6960112021-12-21 10:46:52.695root 11241100x8000000000000000424487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca3d69d84e996942021-12-21 10:46:52.695root 11241100x8000000000000000424488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4079bec93a952852021-12-21 10:46:52.695root 11241100x8000000000000000424489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c201cae716435d0e2021-12-21 10:46:52.695root 11241100x8000000000000000424490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca1b19c8ace2af7e2021-12-21 10:46:52.695root 11241100x8000000000000000424491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f6f95a3323854862021-12-21 10:46:52.695root 11241100x8000000000000000424492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e0b9b466ac93dc2021-12-21 10:46:52.695root 11241100x8000000000000000424493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a6b52b9b3645652021-12-21 10:46:52.695root 11241100x8000000000000000424494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced691a8c3c605772021-12-21 10:46:52.695root 11241100x8000000000000000424495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5848370291d9b8af2021-12-21 10:46:52.695root 11241100x8000000000000000424496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c97dc04be2edbaf2021-12-21 10:46:52.695root 11241100x8000000000000000424497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61867f1d9acd84e02021-12-21 10:46:52.695root 11241100x8000000000000000424498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c0b490ae4da6782021-12-21 10:46:52.695root 11241100x8000000000000000424499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3921c41cb7d86e42021-12-21 10:46:52.695root 11241100x8000000000000000424500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba98ed96443265a2021-12-21 10:46:52.695root 11241100x8000000000000000424501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e8ce24efc1a36b2021-12-21 10:46:52.696root 11241100x8000000000000000424502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.162dff049600309e2021-12-21 10:46:52.696root 11241100x8000000000000000424503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf15263612bdb5f2021-12-21 10:46:52.696root 11241100x8000000000000000424504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8137f32e99a02f992021-12-21 10:46:52.696root 11241100x8000000000000000424505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adca17eaf492651b2021-12-21 10:46:52.696root 11241100x8000000000000000424506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1f8e6f9d7d10dae2021-12-21 10:46:52.696root 11241100x8000000000000000424507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd8bba387d824d4b2021-12-21 10:46:52.696root 354300x8000000000000000424508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.136{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47590-false10.0.1.12-8000- 11241100x8000000000000000424509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4339679f279c0262021-12-21 10:46:53.137root 11241100x8000000000000000424510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aecb305d9d438442021-12-21 10:46:53.137root 11241100x8000000000000000424511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d46c1db11b209af2021-12-21 10:46:53.137root 11241100x8000000000000000424512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e34abb48d0d0e26e2021-12-21 10:46:53.137root 11241100x8000000000000000424513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbaed0cb0a79ebe92021-12-21 10:46:53.137root 11241100x8000000000000000424514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df41d94831e012d52021-12-21 10:46:53.137root 11241100x8000000000000000424515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e46a4348fe7a97b22021-12-21 10:46:53.138root 11241100x8000000000000000424516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e785569221dcae82021-12-21 10:46:53.138root 11241100x8000000000000000424517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921e135eb1c22c332021-12-21 10:46:53.138root 11241100x8000000000000000424518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e682429909ba2ea2021-12-21 10:46:53.138root 11241100x8000000000000000424519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e636471c3fa616902021-12-21 10:46:53.138root 11241100x8000000000000000424520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a9f2f4a250a4732021-12-21 10:46:53.138root 11241100x8000000000000000424521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ff0632ad1a671472021-12-21 10:46:53.139root 11241100x8000000000000000424522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6bd924a49b7432a2021-12-21 10:46:53.139root 11241100x8000000000000000424523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7db2671c0483dfe82021-12-21 10:46:53.139root 11241100x8000000000000000424524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faa604ac6eaa2db22021-12-21 10:46:53.139root 11241100x8000000000000000424525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ea77796c16a3ca52021-12-21 10:46:53.139root 11241100x8000000000000000424526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.894004cf039f581d2021-12-21 10:46:53.139root 11241100x8000000000000000424527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec569a1b480588732021-12-21 10:46:53.139root 11241100x8000000000000000424528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e7c994af8994f3c2021-12-21 10:46:53.140root 11241100x8000000000000000424529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f3af26c6d2bee402021-12-21 10:46:53.140root 11241100x8000000000000000424530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee8aa08fd76f1f12021-12-21 10:46:53.140root 11241100x8000000000000000424531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c0c9c86e52d70352021-12-21 10:46:53.140root 11241100x8000000000000000424532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a9019fdeaa356012021-12-21 10:46:53.140root 11241100x8000000000000000424533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed02fb418e3ce0b12021-12-21 10:46:53.140root 11241100x8000000000000000424534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c82ddbe3022d1fcd2021-12-21 10:46:53.140root 11241100x8000000000000000424535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da08e9f558c5bd32021-12-21 10:46:53.140root 11241100x8000000000000000424536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ce6f505a299dca2021-12-21 10:46:53.140root 11241100x8000000000000000424537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989fb0d47ce892152021-12-21 10:46:53.140root 11241100x8000000000000000424538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de02ae11550fa8d2021-12-21 10:46:53.141root 11241100x8000000000000000424539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.435549602be9dacf2021-12-21 10:46:53.141root 11241100x8000000000000000424540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92b9518334d007012021-12-21 10:46:53.141root 11241100x8000000000000000424541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b5abff7786c84b2021-12-21 10:46:53.141root 11241100x8000000000000000424542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93cd7e7a617051982021-12-21 10:46:53.141root 11241100x8000000000000000424543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd9df6cf0352bb612021-12-21 10:46:53.141root 11241100x8000000000000000424544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e03efb7c0d020d2021-12-21 10:46:53.141root 11241100x8000000000000000424545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a5f3d164b4cf922021-12-21 10:46:53.142root 11241100x8000000000000000424546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e69c38982263442021-12-21 10:46:53.142root 11241100x8000000000000000424547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015db7e5078b5f602021-12-21 10:46:53.142root 11241100x8000000000000000424548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19fab980884aeddd2021-12-21 10:46:53.142root 11241100x8000000000000000424549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d33ac2a65b1df02e2021-12-21 10:46:53.142root 11241100x8000000000000000424550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d98cbd8308f29a72021-12-21 10:46:53.142root 11241100x8000000000000000424551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3caf5a2cb915c1af2021-12-21 10:46:53.142root 11241100x8000000000000000424552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f20d15b527a9cdb2021-12-21 10:46:53.142root 11241100x8000000000000000424553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be72cadf372df992021-12-21 10:46:53.443root 11241100x8000000000000000424554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44e9ff88bdc8b7a62021-12-21 10:46:53.443root 11241100x8000000000000000424555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37121889858b56522021-12-21 10:46:53.443root 11241100x8000000000000000424556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e4a8a65f964b472021-12-21 10:46:53.444root 11241100x8000000000000000424557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c3201658ac129942021-12-21 10:46:53.444root 11241100x8000000000000000424558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b441f852cf6e39f72021-12-21 10:46:53.444root 11241100x8000000000000000424559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed9457f03a3f17902021-12-21 10:46:53.444root 11241100x8000000000000000424560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7afab095e31756492021-12-21 10:46:53.444root 11241100x8000000000000000424561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d70c8b069611d6d2021-12-21 10:46:53.444root 11241100x8000000000000000424562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3898f64d04aa91292021-12-21 10:46:53.444root 11241100x8000000000000000424563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.891adb8102e19aea2021-12-21 10:46:53.444root 11241100x8000000000000000424564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1234d69ed1cc1ff2021-12-21 10:46:53.444root 11241100x8000000000000000424565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddff9f094488f2e72021-12-21 10:46:53.444root 11241100x8000000000000000424566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c226c2d72a8ddde2021-12-21 10:46:53.445root 11241100x8000000000000000424567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab177d8d29c4fb52021-12-21 10:46:53.445root 11241100x8000000000000000424568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2adf90a1f229f902021-12-21 10:46:53.445root 11241100x8000000000000000424569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b9b7a5c609f4a4e2021-12-21 10:46:53.445root 11241100x8000000000000000424570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02ea3504239cb5952021-12-21 10:46:53.445root 11241100x8000000000000000424571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e96890eda1d955f72021-12-21 10:46:53.445root 11241100x8000000000000000424572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79262360930f35402021-12-21 10:46:53.445root 11241100x8000000000000000424573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a406165822c1652021-12-21 10:46:53.445root 11241100x8000000000000000424574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.658b9faff02c9d792021-12-21 10:46:53.445root 11241100x8000000000000000424575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb8b7d6fbf5472622021-12-21 10:46:53.446root 11241100x8000000000000000424576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d97f8c0b204147f72021-12-21 10:46:53.446root 11241100x8000000000000000424577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c5ded2c41c1dd642021-12-21 10:46:53.446root 11241100x8000000000000000424578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5b269d2dd5d403e2021-12-21 10:46:53.446root 11241100x8000000000000000424579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a29779ec7c6bbc92021-12-21 10:46:53.446root 11241100x8000000000000000424580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c6186188d95909a2021-12-21 10:46:53.446root 11241100x8000000000000000424581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd3c7dc1b2626a72021-12-21 10:46:53.446root 11241100x8000000000000000424582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.373506fa6808ac182021-12-21 10:46:53.446root 11241100x8000000000000000424583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5047724864934f052021-12-21 10:46:53.446root 11241100x8000000000000000424584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3688140d0548cf82021-12-21 10:46:53.447root 11241100x8000000000000000424585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7d30976a2bf4772021-12-21 10:46:53.447root 11241100x8000000000000000424586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b2d27c90dbfcc52021-12-21 10:46:53.447root 11241100x8000000000000000424587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.604dc2e1b4eb5a4c2021-12-21 10:46:53.447root 11241100x8000000000000000424588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.722bbd3df0561c042021-12-21 10:46:53.943root 11241100x8000000000000000424589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2305f03290806ca2021-12-21 10:46:53.943root 11241100x8000000000000000424590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37e6869fd46b7932021-12-21 10:46:53.943root 11241100x8000000000000000424591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef8f748d31edec22021-12-21 10:46:53.944root 11241100x8000000000000000424592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.053b7b537c96d7fe2021-12-21 10:46:53.944root 11241100x8000000000000000424593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c8d38713c09c7512021-12-21 10:46:53.944root 11241100x8000000000000000424594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ed348394c1e674a2021-12-21 10:46:53.944root 11241100x8000000000000000424595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5503f82497019a632021-12-21 10:46:53.944root 11241100x8000000000000000424596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b52d9a69f16d95fd2021-12-21 10:46:53.944root 11241100x8000000000000000424597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5dfea95c511df172021-12-21 10:46:53.944root 11241100x8000000000000000424598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d54134208b25dc2021-12-21 10:46:53.945root 11241100x8000000000000000424599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9bdc69e0c34e0dc2021-12-21 10:46:53.945root 11241100x8000000000000000424600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceaf59d664c91cee2021-12-21 10:46:53.945root 11241100x8000000000000000424601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e2aaf33fbeb2eff2021-12-21 10:46:53.945root 11241100x8000000000000000424602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c8374bcbd023fd2021-12-21 10:46:53.945root 11241100x8000000000000000424603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb2c8eb6274bb0242021-12-21 10:46:53.945root 11241100x8000000000000000424604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc01e9ba36729afa2021-12-21 10:46:53.945root 11241100x8000000000000000424605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d8537c4e275937f2021-12-21 10:46:53.945root 11241100x8000000000000000424606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d53ad8083189ff2021-12-21 10:46:53.945root 11241100x8000000000000000424607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b30afb824b8df1cb2021-12-21 10:46:53.946root 11241100x8000000000000000424608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09415d4a6a3df732021-12-21 10:46:53.946root 11241100x8000000000000000424609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10cae166830fe1622021-12-21 10:46:53.946root 11241100x8000000000000000424610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6460d4c1df0c0672021-12-21 10:46:53.946root 11241100x8000000000000000424611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e0a385195554dc12021-12-21 10:46:53.946root 11241100x8000000000000000424612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a48cc47855ff3d92021-12-21 10:46:53.946root 11241100x8000000000000000424613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31ddc09c764c0d0f2021-12-21 10:46:53.946root 11241100x8000000000000000424614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea3ca31cf21ecf42021-12-21 10:46:53.946root 11241100x8000000000000000424615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ca13f91149e0732021-12-21 10:46:53.946root 11241100x8000000000000000424616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ab50399a9de57422021-12-21 10:46:53.946root 11241100x8000000000000000424617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bbf2ec4ec658b702021-12-21 10:46:53.947root 11241100x8000000000000000424618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b49fb4ef1dd419772021-12-21 10:46:53.947root 11241100x8000000000000000424619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46baeee19db4244d2021-12-21 10:46:53.947root 11241100x8000000000000000424620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e650eb1224f7f6472021-12-21 10:46:53.947root 11241100x8000000000000000424621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2288bb2eb4db5e32021-12-21 10:46:53.947root 11241100x8000000000000000424622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8f5cb3801eab9a2021-12-21 10:46:53.947root 11241100x8000000000000000424623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:53.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b074be95f4d634952021-12-21 10:46:53.947root 11241100x8000000000000000424624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5ce376d6f328e22021-12-21 10:46:54.443root 11241100x8000000000000000424625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f2f1a2089abe3fb2021-12-21 10:46:54.443root 11241100x8000000000000000424626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a12c7798889ad7a82021-12-21 10:46:54.443root 11241100x8000000000000000424627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e142bd685009faae2021-12-21 10:46:54.443root 11241100x8000000000000000424628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd15d9303195a9f32021-12-21 10:46:54.444root 11241100x8000000000000000424629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06eccd8e7aa4d83e2021-12-21 10:46:54.444root 11241100x8000000000000000424630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c45f276977c3b5732021-12-21 10:46:54.444root 11241100x8000000000000000424631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0379ccaeadfc3e912021-12-21 10:46:54.444root 11241100x8000000000000000424632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d79f4706636068f2021-12-21 10:46:54.444root 11241100x8000000000000000424633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93a62f0186d50a762021-12-21 10:46:54.444root 11241100x8000000000000000424634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acaa6fc0da85ee7f2021-12-21 10:46:54.444root 11241100x8000000000000000424635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.486d5aa5a0355c262021-12-21 10:46:54.444root 11241100x8000000000000000424636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea0e3acf579900af2021-12-21 10:46:54.444root 11241100x8000000000000000424637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ef5b53cd012b6082021-12-21 10:46:54.444root 11241100x8000000000000000424638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7a060f8ff4eff492021-12-21 10:46:54.444root 11241100x8000000000000000424639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.363e1b423e57eab02021-12-21 10:46:54.445root 11241100x8000000000000000424640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc48a84fa8a59dec2021-12-21 10:46:54.445root 11241100x8000000000000000424641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f3120b957900862021-12-21 10:46:54.445root 11241100x8000000000000000424642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5ab5eeab2c3c7a22021-12-21 10:46:54.445root 11241100x8000000000000000424643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9db2e021b9970c2021-12-21 10:46:54.445root 11241100x8000000000000000424644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f7119e05e1624182021-12-21 10:46:54.445root 11241100x8000000000000000424645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda48e957959023e2021-12-21 10:46:54.445root 11241100x8000000000000000424646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6aa0be4b306f8842021-12-21 10:46:54.445root 11241100x8000000000000000424647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.803c66903ec28db62021-12-21 10:46:54.445root 11241100x8000000000000000424648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2136228c371200992021-12-21 10:46:54.445root 11241100x8000000000000000424649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17dea1597dd397712021-12-21 10:46:54.445root 11241100x8000000000000000424650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d1f13494519be0c2021-12-21 10:46:54.445root 11241100x8000000000000000424651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b06c542121455f2a2021-12-21 10:46:54.445root 11241100x8000000000000000424652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595ec0ee5107dfb52021-12-21 10:46:54.446root 11241100x8000000000000000424653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08dedd25b5e9b36f2021-12-21 10:46:54.446root 11241100x8000000000000000424654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.683fde99a1d8a28d2021-12-21 10:46:54.446root 11241100x8000000000000000424655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e9039a2a8e56a82021-12-21 10:46:54.446root 11241100x8000000000000000424656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a4309190d8a852e2021-12-21 10:46:54.446root 11241100x8000000000000000424657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ec9316f063c428d2021-12-21 10:46:54.446root 11241100x8000000000000000424658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b2e502c34c7bbd2021-12-21 10:46:54.446root 11241100x8000000000000000424659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f534e0d155295a7e2021-12-21 10:46:54.446root 11241100x8000000000000000424660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c70509b60e8147392021-12-21 10:46:54.943root 11241100x8000000000000000424661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7110e6e33431fded2021-12-21 10:46:54.943root 11241100x8000000000000000424662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d29a72476d3359c2021-12-21 10:46:54.943root 11241100x8000000000000000424663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d644afa6e258d572021-12-21 10:46:54.943root 11241100x8000000000000000424664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e6360237add0e7b2021-12-21 10:46:54.944root 11241100x8000000000000000424665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b3f3a07182ef82d2021-12-21 10:46:54.944root 11241100x8000000000000000424666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db5444f05de8475e2021-12-21 10:46:54.944root 11241100x8000000000000000424667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c0eb6750cfe7ca2021-12-21 10:46:54.944root 11241100x8000000000000000424668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1893419673bde8292021-12-21 10:46:54.944root 11241100x8000000000000000424669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b9c8a8f31fd5f102021-12-21 10:46:54.944root 11241100x8000000000000000424670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de377227f1fadd82021-12-21 10:46:54.944root 11241100x8000000000000000424671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115ac380277df41c2021-12-21 10:46:54.944root 11241100x8000000000000000424672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1787547f4e42d5d2021-12-21 10:46:54.944root 11241100x8000000000000000424673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.101c452bf305a6442021-12-21 10:46:54.944root 11241100x8000000000000000424674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1dfd79caece96cd2021-12-21 10:46:54.944root 11241100x8000000000000000424675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.993b812d8fe681892021-12-21 10:46:54.944root 11241100x8000000000000000424676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0c36ff7f9317acb2021-12-21 10:46:54.944root 11241100x8000000000000000424677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.301446161dab39cc2021-12-21 10:46:54.944root 11241100x8000000000000000424678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d18d30158cdee5b2021-12-21 10:46:54.944root 11241100x8000000000000000424679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ceecb76a2958d752021-12-21 10:46:54.945root 11241100x8000000000000000424680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.944797940803e23e2021-12-21 10:46:54.945root 11241100x8000000000000000424681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0070d82020abcaf2021-12-21 10:46:54.945root 11241100x8000000000000000424682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e4215f3828729152021-12-21 10:46:54.945root 11241100x8000000000000000424683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daa201881d4f3efb2021-12-21 10:46:54.945root 11241100x8000000000000000424684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a24765db3b87eb32021-12-21 10:46:54.945root 11241100x8000000000000000424685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d0d5146a3103092021-12-21 10:46:54.945root 11241100x8000000000000000424686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77879ffee8a00b1a2021-12-21 10:46:54.945root 11241100x8000000000000000424687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1049f2a847c1ac542021-12-21 10:46:54.945root 11241100x8000000000000000424688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e140c1ec89a0552021-12-21 10:46:54.945root 11241100x8000000000000000424689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.607b00d172aaf0842021-12-21 10:46:54.945root 11241100x8000000000000000424690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af12683787bdff662021-12-21 10:46:54.945root 11241100x8000000000000000424691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.785bd9f3cb066d382021-12-21 10:46:54.946root 11241100x8000000000000000424692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e9492e536b3ca392021-12-21 10:46:54.946root 11241100x8000000000000000424693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c143ad1504716712021-12-21 10:46:54.946root 11241100x8000000000000000424694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e05655b837bce962021-12-21 10:46:54.946root 11241100x8000000000000000424695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a959fa58eb70cde92021-12-21 10:46:54.946root 11241100x8000000000000000424696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7b3577e3e27357d2021-12-21 10:46:54.946root 11241100x8000000000000000424697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8193c6ddd60b1a642021-12-21 10:46:54.946root 11241100x8000000000000000424698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fcf090788860a0a2021-12-21 10:46:54.946root 11241100x8000000000000000424699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b3dda3183f9cbe62021-12-21 10:46:54.946root 11241100x8000000000000000424700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82d96b60d213d58f2021-12-21 10:46:54.946root 11241100x8000000000000000424701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d08fdcc9eb9ac4c12021-12-21 10:46:54.946root 11241100x8000000000000000424702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b381d8d95f632c12021-12-21 10:46:55.443root 11241100x8000000000000000424703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.046fdf9e00d4ebaa2021-12-21 10:46:55.443root 11241100x8000000000000000424704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64784c36b8f1d3b42021-12-21 10:46:55.443root 11241100x8000000000000000424705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c31c416a7673fe312021-12-21 10:46:55.443root 11241100x8000000000000000424706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2764c399a5e504222021-12-21 10:46:55.444root 11241100x8000000000000000424707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3407afccd9b708d32021-12-21 10:46:55.444root 11241100x8000000000000000424708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e416f3aee784a42021-12-21 10:46:55.444root 11241100x8000000000000000424709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0fb7fb5f23cbd1c2021-12-21 10:46:55.444root 11241100x8000000000000000424710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13bbee8856b86c42021-12-21 10:46:55.444root 11241100x8000000000000000424711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b85f0d0535d446f42021-12-21 10:46:55.444root 11241100x8000000000000000424712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a3576064874e2052021-12-21 10:46:55.444root 11241100x8000000000000000424713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e647ed3c8ebb5ff82021-12-21 10:46:55.444root 11241100x8000000000000000424714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1513f3353ea45c522021-12-21 10:46:55.444root 11241100x8000000000000000424715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afe5acaf004a9ee72021-12-21 10:46:55.444root 11241100x8000000000000000424716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1329910ae502e5522021-12-21 10:46:55.444root 11241100x8000000000000000424717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c8cd4196c5db84d2021-12-21 10:46:55.444root 11241100x8000000000000000424718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28fdd097fed2a8b52021-12-21 10:46:55.444root 11241100x8000000000000000424719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.586a05531ed865562021-12-21 10:46:55.444root 11241100x8000000000000000424720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f5577bd170ee692021-12-21 10:46:55.445root 11241100x8000000000000000424721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac027b8541130d4c2021-12-21 10:46:55.445root 11241100x8000000000000000424722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619613787ad7bb422021-12-21 10:46:55.445root 11241100x8000000000000000424723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d8519042775d082021-12-21 10:46:55.445root 11241100x8000000000000000424724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4454b842e682df42021-12-21 10:46:55.445root 11241100x8000000000000000424725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.047117bcee8396322021-12-21 10:46:55.445root 11241100x8000000000000000424726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bdd71c6273005e62021-12-21 10:46:55.445root 11241100x8000000000000000424727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98134d7044f26d842021-12-21 10:46:55.445root 11241100x8000000000000000424728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afbe30706ee8aec92021-12-21 10:46:55.445root 11241100x8000000000000000424729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e897a3804ac1b5742021-12-21 10:46:55.445root 11241100x8000000000000000424730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a1261335bb9cd82021-12-21 10:46:55.445root 11241100x8000000000000000424731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c22705f406a7d48b2021-12-21 10:46:55.445root 11241100x8000000000000000424732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.056ebcdfa3873d0b2021-12-21 10:46:55.446root 11241100x8000000000000000424733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b7d1d85c62cbf62021-12-21 10:46:55.446root 11241100x8000000000000000424734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a28820ad70c99d152021-12-21 10:46:55.446root 11241100x8000000000000000424735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74981348b4e923372021-12-21 10:46:55.446root 11241100x8000000000000000424736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8d48648405c10272021-12-21 10:46:55.446root 11241100x8000000000000000424737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c05acbe15a41692021-12-21 10:46:55.446root 11241100x8000000000000000424738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e833df90659343fa2021-12-21 10:46:55.446root 11241100x8000000000000000424739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5228beb8c470fbc12021-12-21 10:46:55.446root 11241100x8000000000000000424740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a68403c403d2872021-12-21 10:46:55.446root 11241100x8000000000000000424741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c15e9aeeb1857802021-12-21 10:46:55.943root 11241100x8000000000000000424742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c35c49b263a4fddb2021-12-21 10:46:55.943root 11241100x8000000000000000424743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af2b84cf0a5f7a4c2021-12-21 10:46:55.943root 11241100x8000000000000000424744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12275caf9f3841e2021-12-21 10:46:55.943root 11241100x8000000000000000424745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3707e4d36affe4142021-12-21 10:46:55.944root 11241100x8000000000000000424746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f63ee08bf05b49aa2021-12-21 10:46:55.944root 11241100x8000000000000000424747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d19f6dc51bd17552021-12-21 10:46:55.944root 11241100x8000000000000000424748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e20a63253c9cdcbd2021-12-21 10:46:55.944root 11241100x8000000000000000424749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f0d90dc887e0852021-12-21 10:46:55.944root 11241100x8000000000000000424750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf06850ed150b5882021-12-21 10:46:55.944root 11241100x8000000000000000424751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc76114c3d554e92021-12-21 10:46:55.944root 11241100x8000000000000000424752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1130080114ecee3d2021-12-21 10:46:55.944root 11241100x8000000000000000424753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7a7ba7698efcb02021-12-21 10:46:55.944root 11241100x8000000000000000424754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d41f9122789a7482021-12-21 10:46:55.944root 11241100x8000000000000000424755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.034819cdc4ca5fab2021-12-21 10:46:55.944root 11241100x8000000000000000424756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79cc69e51bd28f3b2021-12-21 10:46:55.944root 11241100x8000000000000000424757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.386366f039f39da52021-12-21 10:46:55.944root 11241100x8000000000000000424758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b0b7dd3f3628d5b2021-12-21 10:46:55.944root 11241100x8000000000000000424759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a8f4873c4cb70332021-12-21 10:46:55.944root 11241100x8000000000000000424760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e6066ade8f3b4ef2021-12-21 10:46:55.944root 11241100x8000000000000000424761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82b0f6e6c8537b82021-12-21 10:46:55.945root 11241100x8000000000000000424762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b89613ce8667252021-12-21 10:46:55.945root 11241100x8000000000000000424763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c864f155725549162021-12-21 10:46:55.945root 11241100x8000000000000000424764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.304861d2e5b479572021-12-21 10:46:55.945root 11241100x8000000000000000424765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.322f9c9e124125732021-12-21 10:46:55.945root 11241100x8000000000000000424766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b90f311ef1968ad2021-12-21 10:46:55.945root 11241100x8000000000000000424767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb4064cf01f69812021-12-21 10:46:55.945root 11241100x8000000000000000424768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c1d0023f4dfc012021-12-21 10:46:55.945root 11241100x8000000000000000424769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16f247158da9fe012021-12-21 10:46:55.945root 11241100x8000000000000000424770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a921115c64fa1e9e2021-12-21 10:46:55.945root 11241100x8000000000000000424771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cafbf242e957c83f2021-12-21 10:46:55.945root 11241100x8000000000000000424772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.588938e9730ea09a2021-12-21 10:46:55.945root 11241100x8000000000000000424773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.278397d4eec0c5d52021-12-21 10:46:55.945root 11241100x8000000000000000424774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35194609d937eb152021-12-21 10:46:55.945root 11241100x8000000000000000424775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e32b792e432b6e0f2021-12-21 10:46:55.945root 11241100x8000000000000000424776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b65af1396d87cd12021-12-21 10:46:55.945root 11241100x8000000000000000424777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fad0a4d0deb3b192021-12-21 10:46:55.946root 11241100x8000000000000000424778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c25e4c3c63c53162021-12-21 10:46:56.443root 11241100x8000000000000000424779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9c0fc298364a12a2021-12-21 10:46:56.443root 11241100x8000000000000000424780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3200970815c20b2021-12-21 10:46:56.443root 11241100x8000000000000000424781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c75744bd0c9751a32021-12-21 10:46:56.444root 11241100x8000000000000000424782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d780dd41c45d662021-12-21 10:46:56.444root 11241100x8000000000000000424783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.279bc4040edeade22021-12-21 10:46:56.444root 11241100x8000000000000000424784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c755521617d533f12021-12-21 10:46:56.444root 11241100x8000000000000000424785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b59a3f71739ecd0b2021-12-21 10:46:56.444root 11241100x8000000000000000424786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f7bbdce508a27cb2021-12-21 10:46:56.444root 11241100x8000000000000000424787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b69066e4e9b58f2021-12-21 10:46:56.444root 11241100x8000000000000000424788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce979ad2ebdc84a2021-12-21 10:46:56.444root 11241100x8000000000000000424789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.255efc8fe15b424d2021-12-21 10:46:56.444root 11241100x8000000000000000424790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba14d8dd3de227f2021-12-21 10:46:56.444root 11241100x8000000000000000424791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.540b05046a13aa0e2021-12-21 10:46:56.444root 11241100x8000000000000000424792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ddbbcfc2b7a51b2021-12-21 10:46:56.444root 11241100x8000000000000000424793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c34af3a75d945a1d2021-12-21 10:46:56.444root 11241100x8000000000000000424794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ca53f0449e638332021-12-21 10:46:56.444root 11241100x8000000000000000424795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e796724bcc10c2fe2021-12-21 10:46:56.444root 11241100x8000000000000000424796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d8d9cd01aafd7732021-12-21 10:46:56.444root 11241100x8000000000000000424797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f43658e86b9646492021-12-21 10:46:56.445root 11241100x8000000000000000424798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf75050bc5d62b2e2021-12-21 10:46:56.445root 11241100x8000000000000000424799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0642097ea244cc2021-12-21 10:46:56.445root 11241100x8000000000000000424800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d14a6149f61d98742021-12-21 10:46:56.445root 11241100x8000000000000000424801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a419970e7093c102021-12-21 10:46:56.445root 11241100x8000000000000000424802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd590d7ddfe722f2021-12-21 10:46:56.445root 11241100x8000000000000000424803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79748e6a688996152021-12-21 10:46:56.445root 11241100x8000000000000000424804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0619147363531ad2021-12-21 10:46:56.445root 11241100x8000000000000000424805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3700dafea721092021-12-21 10:46:56.446root 11241100x8000000000000000424806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbfcd1c11cf23d182021-12-21 10:46:56.446root 11241100x8000000000000000424807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138667f6157e24fa2021-12-21 10:46:56.446root 11241100x8000000000000000424808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.617d3ba1bf13963b2021-12-21 10:46:56.447root 11241100x8000000000000000424809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f6bee4d254cfac92021-12-21 10:46:56.447root 11241100x8000000000000000424810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7e6dc26d33b2e52021-12-21 10:46:56.447root 11241100x8000000000000000424811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c75c94469a43ac482021-12-21 10:46:56.447root 11241100x8000000000000000424812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.917f85742543763b2021-12-21 10:46:56.447root 11241100x8000000000000000424813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdfcbd51bac1ec382021-12-21 10:46:56.447root 11241100x8000000000000000424814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ace37bea14397bf2021-12-21 10:46:56.943root 11241100x8000000000000000424815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf77f4e703d6e4bd2021-12-21 10:46:56.943root 11241100x8000000000000000424816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065131048a8121172021-12-21 10:46:56.943root 11241100x8000000000000000424817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a60485390aa32ec02021-12-21 10:46:56.943root 11241100x8000000000000000424818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ab53df9df0f49732021-12-21 10:46:56.944root 11241100x8000000000000000424819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ad92356734a2ace2021-12-21 10:46:56.944root 11241100x8000000000000000424820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96773ccc96ac77a42021-12-21 10:46:56.944root 11241100x8000000000000000424821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e9cfe3e45b7b9c2021-12-21 10:46:56.944root 11241100x8000000000000000424822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1f76be7e91de33c2021-12-21 10:46:56.944root 11241100x8000000000000000424823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.514a5c7a87ada9252021-12-21 10:46:56.944root 11241100x8000000000000000424824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9502aea047777292021-12-21 10:46:56.944root 11241100x8000000000000000424825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f4dbc7003eaf1342021-12-21 10:46:56.944root 11241100x8000000000000000424826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49141d768e905ca2021-12-21 10:46:56.944root 11241100x8000000000000000424827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b983de8aabfe2812021-12-21 10:46:56.944root 11241100x8000000000000000424828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.023488dd491240d12021-12-21 10:46:56.944root 11241100x8000000000000000424829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ad07ef209b15a02021-12-21 10:46:56.944root 11241100x8000000000000000424830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e8ffcd580bc40f2021-12-21 10:46:56.944root 11241100x8000000000000000424831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc3229ad4fb3bf5b2021-12-21 10:46:56.944root 11241100x8000000000000000424832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b59b0505ca2d06912021-12-21 10:46:56.944root 11241100x8000000000000000424833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b5d30d350ac472d2021-12-21 10:46:56.945root 11241100x8000000000000000424834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7641800c8195e5c2021-12-21 10:46:56.945root 11241100x8000000000000000424835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f31ff245df57c42021-12-21 10:46:56.945root 11241100x8000000000000000424836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.658dec042d4156eb2021-12-21 10:46:56.945root 11241100x8000000000000000424837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d0af058cc9bbb92021-12-21 10:46:56.945root 11241100x8000000000000000424838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b2832424f2262402021-12-21 10:46:56.945root 11241100x8000000000000000424839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb43a6405f7c576e2021-12-21 10:46:56.945root 11241100x8000000000000000424840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc81495091754812021-12-21 10:46:56.945root 11241100x8000000000000000424841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ad2f2a81d391092021-12-21 10:46:56.945root 11241100x8000000000000000424842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2cd351e026379f42021-12-21 10:46:56.945root 11241100x8000000000000000424843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.961620ff54b7dc922021-12-21 10:46:56.945root 11241100x8000000000000000424844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65752bace53045422021-12-21 10:46:56.945root 11241100x8000000000000000424845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4ab5f631246cacd2021-12-21 10:46:56.945root 11241100x8000000000000000424846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc04f09271fd72052021-12-21 10:46:56.945root 11241100x8000000000000000424847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e0e56688207b4252021-12-21 10:46:56.946root 11241100x8000000000000000424848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b88d864848bb50b92021-12-21 10:46:56.946root 11241100x8000000000000000424849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a973a39d3718f162021-12-21 10:46:56.946root 11241100x8000000000000000424850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83f1e20459decddb2021-12-21 10:46:57.443root 11241100x8000000000000000424851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.914d9024d1d0431d2021-12-21 10:46:57.443root 11241100x8000000000000000424852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a7a231d00965302021-12-21 10:46:57.443root 11241100x8000000000000000424853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d9f81932b9410d02021-12-21 10:46:57.443root 11241100x8000000000000000424854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a78ab626f42ac5562021-12-21 10:46:57.444root 11241100x8000000000000000424855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb895678081772db2021-12-21 10:46:57.444root 11241100x8000000000000000424856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50288c8b632b422c2021-12-21 10:46:57.444root 11241100x8000000000000000424857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0742952c1304b5c32021-12-21 10:46:57.444root 11241100x8000000000000000424858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60537d92addf7f512021-12-21 10:46:57.444root 11241100x8000000000000000424859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a55137b33fbaf2a2021-12-21 10:46:57.444root 11241100x8000000000000000424860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a96c2d5668bcc2672021-12-21 10:46:57.444root 11241100x8000000000000000424861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e7ef3fd17701cb22021-12-21 10:46:57.444root 11241100x8000000000000000424862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf32ff9d405e8062021-12-21 10:46:57.444root 11241100x8000000000000000424863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e9033b00128d94f2021-12-21 10:46:57.444root 11241100x8000000000000000424864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19e25ff505f4b2b42021-12-21 10:46:57.444root 11241100x8000000000000000424865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fac769c0081875f72021-12-21 10:46:57.444root 11241100x8000000000000000424866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2130146867280952021-12-21 10:46:57.444root 11241100x8000000000000000424867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3514c9e197a0145b2021-12-21 10:46:57.444root 11241100x8000000000000000424868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f7612ed6e63eab2021-12-21 10:46:57.444root 11241100x8000000000000000424869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c77274b97cf6599a2021-12-21 10:46:57.444root 11241100x8000000000000000424870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae50b302af455cbc2021-12-21 10:46:57.445root 11241100x8000000000000000424871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28094f78237d3b92021-12-21 10:46:57.445root 11241100x8000000000000000424872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a214c9b11424c5632021-12-21 10:46:57.445root 11241100x8000000000000000424873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff36480f3eddcd02021-12-21 10:46:57.445root 11241100x8000000000000000424874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.866464bf802fcc172021-12-21 10:46:57.445root 11241100x8000000000000000424875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d38fbc64f9a7252021-12-21 10:46:57.445root 11241100x8000000000000000424876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19dc445eb485a2ce2021-12-21 10:46:57.445root 11241100x8000000000000000424877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8debca4eedaa07a82021-12-21 10:46:57.445root 11241100x8000000000000000424878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb86095a32cb25bc2021-12-21 10:46:57.445root 11241100x8000000000000000424879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f16f6d7dd652d2212021-12-21 10:46:57.445root 11241100x8000000000000000424880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6221604692fceb8d2021-12-21 10:46:57.445root 11241100x8000000000000000424881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.867862b300988af42021-12-21 10:46:57.445root 11241100x8000000000000000424882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e9854ea1ffa6f9c2021-12-21 10:46:57.445root 11241100x8000000000000000424883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f7e5d8b50e863f2021-12-21 10:46:57.445root 11241100x8000000000000000424884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ca5c63e337265f42021-12-21 10:46:57.445root 11241100x8000000000000000424885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5af15b9180bfef7a2021-12-21 10:46:57.445root 11241100x8000000000000000424886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4779c728b737ef442021-12-21 10:46:57.943root 11241100x8000000000000000424887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.367d52288591305f2021-12-21 10:46:57.943root 11241100x8000000000000000424888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da1092fb60c9fad2021-12-21 10:46:57.943root 11241100x8000000000000000424889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7553b3b117f834f12021-12-21 10:46:57.943root 11241100x8000000000000000424890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9a227081b4d79df2021-12-21 10:46:57.943root 11241100x8000000000000000424891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb1bab317d0964c2021-12-21 10:46:57.944root 11241100x8000000000000000424892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ac6e80b115cc302021-12-21 10:46:57.944root 11241100x8000000000000000424893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e37b8fcc2b9218892021-12-21 10:46:57.944root 11241100x8000000000000000424894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1069e47356ad56fb2021-12-21 10:46:57.944root 11241100x8000000000000000424895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.917b120d1507bc852021-12-21 10:46:57.944root 11241100x8000000000000000424896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec5415c1df43e1fa2021-12-21 10:46:57.944root 11241100x8000000000000000424897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5172c5331f1541f12021-12-21 10:46:57.944root 11241100x8000000000000000424898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e37563213750e22021-12-21 10:46:57.944root 11241100x8000000000000000424899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a598a587b0d902e62021-12-21 10:46:57.944root 11241100x8000000000000000424900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef5ec2dc49daff32021-12-21 10:46:57.944root 11241100x8000000000000000424901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ed0d4bc4b70f692021-12-21 10:46:57.944root 11241100x8000000000000000424902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c84cf7dc4f7b532021-12-21 10:46:57.944root 11241100x8000000000000000424903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f41d3dcb36b0b8082021-12-21 10:46:57.944root 11241100x8000000000000000424904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57030df874f82e012021-12-21 10:46:57.945root 11241100x8000000000000000424905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d203cae489d1f8792021-12-21 10:46:57.945root 11241100x8000000000000000424906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba5e3239504b0e4f2021-12-21 10:46:57.945root 11241100x8000000000000000424907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f6b5991bdb87d82021-12-21 10:46:57.945root 11241100x8000000000000000424908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4dafbadfadb7db32021-12-21 10:46:57.945root 11241100x8000000000000000424909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f43d5c8275417aa2021-12-21 10:46:57.945root 11241100x8000000000000000424910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9fb0cd9352e11f2021-12-21 10:46:57.945root 11241100x8000000000000000424911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4ea40973e653f462021-12-21 10:46:57.945root 11241100x8000000000000000424912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25e551fb99600182021-12-21 10:46:57.945root 11241100x8000000000000000424913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6103b4a3b3dd113c2021-12-21 10:46:57.945root 11241100x8000000000000000424914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e549485d6be8aa2021-12-21 10:46:57.945root 11241100x8000000000000000424915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4bf55be0747bd5e2021-12-21 10:46:57.945root 11241100x8000000000000000424916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3404d6d6b695116a2021-12-21 10:46:57.945root 11241100x8000000000000000424917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a195924559d35012021-12-21 10:46:57.945root 11241100x8000000000000000424918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.305b2e33d45e7e942021-12-21 10:46:57.945root 11241100x8000000000000000424919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d5034c94ec3eab52021-12-21 10:46:57.945root 11241100x8000000000000000424920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa69199c25609e92021-12-21 10:46:57.946root 11241100x8000000000000000424921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e501c1d9160a6802021-12-21 10:46:57.946root 11241100x8000000000000000424922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e7ed2e6e8e52672021-12-21 10:46:57.946root 354300x8000000000000000424923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.218{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47592-false10.0.1.12-8000- 11241100x8000000000000000424924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76354ece5769d1b32021-12-21 10:46:58.219root 11241100x8000000000000000424925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9074b11d1261722021-12-21 10:46:58.219root 11241100x8000000000000000424926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89909b20cc9cfa5e2021-12-21 10:46:58.219root 11241100x8000000000000000424927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b53c730c3682f92021-12-21 10:46:58.219root 11241100x8000000000000000424928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.480add21242573df2021-12-21 10:46:58.219root 11241100x8000000000000000424929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59af58d251fcbf5e2021-12-21 10:46:58.219root 11241100x8000000000000000424930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00921c23492e81872021-12-21 10:46:58.219root 11241100x8000000000000000424931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc0ac677223d4bcc2021-12-21 10:46:58.219root 11241100x8000000000000000424932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb196c1052d35132021-12-21 10:46:58.220root 11241100x8000000000000000424933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.526a3171604be35e2021-12-21 10:46:58.220root 11241100x8000000000000000424934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e624f9e7cf9bef2e2021-12-21 10:46:58.220root 11241100x8000000000000000424935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d90f604f7aa23a2021-12-21 10:46:58.220root 11241100x8000000000000000424936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b17815867094cae22021-12-21 10:46:58.220root 11241100x8000000000000000424937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.408505c4abf485512021-12-21 10:46:58.220root 11241100x8000000000000000424938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4a01e308c9026b2021-12-21 10:46:58.220root 11241100x8000000000000000424939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7ace774e28e166f2021-12-21 10:46:58.220root 11241100x8000000000000000424940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a7548c5527e7ae2021-12-21 10:46:58.220root 11241100x8000000000000000424941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6213dacc682e5b962021-12-21 10:46:58.220root 11241100x8000000000000000424942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0962259cc20f5d962021-12-21 10:46:58.220root 11241100x8000000000000000424943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1345df9777861302021-12-21 10:46:58.221root 11241100x8000000000000000424944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f38edcb7f642a22021-12-21 10:46:58.221root 11241100x8000000000000000424945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d22595d89649c5fb2021-12-21 10:46:58.221root 11241100x8000000000000000424946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbeffa1306b406982021-12-21 10:46:58.221root 11241100x8000000000000000424947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db59c903248619c12021-12-21 10:46:58.222root 11241100x8000000000000000424948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.330a0d93d7dcaff22021-12-21 10:46:58.222root 11241100x8000000000000000424949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.878ac495aa37fcb82021-12-21 10:46:58.222root 11241100x8000000000000000424950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d2dafd88e22ac72021-12-21 10:46:58.222root 11241100x8000000000000000424951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac197a6723fb43e12021-12-21 10:46:58.222root 11241100x8000000000000000424952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.146579c697f730662021-12-21 10:46:58.222root 11241100x8000000000000000424953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c2a3159c06bda2f2021-12-21 10:46:58.222root 11241100x8000000000000000424954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b776e93cacdbf6f2021-12-21 10:46:58.223root 11241100x8000000000000000424955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc87c08ddc4121022021-12-21 10:46:58.223root 11241100x8000000000000000424956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afde510b1442cf4c2021-12-21 10:46:58.223root 11241100x8000000000000000424957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d2740cd75e0e4172021-12-21 10:46:58.223root 11241100x8000000000000000424958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f4fbd1e128bd982021-12-21 10:46:58.223root 11241100x8000000000000000424959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7457e7519c0c0f982021-12-21 10:46:58.223root 11241100x8000000000000000424960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.738beec4c3b556392021-12-21 10:46:58.223root 11241100x8000000000000000424961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d58c04949e043f62021-12-21 10:46:58.223root 11241100x8000000000000000424962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d26928be81c90e6a2021-12-21 10:46:58.223root 11241100x8000000000000000424963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.121255c4da21a3f62021-12-21 10:46:58.224root 11241100x8000000000000000424964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5ea25c9b1ebe6612021-12-21 10:46:58.224root 11241100x8000000000000000424965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27cc82b61a3ef5352021-12-21 10:46:58.224root 11241100x8000000000000000424966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.303817110c018b542021-12-21 10:46:58.224root 11241100x8000000000000000424967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.520cbff22ad618d22021-12-21 10:46:58.224root 11241100x8000000000000000424968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca8eb9d85a6e176c2021-12-21 10:46:58.224root 11241100x8000000000000000424969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f9677b9f3da379d2021-12-21 10:46:58.694root 11241100x8000000000000000424970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ab4fa5d4a7b76e2021-12-21 10:46:58.694root 11241100x8000000000000000424971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f28c754610cb57e2021-12-21 10:46:58.694root 11241100x8000000000000000424972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4970df81b90746ee2021-12-21 10:46:58.694root 11241100x8000000000000000424973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30f325915824b51d2021-12-21 10:46:58.694root 11241100x8000000000000000424974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c316e4805b4699a2021-12-21 10:46:58.694root 11241100x8000000000000000424975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.033a81e5394ba8942021-12-21 10:46:58.694root 11241100x8000000000000000424976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b87d18acaa83d1082021-12-21 10:46:58.694root 11241100x8000000000000000424977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4259f77a299b7c0e2021-12-21 10:46:58.694root 11241100x8000000000000000424978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15005fe457ff1af32021-12-21 10:46:58.695root 11241100x8000000000000000424979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de9776dedb1c8d1b2021-12-21 10:46:58.695root 11241100x8000000000000000424980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.229b29f16d2811e52021-12-21 10:46:58.695root 11241100x8000000000000000424981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47fe656ec0fe6f982021-12-21 10:46:58.695root 11241100x8000000000000000424982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e636cc1b341d2952021-12-21 10:46:58.695root 11241100x8000000000000000424983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22fd43927485a16f2021-12-21 10:46:58.695root 11241100x8000000000000000424984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9be8b6cc29cfb67c2021-12-21 10:46:58.695root 11241100x8000000000000000424985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f998b1f8d55a49e2021-12-21 10:46:58.695root 11241100x8000000000000000424986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75687bc8eeaa27fc2021-12-21 10:46:58.695root 11241100x8000000000000000424987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621f88414c7d2d402021-12-21 10:46:58.695root 11241100x8000000000000000424988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c36bdb14f364b5e2021-12-21 10:46:58.695root 11241100x8000000000000000424989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e9b6ce711f65f82021-12-21 10:46:58.695root 11241100x8000000000000000424990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3a61351aca8371b2021-12-21 10:46:58.695root 11241100x8000000000000000424991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc9d79d1925648a52021-12-21 10:46:58.695root 11241100x8000000000000000424992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c339f34bad5c3dac2021-12-21 10:46:58.695root 11241100x8000000000000000424993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d94761eab93ccd1c2021-12-21 10:46:58.696root 11241100x8000000000000000424994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdcde3070b3e57cd2021-12-21 10:46:58.696root 11241100x8000000000000000424995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f5e8e09f96e23e2021-12-21 10:46:58.696root 11241100x8000000000000000424996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e9479099d55a7f72021-12-21 10:46:58.696root 11241100x8000000000000000424997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5541ab01906dbe72021-12-21 10:46:58.696root 11241100x8000000000000000424998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.317556b6b075f5032021-12-21 10:46:58.696root 11241100x8000000000000000424999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d20fc701b4193a2021-12-21 10:46:58.696root 11241100x8000000000000000425000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b1010caf27aca792021-12-21 10:46:58.696root 11241100x8000000000000000425001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adbe31186f19291f2021-12-21 10:46:58.696root 11241100x8000000000000000425002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d998942f3fe9e91c2021-12-21 10:46:58.696root 11241100x8000000000000000425003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c81e75c2c98503d2021-12-21 10:46:58.696root 11241100x8000000000000000425004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:58.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d2823e80c189842021-12-21 10:46:58.696root 11241100x8000000000000000425005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c75e9ebb2fd2a45b2021-12-21 10:46:59.193root 11241100x8000000000000000425006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e2ee30f2e7ff4d2021-12-21 10:46:59.193root 11241100x8000000000000000425007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e71eecc2aa3209242021-12-21 10:46:59.193root 11241100x8000000000000000425008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e0138c6f9a6dc52021-12-21 10:46:59.193root 11241100x8000000000000000425009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e3f6f10b9d98e32021-12-21 10:46:59.193root 11241100x8000000000000000425010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca3b37a4b55160362021-12-21 10:46:59.193root 11241100x8000000000000000425011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b9dedef02e2dfa52021-12-21 10:46:59.193root 11241100x8000000000000000425012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c732a931161ec91a2021-12-21 10:46:59.193root 11241100x8000000000000000425013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e3962e6f97bd6fb2021-12-21 10:46:59.193root 11241100x8000000000000000425014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6444fb2a76176c3d2021-12-21 10:46:59.193root 11241100x8000000000000000425015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f95f63e51cde3492021-12-21 10:46:59.193root 11241100x8000000000000000425016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb2bdb5df0d5eaa12021-12-21 10:46:59.193root 11241100x8000000000000000425017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd9f0e1de121c56d2021-12-21 10:46:59.193root 11241100x8000000000000000425018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f239d8e61bdd6bf72021-12-21 10:46:59.193root 11241100x8000000000000000425019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e628fa7888849bdb2021-12-21 10:46:59.194root 11241100x8000000000000000425020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88b69d9c91dc65c2021-12-21 10:46:59.194root 11241100x8000000000000000425021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1b36273ec98cde92021-12-21 10:46:59.194root 11241100x8000000000000000425022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.174dca6152886dbd2021-12-21 10:46:59.194root 11241100x8000000000000000425023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08bac299b73e4d5a2021-12-21 10:46:59.194root 11241100x8000000000000000425024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb54c767b267da12021-12-21 10:46:59.194root 11241100x8000000000000000425025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2023fa06ce029c32021-12-21 10:46:59.194root 11241100x8000000000000000425026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c1b9177b89ce50a2021-12-21 10:46:59.194root 11241100x8000000000000000425027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6ad7918c62775182021-12-21 10:46:59.194root 11241100x8000000000000000425028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.554af1f7518e6e5c2021-12-21 10:46:59.194root 11241100x8000000000000000425029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70bc40227b2d37f12021-12-21 10:46:59.194root 11241100x8000000000000000425030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c98608ef22186672021-12-21 10:46:59.194root 11241100x8000000000000000425031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a1adc0d133cf2e2021-12-21 10:46:59.194root 11241100x8000000000000000425032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccda589f20bcac202021-12-21 10:46:59.194root 11241100x8000000000000000425033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98bf3c4321c3f57f2021-12-21 10:46:59.195root 11241100x8000000000000000425034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d919a697700d6b9b2021-12-21 10:46:59.195root 11241100x8000000000000000425035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b946b04a61aba2f2021-12-21 10:46:59.195root 11241100x8000000000000000425036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f3aef0d90721c4e2021-12-21 10:46:59.195root 11241100x8000000000000000425037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fce4d18b6e0b29cb2021-12-21 10:46:59.195root 11241100x8000000000000000425038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd116496b85090e2021-12-21 10:46:59.195root 11241100x8000000000000000425039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.226b19e9982829512021-12-21 10:46:59.195root 11241100x8000000000000000425040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0913957353498f052021-12-21 10:46:59.195root 11241100x8000000000000000425041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82e2fa7d59803402021-12-21 10:46:59.195root 11241100x8000000000000000425042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.929df5ea6b4e98bd2021-12-21 10:46:59.195root 11241100x8000000000000000425043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60901d1613736a1f2021-12-21 10:46:59.195root 11241100x8000000000000000425044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e95ffe8c4a8603c2021-12-21 10:46:59.196root 11241100x8000000000000000425045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e65495eef406ff2021-12-21 10:46:59.196root 11241100x8000000000000000425046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d03708371a6f6432021-12-21 10:46:59.196root 11241100x8000000000000000425047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00250bbc77b7afac2021-12-21 10:46:59.196root 11241100x8000000000000000425048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.955d5737b47c5db02021-12-21 10:46:59.196root 11241100x8000000000000000425049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.686852bba6811a282021-12-21 10:46:59.196root 11241100x8000000000000000425050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ece34883e58f6def2021-12-21 10:46:59.196root 11241100x8000000000000000425051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.765ca2acf972b83c2021-12-21 10:46:59.196root 11241100x8000000000000000425052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bde6740b8ebc6a752021-12-21 10:46:59.196root 11241100x8000000000000000425053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31cb9c4fdb7a4fa22021-12-21 10:46:59.196root 11241100x8000000000000000425054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7802af1e5274bb02021-12-21 10:46:59.196root 11241100x8000000000000000425055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.425fc3b480a617752021-12-21 10:46:59.197root 11241100x8000000000000000425056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.909cbf161d5b47b72021-12-21 10:46:59.197root 11241100x8000000000000000425057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.772127877da8fa642021-12-21 10:46:59.197root 11241100x8000000000000000425058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.793a2313fa2206342021-12-21 10:46:59.197root 11241100x8000000000000000425059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0995798fa07b37af2021-12-21 10:46:59.197root 11241100x8000000000000000425060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79fe7a02e118a9c82021-12-21 10:46:59.198root 11241100x8000000000000000425061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.512995e75427b76f2021-12-21 10:46:59.198root 11241100x8000000000000000425062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c6ca2c0560320802021-12-21 10:46:59.198root 11241100x8000000000000000425063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.099d9642055677c22021-12-21 10:46:59.694root 11241100x8000000000000000425064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65242ad81355e6802021-12-21 10:46:59.694root 11241100x8000000000000000425065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc4807c29081b9e22021-12-21 10:46:59.694root 11241100x8000000000000000425066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40270eadb06696c62021-12-21 10:46:59.694root 11241100x8000000000000000425067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a210c8072bca612021-12-21 10:46:59.694root 11241100x8000000000000000425068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9be4ff3e8ea858002021-12-21 10:46:59.695root 11241100x8000000000000000425069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bb5c2c665359d822021-12-21 10:46:59.695root 11241100x8000000000000000425070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3243df85b552b182021-12-21 10:46:59.695root 11241100x8000000000000000425071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a060a1397c4ee5e2021-12-21 10:46:59.695root 11241100x8000000000000000425072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.577f4abc36b175bf2021-12-21 10:46:59.695root 11241100x8000000000000000425073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.027054d755da31002021-12-21 10:46:59.695root 11241100x8000000000000000425074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e1eff26395d12a12021-12-21 10:46:59.695root 11241100x8000000000000000425075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adaceb8eceb8f7122021-12-21 10:46:59.695root 11241100x8000000000000000425076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dda1813a3103ed432021-12-21 10:46:59.695root 11241100x8000000000000000425077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ee8cfc017076eba2021-12-21 10:46:59.695root 11241100x8000000000000000425078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd9677abf7e24e712021-12-21 10:46:59.696root 11241100x8000000000000000425079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49b21e9b0c1641f42021-12-21 10:46:59.696root 11241100x8000000000000000425080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3068e9d7979dfbdb2021-12-21 10:46:59.696root 11241100x8000000000000000425081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b65a149744d55b692021-12-21 10:46:59.696root 11241100x8000000000000000425082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8162ef4f2e09b792021-12-21 10:46:59.696root 11241100x8000000000000000425083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa7234bcae3f31b32021-12-21 10:46:59.696root 11241100x8000000000000000425084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5784cda5308ffe592021-12-21 10:46:59.697root 11241100x8000000000000000425085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08259161d98337c2021-12-21 10:46:59.697root 11241100x8000000000000000425086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888d5e9257f43b792021-12-21 10:46:59.697root 11241100x8000000000000000425087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fcf289c0d011c982021-12-21 10:46:59.697root 11241100x8000000000000000425088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e6c48144ce5a28d2021-12-21 10:46:59.697root 11241100x8000000000000000425089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a9ba733f4c35a2b2021-12-21 10:46:59.697root 11241100x8000000000000000425090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc86bb620b873dd2021-12-21 10:46:59.697root 11241100x8000000000000000425091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267c04c9d3cdde9f2021-12-21 10:46:59.697root 11241100x8000000000000000425092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faff8330c8f6430f2021-12-21 10:46:59.697root 11241100x8000000000000000425093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e52691d48dc7a82021-12-21 10:46:59.697root 11241100x8000000000000000425094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9429289402ef9c0e2021-12-21 10:46:59.697root 11241100x8000000000000000425095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a76e29eb781203e2021-12-21 10:46:59.697root 11241100x8000000000000000425096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.282f1e3307ba36ac2021-12-21 10:46:59.698root 11241100x8000000000000000425097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c0d167763ffd542021-12-21 10:46:59.698root 11241100x8000000000000000425098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:46:59.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.605118cc372641562021-12-21 10:46:59.698root 11241100x8000000000000000425099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da9432cc54e4d3b2021-12-21 10:47:00.194root 11241100x8000000000000000425100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f228556f714d922021-12-21 10:47:00.194root 11241100x8000000000000000425101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.803b73f6f7a5aa532021-12-21 10:47:00.194root 11241100x8000000000000000425102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e93213717db06db2021-12-21 10:47:00.194root 11241100x8000000000000000425103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d1839b398e6cbb2021-12-21 10:47:00.194root 11241100x8000000000000000425104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.733042defc719c6c2021-12-21 10:47:00.194root 11241100x8000000000000000425105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22551a0bf2f66bc42021-12-21 10:47:00.194root 11241100x8000000000000000425106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9686e6b3e422910b2021-12-21 10:47:00.194root 11241100x8000000000000000425107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2dc7f2388c7f3cd2021-12-21 10:47:00.195root 11241100x8000000000000000425108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e647e73392cad7c2021-12-21 10:47:00.195root 11241100x8000000000000000425109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9aa1cbfc009e9f92021-12-21 10:47:00.195root 11241100x8000000000000000425110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6e6fd2e46314d22021-12-21 10:47:00.195root 11241100x8000000000000000425111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2345f5cbe648f3c2021-12-21 10:47:00.195root 11241100x8000000000000000425112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.503d7c0d1c883d892021-12-21 10:47:00.195root 11241100x8000000000000000425113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.072e941327dfa6172021-12-21 10:47:00.195root 11241100x8000000000000000425114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc47fe664e4980a2021-12-21 10:47:00.195root 11241100x8000000000000000425115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e3d15f432268b232021-12-21 10:47:00.195root 11241100x8000000000000000425116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f70106ed57025f02021-12-21 10:47:00.195root 11241100x8000000000000000425117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f8fdaa81870e212021-12-21 10:47:00.195root 11241100x8000000000000000425118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d641cf0eb3ae18132021-12-21 10:47:00.196root 11241100x8000000000000000425119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4544bf76c5663ed52021-12-21 10:47:00.196root 11241100x8000000000000000425120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35fb9e2c7cfa80ca2021-12-21 10:47:00.196root 11241100x8000000000000000425121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b728acfc5b2b85752021-12-21 10:47:00.196root 11241100x8000000000000000425122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f328d07fa181252021-12-21 10:47:00.196root 11241100x8000000000000000425123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df50e42aba2284192021-12-21 10:47:00.196root 11241100x8000000000000000425124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c91a80ed59ca809f2021-12-21 10:47:00.196root 11241100x8000000000000000425125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdd4ab74ebaf72fd2021-12-21 10:47:00.196root 11241100x8000000000000000425126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.771da955adc76c022021-12-21 10:47:00.196root 11241100x8000000000000000425127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7250982771e3c972021-12-21 10:47:00.196root 11241100x8000000000000000425128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7950c3f914a49c702021-12-21 10:47:00.197root 11241100x8000000000000000425129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.774ffa8b4c2fb7172021-12-21 10:47:00.197root 11241100x8000000000000000425130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f0b24e9a1dac782021-12-21 10:47:00.197root 11241100x8000000000000000425131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eba62066beec3dfd2021-12-21 10:47:00.197root 11241100x8000000000000000425132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d51e88a2f7dd0362021-12-21 10:47:00.197root 11241100x8000000000000000425133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ac2cdb399f48be2021-12-21 10:47:00.197root 11241100x8000000000000000425134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0278a67bd2c8cd52021-12-21 10:47:00.197root 11241100x8000000000000000425135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b3befb0822824482021-12-21 10:47:00.694root 11241100x8000000000000000425136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4f9b7b8e0272fe2021-12-21 10:47:00.694root 11241100x8000000000000000425137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f5b8ea679388282021-12-21 10:47:00.694root 11241100x8000000000000000425138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db683517330eb6ce2021-12-21 10:47:00.694root 11241100x8000000000000000425139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a70e5f3dbed09b422021-12-21 10:47:00.694root 11241100x8000000000000000425140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb93b0abf94a7192021-12-21 10:47:00.694root 11241100x8000000000000000425141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dadcb6e2053a86322021-12-21 10:47:00.694root 11241100x8000000000000000425142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fca0dc186db24922021-12-21 10:47:00.694root 11241100x8000000000000000425143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.518557ccc7c2db202021-12-21 10:47:00.695root 11241100x8000000000000000425144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a6930a76cc3a0472021-12-21 10:47:00.695root 11241100x8000000000000000425145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0f9f60b4df642472021-12-21 10:47:00.695root 11241100x8000000000000000425146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c2eeddd1bd982c72021-12-21 10:47:00.695root 11241100x8000000000000000425147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba99d7d857662c5a2021-12-21 10:47:00.695root 11241100x8000000000000000425148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409f9f57fdf9423d2021-12-21 10:47:00.695root 11241100x8000000000000000425149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd8ad060b89cc6492021-12-21 10:47:00.695root 11241100x8000000000000000425150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd20bdbe4e474ba2021-12-21 10:47:00.696root 11241100x8000000000000000425151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d51b3688a425a32021-12-21 10:47:00.696root 11241100x8000000000000000425152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.085dbd8d3be0dc9a2021-12-21 10:47:00.696root 11241100x8000000000000000425153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233869a9d7738d4b2021-12-21 10:47:00.696root 11241100x8000000000000000425154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d1a85ed04838ce02021-12-21 10:47:00.696root 11241100x8000000000000000425155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c136acf5327baa8b2021-12-21 10:47:00.696root 11241100x8000000000000000425156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c67fb3f27c0198452021-12-21 10:47:00.696root 11241100x8000000000000000425157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ab8e269aa5796092021-12-21 10:47:00.696root 11241100x8000000000000000425158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f711a864f081d9f2021-12-21 10:47:00.697root 11241100x8000000000000000425159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0273c72951f513312021-12-21 10:47:00.697root 11241100x8000000000000000425160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24a49932da84fc8b2021-12-21 10:47:00.697root 11241100x8000000000000000425161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.314fd37eafc0f4892021-12-21 10:47:00.697root 11241100x8000000000000000425162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ca45c0be91c95d2021-12-21 10:47:00.697root 11241100x8000000000000000425163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79efb63b780e7e042021-12-21 10:47:00.697root 11241100x8000000000000000425164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97082314e72ac2f92021-12-21 10:47:00.697root 11241100x8000000000000000425165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.142c14a5f9745c692021-12-21 10:47:00.697root 11241100x8000000000000000425166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39a3f223e722c3532021-12-21 10:47:00.698root 11241100x8000000000000000425167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4854f53162fc38d2021-12-21 10:47:00.698root 11241100x8000000000000000425168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.312ccb11e4aa04e32021-12-21 10:47:00.698root 11241100x8000000000000000425169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f6a17679170c5a2021-12-21 10:47:00.698root 11241100x8000000000000000425170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:00.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d60343a90729a6e2021-12-21 10:47:00.698root 11241100x8000000000000000425171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.279e6af3a8e76c122021-12-21 10:47:01.194root 11241100x8000000000000000425172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b20dd0d1d1ed4bb2021-12-21 10:47:01.194root 11241100x8000000000000000425173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae89b7a7496a6452021-12-21 10:47:01.194root 11241100x8000000000000000425174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9fd33bd1ff438232021-12-21 10:47:01.194root 11241100x8000000000000000425175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45e0b05fc47adbd2021-12-21 10:47:01.194root 11241100x8000000000000000425176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c2e31c6146a6802021-12-21 10:47:01.194root 11241100x8000000000000000425177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d053df19e151c68d2021-12-21 10:47:01.194root 11241100x8000000000000000425178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea86bf9aca3b8962021-12-21 10:47:01.194root 11241100x8000000000000000425179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b07e00695c7b61792021-12-21 10:47:01.194root 11241100x8000000000000000425180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d03e9dd687aa106e2021-12-21 10:47:01.194root 11241100x8000000000000000425181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f8356f7063148eb2021-12-21 10:47:01.195root 11241100x8000000000000000425182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8310a4bfc15ea5c52021-12-21 10:47:01.195root 11241100x8000000000000000425183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf262551c2822b252021-12-21 10:47:01.195root 11241100x8000000000000000425184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d77563cfebc21e2021-12-21 10:47:01.195root 11241100x8000000000000000425185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.656df97e789f16822021-12-21 10:47:01.195root 11241100x8000000000000000425186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41357df92cdab0db2021-12-21 10:47:01.195root 11241100x8000000000000000425187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec4b79816392aee2021-12-21 10:47:01.195root 11241100x8000000000000000425188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da4baa6a52254d322021-12-21 10:47:01.195root 11241100x8000000000000000425189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d076aa1d48d60fb2021-12-21 10:47:01.195root 11241100x8000000000000000425190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a458b9d3d5bf1c3a2021-12-21 10:47:01.195root 11241100x8000000000000000425191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a8cb720e58952862021-12-21 10:47:01.195root 11241100x8000000000000000425192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f2714059d9dc102021-12-21 10:47:01.195root 11241100x8000000000000000425193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47dd593a8b60467e2021-12-21 10:47:01.195root 11241100x8000000000000000425194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bcedb94452ab1192021-12-21 10:47:01.195root 11241100x8000000000000000425195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8571cd51e9ff2e132021-12-21 10:47:01.195root 11241100x8000000000000000425196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4be94943d8e47292021-12-21 10:47:01.196root 11241100x8000000000000000425197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72caa3dd00f2f25d2021-12-21 10:47:01.196root 11241100x8000000000000000425198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a1a4636522aa932021-12-21 10:47:01.196root 11241100x8000000000000000425199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c458e7f7695c81742021-12-21 10:47:01.196root 11241100x8000000000000000425200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e67b61a9fea39c02021-12-21 10:47:01.196root 11241100x8000000000000000425201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.459ebb2401db94362021-12-21 10:47:01.196root 11241100x8000000000000000425202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1922f2a39dcc08402021-12-21 10:47:01.196root 11241100x8000000000000000425203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37349ac0716a98ad2021-12-21 10:47:01.196root 11241100x8000000000000000425204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8004a49629051362021-12-21 10:47:01.196root 11241100x8000000000000000425205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.361aa15a2a89cb892021-12-21 10:47:01.196root 11241100x8000000000000000425206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb98dcd6bb6b9272021-12-21 10:47:01.196root 11241100x8000000000000000425207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c6dc692c950705f2021-12-21 10:47:01.694root 11241100x8000000000000000425208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f6aa30888ac0c2f2021-12-21 10:47:01.694root 11241100x8000000000000000425209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c06d81ecd861c82021-12-21 10:47:01.694root 11241100x8000000000000000425210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6237f12cd097d8072021-12-21 10:47:01.694root 11241100x8000000000000000425211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a78095b380c3c8b22021-12-21 10:47:01.694root 11241100x8000000000000000425212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc7475740039c2802021-12-21 10:47:01.695root 11241100x8000000000000000425213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ae986271989ee62021-12-21 10:47:01.695root 11241100x8000000000000000425214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5baaa72a310b25d72021-12-21 10:47:01.695root 11241100x8000000000000000425215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa93b76e9ac108cf2021-12-21 10:47:01.695root 11241100x8000000000000000425216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58f6bf70eb3015172021-12-21 10:47:01.696root 11241100x8000000000000000425217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c83cfad975df5bb62021-12-21 10:47:01.696root 11241100x8000000000000000425218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0370128a1eaeccd12021-12-21 10:47:01.696root 11241100x8000000000000000425219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c386a1bd2974c3f2021-12-21 10:47:01.696root 11241100x8000000000000000425220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff6dc782bacca31f2021-12-21 10:47:01.696root 11241100x8000000000000000425221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb9b7309ccd940d32021-12-21 10:47:01.697root 11241100x8000000000000000425222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ddfba0329f0e842021-12-21 10:47:01.697root 11241100x8000000000000000425223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c678a3ce8e15d72021-12-21 10:47:01.697root 11241100x8000000000000000425224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecc641d59be045862021-12-21 10:47:01.697root 11241100x8000000000000000425225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5265302350ab6a792021-12-21 10:47:01.697root 11241100x8000000000000000425226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6fb204ed7fa4aad2021-12-21 10:47:01.698root 11241100x8000000000000000425227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbfb4c0003d3fa462021-12-21 10:47:01.698root 11241100x8000000000000000425228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e642c553a37ada2021-12-21 10:47:01.698root 11241100x8000000000000000425229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b46c25660885c4aa2021-12-21 10:47:01.698root 11241100x8000000000000000425230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.697bf46471b13c0a2021-12-21 10:47:01.699root 11241100x8000000000000000425231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c810c61f73654cc82021-12-21 10:47:01.699root 11241100x8000000000000000425232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6af31df322165a02021-12-21 10:47:01.699root 11241100x8000000000000000425233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.352512b85217e2bc2021-12-21 10:47:01.699root 11241100x8000000000000000425234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fac0796a9dca5f512021-12-21 10:47:01.699root 11241100x8000000000000000425235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b19dac935b85b09a2021-12-21 10:47:01.699root 11241100x8000000000000000425236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd677ab228015172021-12-21 10:47:01.700root 11241100x8000000000000000425237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eecd7d621468664f2021-12-21 10:47:01.700root 11241100x8000000000000000425238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b4630ed5ee1f6e2021-12-21 10:47:01.701root 11241100x8000000000000000425239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.532440e163a8c8c22021-12-21 10:47:01.701root 11241100x8000000000000000425240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa944341773aa16c2021-12-21 10:47:01.701root 11241100x8000000000000000425241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.316586ad21813fba2021-12-21 10:47:01.701root 11241100x8000000000000000425242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:01.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e516ee1e05f6944d2021-12-21 10:47:01.701root 11241100x8000000000000000425243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f587edccde93f4f2021-12-21 10:47:02.194root 11241100x8000000000000000425244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f3d4cdd31b40872021-12-21 10:47:02.194root 11241100x8000000000000000425245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c6204519a93b85e2021-12-21 10:47:02.194root 11241100x8000000000000000425246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9018f1f31f07fe302021-12-21 10:47:02.194root 11241100x8000000000000000425247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55014190d19fade32021-12-21 10:47:02.194root 11241100x8000000000000000425248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b101a9d47abc43d2021-12-21 10:47:02.194root 11241100x8000000000000000425249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7994d95523ebcfd92021-12-21 10:47:02.194root 11241100x8000000000000000425250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ae3c2ccb506a6622021-12-21 10:47:02.194root 11241100x8000000000000000425251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6518568e0bf0fee92021-12-21 10:47:02.194root 11241100x8000000000000000425252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d62bb62387071bc22021-12-21 10:47:02.195root 11241100x8000000000000000425253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e33fd868e0701f2021-12-21 10:47:02.195root 11241100x8000000000000000425254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ebed17d7c3ad022021-12-21 10:47:02.195root 11241100x8000000000000000425255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d1a2e986c6c8eeb2021-12-21 10:47:02.195root 11241100x8000000000000000425256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a83599669cde67722021-12-21 10:47:02.195root 11241100x8000000000000000425257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b9ef314ef6b04b2021-12-21 10:47:02.195root 11241100x8000000000000000425258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e46bc3cd0b447c22021-12-21 10:47:02.195root 11241100x8000000000000000425259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0892ca86a822d92b2021-12-21 10:47:02.195root 11241100x8000000000000000425260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61f67fa85bd691232021-12-21 10:47:02.195root 11241100x8000000000000000425261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02e8ae5f5509b6df2021-12-21 10:47:02.195root 11241100x8000000000000000425262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d41a23c14aaa76682021-12-21 10:47:02.195root 11241100x8000000000000000425263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d307627791f85652021-12-21 10:47:02.196root 11241100x8000000000000000425264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f294f3e4267a2302021-12-21 10:47:02.196root 11241100x8000000000000000425265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eabeffc081669362021-12-21 10:47:02.196root 11241100x8000000000000000425266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df2e32c040ff44e2021-12-21 10:47:02.196root 11241100x8000000000000000425267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab195d974a234ede2021-12-21 10:47:02.196root 11241100x8000000000000000425268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7605692bc2fb945e2021-12-21 10:47:02.196root 11241100x8000000000000000425269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b509a05a1dbe5e32021-12-21 10:47:02.196root 11241100x8000000000000000425270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1551a9c46b91d1922021-12-21 10:47:02.196root 11241100x8000000000000000425271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23967a792a54d492021-12-21 10:47:02.196root 11241100x8000000000000000425272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d56b029323fab6a2021-12-21 10:47:02.196root 11241100x8000000000000000425273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aae81d34f8b7d4a2021-12-21 10:47:02.196root 11241100x8000000000000000425274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26fdde9844b6b4dd2021-12-21 10:47:02.196root 11241100x8000000000000000425275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177b019db335c88c2021-12-21 10:47:02.196root 11241100x8000000000000000425276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3440675a0c1dccd2021-12-21 10:47:02.196root 11241100x8000000000000000425277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f449c8b29e389eb42021-12-21 10:47:02.196root 11241100x8000000000000000425278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc09a34e06949852021-12-21 10:47:02.196root 11241100x8000000000000000425279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75261dd528833f172021-12-21 10:47:02.694root 11241100x8000000000000000425280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c55c8b1dabff6eb2021-12-21 10:47:02.694root 11241100x8000000000000000425281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f8d335d690390662021-12-21 10:47:02.694root 11241100x8000000000000000425282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2367727eb9d6f7e2021-12-21 10:47:02.694root 11241100x8000000000000000425283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea3db6f709fa50362021-12-21 10:47:02.694root 11241100x8000000000000000425284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd0fbf1126a8585f2021-12-21 10:47:02.694root 11241100x8000000000000000425285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3afd72056114508e2021-12-21 10:47:02.694root 11241100x8000000000000000425286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50efbe5ec55e5dfa2021-12-21 10:47:02.695root 11241100x8000000000000000425287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b1a4a95dd3588db2021-12-21 10:47:02.695root 11241100x8000000000000000425288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f849456fd921fd2021-12-21 10:47:02.695root 11241100x8000000000000000425289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08684f5795975a462021-12-21 10:47:02.695root 11241100x8000000000000000425290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36ea85b3d944ee582021-12-21 10:47:02.695root 11241100x8000000000000000425291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa855979978c14d92021-12-21 10:47:02.695root 11241100x8000000000000000425292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c16ad540e0db412021-12-21 10:47:02.695root 11241100x8000000000000000425293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.117de5ff07d753522021-12-21 10:47:02.695root 11241100x8000000000000000425294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f4ba0d783cffa12021-12-21 10:47:02.695root 11241100x8000000000000000425295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a127d064720aa2732021-12-21 10:47:02.695root 11241100x8000000000000000425296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e95a410a89350b2021-12-21 10:47:02.695root 11241100x8000000000000000425297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9683ec163b994fb82021-12-21 10:47:02.695root 11241100x8000000000000000425298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f3343936609f5922021-12-21 10:47:02.695root 11241100x8000000000000000425299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45692def0522f2662021-12-21 10:47:02.695root 11241100x8000000000000000425300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d7983adc49413b2021-12-21 10:47:02.696root 11241100x8000000000000000425301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439fe77693eb334f2021-12-21 10:47:02.696root 11241100x8000000000000000425302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d4936fd0016cff2021-12-21 10:47:02.696root 11241100x8000000000000000425303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c1c14bc80d7d2b2021-12-21 10:47:02.696root 11241100x8000000000000000425304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fac7f6915d8f70ef2021-12-21 10:47:02.696root 11241100x8000000000000000425305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.326ce6cce2d962002021-12-21 10:47:02.696root 11241100x8000000000000000425306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a83f2ece370055bb2021-12-21 10:47:02.696root 11241100x8000000000000000425307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0446a19635a9f5962021-12-21 10:47:02.696root 11241100x8000000000000000425308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1fcf5c8c9cd32c52021-12-21 10:47:02.697root 11241100x8000000000000000425309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43edc9a1dc7148162021-12-21 10:47:02.697root 11241100x8000000000000000425310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7ceb57111163ef92021-12-21 10:47:02.697root 11241100x8000000000000000425311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d75628fda6d2b82021-12-21 10:47:02.697root 11241100x8000000000000000425312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b82f4ece8fce82f12021-12-21 10:47:02.697root 11241100x8000000000000000425313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53eb4f3b792e13de2021-12-21 10:47:02.697root 11241100x8000000000000000425314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:02.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c47ec008f987eca22021-12-21 10:47:02.697root 11241100x8000000000000000425315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b8450d9b50539b2021-12-21 10:47:03.194root 11241100x8000000000000000425316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5892185228f9b36e2021-12-21 10:47:03.194root 11241100x8000000000000000425317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2266da8773880f502021-12-21 10:47:03.194root 11241100x8000000000000000425318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fc91554731960dc2021-12-21 10:47:03.194root 11241100x8000000000000000425319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f034bf4f66db1792021-12-21 10:47:03.194root 11241100x8000000000000000425320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab8ac2477af5a502021-12-21 10:47:03.194root 11241100x8000000000000000425321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.113525a5a7dbdd762021-12-21 10:47:03.194root 11241100x8000000000000000425322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.776b4f1d1d9bbede2021-12-21 10:47:03.194root 11241100x8000000000000000425323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cfd874b38d587082021-12-21 10:47:03.194root 11241100x8000000000000000425324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b8d3d55da0eb422021-12-21 10:47:03.195root 11241100x8000000000000000425325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.964bb8ce79c5abe82021-12-21 10:47:03.195root 11241100x8000000000000000425326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62efe4549b2ccdc52021-12-21 10:47:03.195root 11241100x8000000000000000425327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.475d79842557ea0b2021-12-21 10:47:03.195root 11241100x8000000000000000425328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de836bffc57ca9f42021-12-21 10:47:03.195root 11241100x8000000000000000425329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efd37388fdd30edf2021-12-21 10:47:03.195root 11241100x8000000000000000425330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb1912420f86b1702021-12-21 10:47:03.195root 11241100x8000000000000000425331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6343a64a9cd0aa642021-12-21 10:47:03.195root 11241100x8000000000000000425332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9469377faf125f672021-12-21 10:47:03.195root 11241100x8000000000000000425333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abe397e81f6b98252021-12-21 10:47:03.195root 11241100x8000000000000000425334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.769cbc2c8b34e1f52021-12-21 10:47:03.195root 11241100x8000000000000000425335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08f06f10467a84a42021-12-21 10:47:03.195root 11241100x8000000000000000425336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72bf00eb98fdbee22021-12-21 10:47:03.195root 11241100x8000000000000000425337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baba55df7ef038ae2021-12-21 10:47:03.195root 11241100x8000000000000000425338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a82a1ab96ed7272021-12-21 10:47:03.195root 11241100x8000000000000000425339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82dfb487c4f98d1b2021-12-21 10:47:03.196root 11241100x8000000000000000425340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e93a8aaca535a1132021-12-21 10:47:03.196root 11241100x8000000000000000425341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4624d6292eb7257f2021-12-21 10:47:03.196root 11241100x8000000000000000425342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d13b7bcb99840fe32021-12-21 10:47:03.196root 11241100x8000000000000000425343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc607693f37d36b2021-12-21 10:47:03.196root 11241100x8000000000000000425344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a638f1dce30a2382021-12-21 10:47:03.196root 11241100x8000000000000000425345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab5218e040cdc0b2021-12-21 10:47:03.196root 11241100x8000000000000000425346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888e3ffe1e7cadcf2021-12-21 10:47:03.196root 11241100x8000000000000000425347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7798cc910f8b83932021-12-21 10:47:03.196root 11241100x8000000000000000425348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.908af1155915179b2021-12-21 10:47:03.196root 11241100x8000000000000000425349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a02927705768f442021-12-21 10:47:03.196root 11241100x8000000000000000425350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6a4098638c1aa2b2021-12-21 10:47:03.196root 11241100x8000000000000000425351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbeac92dfe6222182021-12-21 10:47:03.694root 11241100x8000000000000000425352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7cfd832ee2696572021-12-21 10:47:03.694root 11241100x8000000000000000425353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87db5efb52f07f202021-12-21 10:47:03.694root 11241100x8000000000000000425354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe2fca03e61efcfd2021-12-21 10:47:03.694root 11241100x8000000000000000425355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84825770e941953c2021-12-21 10:47:03.694root 11241100x8000000000000000425356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d97d02d7a815af22021-12-21 10:47:03.694root 11241100x8000000000000000425357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf12e1cbae4076af2021-12-21 10:47:03.694root 11241100x8000000000000000425358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5faba027d673924e2021-12-21 10:47:03.695root 11241100x8000000000000000425359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0c48f07a62d87822021-12-21 10:47:03.695root 11241100x8000000000000000425360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f500554d751854012021-12-21 10:47:03.695root 11241100x8000000000000000425361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e36742417e466d2021-12-21 10:47:03.695root 11241100x8000000000000000425362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00db251efd08c6672021-12-21 10:47:03.695root 11241100x8000000000000000425363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d7bfa2ee4905f62021-12-21 10:47:03.695root 11241100x8000000000000000425364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a051d287bf093fdc2021-12-21 10:47:03.695root 11241100x8000000000000000425365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.032e1611b38fc5da2021-12-21 10:47:03.695root 11241100x8000000000000000425366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04dd4545f76decdd2021-12-21 10:47:03.695root 11241100x8000000000000000425367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b0c93e182e54de2021-12-21 10:47:03.695root 11241100x8000000000000000425368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d2f8b514ab5e7162021-12-21 10:47:03.695root 11241100x8000000000000000425369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac0e313eff4f5cc2021-12-21 10:47:03.695root 11241100x8000000000000000425370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9a01d5c4cee1c02021-12-21 10:47:03.695root 11241100x8000000000000000425371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc344bf8c983a3ec2021-12-21 10:47:03.695root 11241100x8000000000000000425372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b933e27cee6fdb12021-12-21 10:47:03.695root 11241100x8000000000000000425373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d338afa830f587a2021-12-21 10:47:03.696root 11241100x8000000000000000425374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b30b00742d20ae212021-12-21 10:47:03.696root 11241100x8000000000000000425375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0de436b366402792021-12-21 10:47:03.696root 11241100x8000000000000000425376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42018c9ad6a63d9d2021-12-21 10:47:03.696root 11241100x8000000000000000425377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d2b06b0ff0c777c2021-12-21 10:47:03.696root 11241100x8000000000000000425378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.308c9bcc5a14582a2021-12-21 10:47:03.696root 11241100x8000000000000000425379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e3b4d9e104f48c2021-12-21 10:47:03.696root 11241100x8000000000000000425380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc2c97076df68732021-12-21 10:47:03.696root 11241100x8000000000000000425381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03ec639742070b72021-12-21 10:47:03.696root 11241100x8000000000000000425382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25975aeabc2db9b2021-12-21 10:47:03.696root 11241100x8000000000000000425383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.528bbb5f785845b62021-12-21 10:47:03.696root 11241100x8000000000000000425384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0711293c2e4d4b032021-12-21 10:47:03.696root 11241100x8000000000000000425385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc7a53d826aae5632021-12-21 10:47:03.696root 11241100x8000000000000000425386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:03.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa813c643863b5bb2021-12-21 10:47:03.696root 11241100x8000000000000000425387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b28876947974b4cf2021-12-21 10:47:04.194root 11241100x8000000000000000425388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14597cfd70b6b3af2021-12-21 10:47:04.194root 11241100x8000000000000000425389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f723fcc11cd68e112021-12-21 10:47:04.194root 11241100x8000000000000000425390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06ddff4827c5f23b2021-12-21 10:47:04.194root 11241100x8000000000000000425391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b4f068a4255b5132021-12-21 10:47:04.194root 11241100x8000000000000000425392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4630fb88933b329c2021-12-21 10:47:04.194root 11241100x8000000000000000425393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce01dd9cb70785642021-12-21 10:47:04.194root 11241100x8000000000000000425394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ed81535e20494092021-12-21 10:47:04.194root 11241100x8000000000000000425395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cfa040f47a248c62021-12-21 10:47:04.195root 11241100x8000000000000000425396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.588ecf5bbe63492a2021-12-21 10:47:04.195root 11241100x8000000000000000425397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.315146c70649cc1b2021-12-21 10:47:04.195root 11241100x8000000000000000425398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eb2af6be52cac052021-12-21 10:47:04.195root 11241100x8000000000000000425399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f985d78fe3276932021-12-21 10:47:04.195root 11241100x8000000000000000425400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38c39d0de2d94e742021-12-21 10:47:04.195root 11241100x8000000000000000425401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.089f377ce8a30c752021-12-21 10:47:04.195root 11241100x8000000000000000425402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c00ca2ad940454502021-12-21 10:47:04.195root 11241100x8000000000000000425403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b709d82279e4c1e92021-12-21 10:47:04.195root 11241100x8000000000000000425404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c90b5a5cebba12422021-12-21 10:47:04.195root 11241100x8000000000000000425405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3023e210f842cb602021-12-21 10:47:04.195root 11241100x8000000000000000425406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f029bba1e63c50892021-12-21 10:47:04.195root 11241100x8000000000000000425407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9edf98655cb95ba52021-12-21 10:47:04.196root 11241100x8000000000000000425408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98dc9f1483fe9b4a2021-12-21 10:47:04.196root 11241100x8000000000000000425409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b795e920db4da92021-12-21 10:47:04.196root 11241100x8000000000000000425410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.620472e8ee36581a2021-12-21 10:47:04.196root 11241100x8000000000000000425411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a628c5adb399ba632021-12-21 10:47:04.196root 11241100x8000000000000000425412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b483b4d90793f392021-12-21 10:47:04.196root 11241100x8000000000000000425413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c184eb0130dfdbfb2021-12-21 10:47:04.196root 11241100x8000000000000000425414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6ee8091e3d10bea2021-12-21 10:47:04.196root 11241100x8000000000000000425415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.317b6349e2b8a3f42021-12-21 10:47:04.196root 11241100x8000000000000000425416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb53af319c74a202021-12-21 10:47:04.196root 11241100x8000000000000000425417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a0d53336a16b0d42021-12-21 10:47:04.196root 11241100x8000000000000000425418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a79886d53cc6362021-12-21 10:47:04.196root 11241100x8000000000000000425419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ca686568ffe5292021-12-21 10:47:04.196root 11241100x8000000000000000425420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9f15fc5472d96892021-12-21 10:47:04.196root 11241100x8000000000000000425421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.830e4d617f9f6e622021-12-21 10:47:04.196root 11241100x8000000000000000425422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e901a94c68b874932021-12-21 10:47:04.196root 354300x8000000000000000425423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.205{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47594-false10.0.1.12-8000- 11241100x8000000000000000425424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9512cb3c0cec0bcd2021-12-21 10:47:04.694root 11241100x8000000000000000425425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c8f1f5064a15af2021-12-21 10:47:04.694root 11241100x8000000000000000425426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31168e86dfc9b0892021-12-21 10:47:04.694root 11241100x8000000000000000425427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f5946d3ed533992021-12-21 10:47:04.694root 11241100x8000000000000000425428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3632cfc6e0f69bdb2021-12-21 10:47:04.694root 11241100x8000000000000000425429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f7fef87891019b2021-12-21 10:47:04.694root 11241100x8000000000000000425430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9940ced9ee50ff42021-12-21 10:47:04.694root 11241100x8000000000000000425431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8839337183177c92021-12-21 10:47:04.695root 11241100x8000000000000000425432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89d9ac53df662bd32021-12-21 10:47:04.695root 11241100x8000000000000000425433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a6aadb2e895dd0e2021-12-21 10:47:04.695root 11241100x8000000000000000425434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3fce0e75ea2d04b2021-12-21 10:47:04.695root 11241100x8000000000000000425435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5689ae3221b75f52021-12-21 10:47:04.695root 11241100x8000000000000000425436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5048a7048a77f2dd2021-12-21 10:47:04.695root 11241100x8000000000000000425437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5008d52c5fed5e712021-12-21 10:47:04.695root 11241100x8000000000000000425438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.767bc2acfdf7590d2021-12-21 10:47:04.695root 11241100x8000000000000000425439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb2ef5e09496a832021-12-21 10:47:04.695root 11241100x8000000000000000425440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d57c9084f577f9112021-12-21 10:47:04.695root 11241100x8000000000000000425441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe0df0eaa211c93a2021-12-21 10:47:04.695root 11241100x8000000000000000425442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99cd6c79c86e03c42021-12-21 10:47:04.695root 11241100x8000000000000000425443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0313956c8588135c2021-12-21 10:47:04.695root 11241100x8000000000000000425444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.594d3b82e2678e722021-12-21 10:47:04.695root 11241100x8000000000000000425445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973cb1853506e12b2021-12-21 10:47:04.695root 11241100x8000000000000000425446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb7fa55d71f24a3d2021-12-21 10:47:04.695root 11241100x8000000000000000425447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.362657b931a9b35d2021-12-21 10:47:04.696root 11241100x8000000000000000425448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f9cc1bed739962e2021-12-21 10:47:04.696root 11241100x8000000000000000425449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c2aeae5f76f35532021-12-21 10:47:04.696root 11241100x8000000000000000425450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e972f2893a330c2021-12-21 10:47:04.696root 11241100x8000000000000000425451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c7f6a2f9c5d1c292021-12-21 10:47:04.696root 11241100x8000000000000000425452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a623e7e225cfe142021-12-21 10:47:04.696root 11241100x8000000000000000425453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e62443a8327f0e02021-12-21 10:47:04.696root 11241100x8000000000000000425454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f688310914e75ea12021-12-21 10:47:04.697root 11241100x8000000000000000425455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ae1c986e86c5fb2021-12-21 10:47:04.697root 11241100x8000000000000000425456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e984bead1cf78682021-12-21 10:47:04.697root 11241100x8000000000000000425457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cb2e1e4ec9f39982021-12-21 10:47:04.697root 11241100x8000000000000000425458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb915259ac372c152021-12-21 10:47:04.698root 11241100x8000000000000000425459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e820a8faf081c42021-12-21 10:47:04.698root 11241100x8000000000000000425460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:04.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04fda5764dd7c3ce2021-12-21 10:47:04.698root 11241100x8000000000000000425461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.669314fa913a67b12021-12-21 10:47:05.194root 11241100x8000000000000000425462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03da04fc136619d02021-12-21 10:47:05.194root 11241100x8000000000000000425463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.006f68ff51b89f3c2021-12-21 10:47:05.194root 11241100x8000000000000000425464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9282de865a324542021-12-21 10:47:05.194root 11241100x8000000000000000425465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ec7a5a0e4d03322021-12-21 10:47:05.194root 11241100x8000000000000000425466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.280539e36362f14a2021-12-21 10:47:05.194root 11241100x8000000000000000425467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecbed48cda2ab2fe2021-12-21 10:47:05.194root 11241100x8000000000000000425468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7954f1d1df1f3e2021-12-21 10:47:05.194root 11241100x8000000000000000425469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9feda7863740732021-12-21 10:47:05.194root 11241100x8000000000000000425470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae33ae5cd0d1dc72021-12-21 10:47:05.195root 11241100x8000000000000000425471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b65b711618131a32021-12-21 10:47:05.195root 11241100x8000000000000000425472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae75837ce25c85e2021-12-21 10:47:05.195root 11241100x8000000000000000425473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21abb624acb0e66d2021-12-21 10:47:05.195root 11241100x8000000000000000425474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d62877e3601d6c2021-12-21 10:47:05.195root 11241100x8000000000000000425475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f09cd478eea6fab2021-12-21 10:47:05.195root 11241100x8000000000000000425476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1b7e3b146ffbf62021-12-21 10:47:05.195root 11241100x8000000000000000425477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd2db61d01aa06f62021-12-21 10:47:05.195root 11241100x8000000000000000425478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eddfac89b8f121f2021-12-21 10:47:05.195root 11241100x8000000000000000425479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfac6b4c74cfcc3b2021-12-21 10:47:05.195root 11241100x8000000000000000425480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49eaca5de2843bc12021-12-21 10:47:05.195root 11241100x8000000000000000425481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a6e68e43f2617072021-12-21 10:47:05.195root 11241100x8000000000000000425482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbe2af4cd61aa8c32021-12-21 10:47:05.195root 11241100x8000000000000000425483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b9e866fdf360d42021-12-21 10:47:05.195root 11241100x8000000000000000425484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.648ab99d36da98372021-12-21 10:47:05.195root 11241100x8000000000000000425485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.402b7f402bc87c072021-12-21 10:47:05.196root 11241100x8000000000000000425486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0748d17298e219262021-12-21 10:47:05.196root 11241100x8000000000000000425487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf30c8e30847577c2021-12-21 10:47:05.196root 11241100x8000000000000000425488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f8c4ce93ab8b35c2021-12-21 10:47:05.196root 11241100x8000000000000000425489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.396a2ac8f03009142021-12-21 10:47:05.196root 11241100x8000000000000000425490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc0be67684d71f892021-12-21 10:47:05.196root 11241100x8000000000000000425491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c209138278c924f2021-12-21 10:47:05.196root 11241100x8000000000000000425492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c562d4e315d2952021-12-21 10:47:05.196root 11241100x8000000000000000425493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d48974aadf4590542021-12-21 10:47:05.196root 11241100x8000000000000000425494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ec34b7c84afbec2021-12-21 10:47:05.196root 11241100x8000000000000000425495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1976308058156a9e2021-12-21 10:47:05.196root 11241100x8000000000000000425496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edab6c7da6a22b522021-12-21 10:47:05.196root 11241100x8000000000000000425497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27dc4c8c744077492021-12-21 10:47:05.196root 11241100x8000000000000000425498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbed0a8d0ba49b672021-12-21 10:47:05.694root 11241100x8000000000000000425499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9876ce99afa5c0662021-12-21 10:47:05.694root 11241100x8000000000000000425500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c803adf4162ca82021-12-21 10:47:05.694root 11241100x8000000000000000425501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc1ac7f87ed4af392021-12-21 10:47:05.694root 11241100x8000000000000000425502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b15b0962887dd5e2021-12-21 10:47:05.694root 11241100x8000000000000000425503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f115d9c914e6d72021-12-21 10:47:05.694root 11241100x8000000000000000425504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f7252e9176c83d2021-12-21 10:47:05.694root 11241100x8000000000000000425505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f72011d14a5fdf2021-12-21 10:47:05.695root 11241100x8000000000000000425506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1739bb64c6f1e2692021-12-21 10:47:05.695root 11241100x8000000000000000425507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f4c5d575a3d6772021-12-21 10:47:05.695root 11241100x8000000000000000425508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d6ad9c6712e95ba2021-12-21 10:47:05.695root 11241100x8000000000000000425509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd468af9d08122342021-12-21 10:47:05.695root 11241100x8000000000000000425510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e0b3f2dcb0863832021-12-21 10:47:05.695root 11241100x8000000000000000425511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c976fb67653af4c32021-12-21 10:47:05.695root 11241100x8000000000000000425512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a508dd0818203f562021-12-21 10:47:05.695root 11241100x8000000000000000425513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f407d67a563b7b862021-12-21 10:47:05.695root 11241100x8000000000000000425514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a772592036f01cc42021-12-21 10:47:05.695root 11241100x8000000000000000425515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e1b2fc48b0c1a42021-12-21 10:47:05.695root 11241100x8000000000000000425516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c75d31715002b872021-12-21 10:47:05.695root 11241100x8000000000000000425517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e6196c664127b712021-12-21 10:47:05.695root 11241100x8000000000000000425518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.505cf9d011a101d62021-12-21 10:47:05.695root 11241100x8000000000000000425519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d6c447b87810362021-12-21 10:47:05.695root 11241100x8000000000000000425520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128e645e8f22b53e2021-12-21 10:47:05.696root 11241100x8000000000000000425521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf92e01369ff79ea2021-12-21 10:47:05.696root 11241100x8000000000000000425522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.126dbf6f908b9c312021-12-21 10:47:05.696root 11241100x8000000000000000425523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b21a1c6f4f781e302021-12-21 10:47:05.696root 11241100x8000000000000000425524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0943e5e830c563702021-12-21 10:47:05.696root 11241100x8000000000000000425525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b257bb3eeca90492021-12-21 10:47:05.696root 11241100x8000000000000000425526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.033c5813a276f20d2021-12-21 10:47:05.696root 11241100x8000000000000000425527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c617fa38bd0e842021-12-21 10:47:05.696root 11241100x8000000000000000425528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ec89d3cebad3682021-12-21 10:47:05.696root 11241100x8000000000000000425529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da34fd5a00554d22021-12-21 10:47:05.696root 11241100x8000000000000000425530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b50ace28b849842021-12-21 10:47:05.696root 11241100x8000000000000000425531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e400a866c9d589a72021-12-21 10:47:05.696root 11241100x8000000000000000425532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a545ff6c17be46cd2021-12-21 10:47:05.696root 11241100x8000000000000000425533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04a0d04b3ada14472021-12-21 10:47:05.696root 11241100x8000000000000000425534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:05.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc0c4858356d2af82021-12-21 10:47:05.696root 11241100x8000000000000000425535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb8c3b7535e213082021-12-21 10:47:06.194root 11241100x8000000000000000425536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a7d49453833d842021-12-21 10:47:06.194root 11241100x8000000000000000425537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d717ea2694bba9e12021-12-21 10:47:06.194root 11241100x8000000000000000425538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63dd5d36ff56f0602021-12-21 10:47:06.194root 11241100x8000000000000000425539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaf1202575435ac52021-12-21 10:47:06.194root 11241100x8000000000000000425540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c3be851dabad5d62021-12-21 10:47:06.194root 11241100x8000000000000000425541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf986878ecb628752021-12-21 10:47:06.194root 11241100x8000000000000000425542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f4589c580288912021-12-21 10:47:06.194root 11241100x8000000000000000425543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c9cb1a1019d6ab52021-12-21 10:47:06.195root 11241100x8000000000000000425544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.006478a9a1adb7602021-12-21 10:47:06.195root 11241100x8000000000000000425545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a4bbbca7f1ef1702021-12-21 10:47:06.195root 11241100x8000000000000000425546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df8ee7b2eee85e22021-12-21 10:47:06.195root 11241100x8000000000000000425547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c827a4cd498ff302021-12-21 10:47:06.195root 11241100x8000000000000000425548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b90c0d4c42c6a9a32021-12-21 10:47:06.195root 11241100x8000000000000000425549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc6a0b14612beb362021-12-21 10:47:06.195root 11241100x8000000000000000425550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73495052a22d005d2021-12-21 10:47:06.195root 11241100x8000000000000000425551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70119a9ff2329f4b2021-12-21 10:47:06.195root 11241100x8000000000000000425552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beda0ef3c1b6cc212021-12-21 10:47:06.195root 11241100x8000000000000000425553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8433cf24a8edc2762021-12-21 10:47:06.195root 11241100x8000000000000000425554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec5827a7f761a24d2021-12-21 10:47:06.195root 11241100x8000000000000000425555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87078daabd582942021-12-21 10:47:06.195root 11241100x8000000000000000425556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc3cdeb6d57453af2021-12-21 10:47:06.195root 11241100x8000000000000000425557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e530232202b889b42021-12-21 10:47:06.195root 11241100x8000000000000000425558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff09f9243ca105af2021-12-21 10:47:06.195root 11241100x8000000000000000425559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96950acc985413222021-12-21 10:47:06.196root 11241100x8000000000000000425560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61770f8a7117cffa2021-12-21 10:47:06.196root 11241100x8000000000000000425561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b8ba624e87a5412021-12-21 10:47:06.196root 11241100x8000000000000000425562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd0e4774645c01d2021-12-21 10:47:06.196root 11241100x8000000000000000425563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02ffe5a38a5ca0db2021-12-21 10:47:06.196root 11241100x8000000000000000425564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf165ba9fd529422021-12-21 10:47:06.196root 11241100x8000000000000000425565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cd1dc20bc97c1e32021-12-21 10:47:06.196root 11241100x8000000000000000425566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d803057c3131e132021-12-21 10:47:06.196root 11241100x8000000000000000425567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ae5a626c1911422021-12-21 10:47:06.196root 11241100x8000000000000000425568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e47c0e86c944982021-12-21 10:47:06.196root 11241100x8000000000000000425569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43f0dfedf088267e2021-12-21 10:47:06.196root 11241100x8000000000000000425570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1532bc4df1e4c9282021-12-21 10:47:06.196root 11241100x8000000000000000425571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61bf7e519fb5a17d2021-12-21 10:47:06.196root 11241100x8000000000000000425572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.342{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 10:47:06.342root 11241100x8000000000000000425573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c87a87dbf083f53a2021-12-21 10:47:06.694root 11241100x8000000000000000425574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68532a659ae84b3d2021-12-21 10:47:06.694root 11241100x8000000000000000425575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bcc2b775c8b3e512021-12-21 10:47:06.694root 11241100x8000000000000000425576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a25e0e7be66384aa2021-12-21 10:47:06.694root 11241100x8000000000000000425577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1450191b3af7ccd2021-12-21 10:47:06.694root 11241100x8000000000000000425578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29afb63e42fe4e752021-12-21 10:47:06.694root 11241100x8000000000000000425579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e810123431c968232021-12-21 10:47:06.694root 11241100x8000000000000000425580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f26d0be12b9f6f5e2021-12-21 10:47:06.694root 11241100x8000000000000000425581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86379a9d29b5726e2021-12-21 10:47:06.695root 11241100x8000000000000000425582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f088c6dad579aea2021-12-21 10:47:06.695root 11241100x8000000000000000425583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce2dfdfaede5cc22021-12-21 10:47:06.695root 11241100x8000000000000000425584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c45f5928f9f43692021-12-21 10:47:06.695root 11241100x8000000000000000425585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbeedf7b8aff92932021-12-21 10:47:06.695root 11241100x8000000000000000425586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1acee820c8038932021-12-21 10:47:06.695root 11241100x8000000000000000425587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96ff460521b100432021-12-21 10:47:06.695root 11241100x8000000000000000425588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea98f4a2b7c3a7eb2021-12-21 10:47:06.695root 11241100x8000000000000000425589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a9bf660b5a181e2021-12-21 10:47:06.695root 11241100x8000000000000000425590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.167451ff707736fb2021-12-21 10:47:06.695root 11241100x8000000000000000425591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cebb14a842b45ff2021-12-21 10:47:06.695root 11241100x8000000000000000425592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24de6df7d01790352021-12-21 10:47:06.695root 11241100x8000000000000000425593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ce6419a7f7ac852021-12-21 10:47:06.695root 11241100x8000000000000000425594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65e4580112545b0c2021-12-21 10:47:06.695root 11241100x8000000000000000425595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a9ae2488db0c8422021-12-21 10:47:06.695root 11241100x8000000000000000425596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f293e2fd7d18826e2021-12-21 10:47:06.695root 11241100x8000000000000000425597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f0f707728bac7852021-12-21 10:47:06.696root 11241100x8000000000000000425598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf1c2563c87b8e252021-12-21 10:47:06.696root 11241100x8000000000000000425599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13bc15ecab2cbe9b2021-12-21 10:47:06.696root 11241100x8000000000000000425600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1ed33acaf7a65f92021-12-21 10:47:06.696root 11241100x8000000000000000425601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41332de36cf0d1462021-12-21 10:47:06.696root 11241100x8000000000000000425602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c67289c8f15b0f12021-12-21 10:47:06.696root 11241100x8000000000000000425603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a1743bc4406fa3f2021-12-21 10:47:06.696root 11241100x8000000000000000425604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd30df95703e4a142021-12-21 10:47:06.696root 11241100x8000000000000000425605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b286610e64ce8ec02021-12-21 10:47:06.696root 11241100x8000000000000000425606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd725816ea97fe202021-12-21 10:47:06.696root 11241100x8000000000000000425607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3acfffd2e1e32f922021-12-21 10:47:06.696root 11241100x8000000000000000425608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58651ae8cb28bf842021-12-21 10:47:06.696root 11241100x8000000000000000425609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.598988ac853cfdca2021-12-21 10:47:06.696root 11241100x8000000000000000425610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.569fd68b61ab65992021-12-21 10:47:06.696root 11241100x8000000000000000425611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e193682909538a2021-12-21 10:47:07.194root 11241100x8000000000000000425612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4970d92c99f2d4752021-12-21 10:47:07.194root 11241100x8000000000000000425613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c31e58cc35a920c82021-12-21 10:47:07.194root 11241100x8000000000000000425614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7509774c4499862021-12-21 10:47:07.194root 11241100x8000000000000000425615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d64558e86fb3bde2021-12-21 10:47:07.194root 11241100x8000000000000000425616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8085df1bc26328832021-12-21 10:47:07.194root 11241100x8000000000000000425617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0566a141075df62021-12-21 10:47:07.194root 11241100x8000000000000000425618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc92d28925268db2021-12-21 10:47:07.194root 11241100x8000000000000000425619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb06383895b2664c2021-12-21 10:47:07.195root 11241100x8000000000000000425620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd6cf7020a124bf62021-12-21 10:47:07.195root 11241100x8000000000000000425621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e58df9162801602021-12-21 10:47:07.195root 11241100x8000000000000000425622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab733f52efd4f512021-12-21 10:47:07.195root 11241100x8000000000000000425623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c95216dac06e8ebf2021-12-21 10:47:07.195root 11241100x8000000000000000425624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a94f8b045da9cbd2021-12-21 10:47:07.195root 11241100x8000000000000000425625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adc3b0652b5a0ef12021-12-21 10:47:07.195root 11241100x8000000000000000425626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.032ab34ceb2101ed2021-12-21 10:47:07.195root 11241100x8000000000000000425627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b054035bdba8522021-12-21 10:47:07.195root 11241100x8000000000000000425628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb72b9465298bde2021-12-21 10:47:07.195root 11241100x8000000000000000425629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49545aa9220246e12021-12-21 10:47:07.195root 11241100x8000000000000000425630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.808412065241eae82021-12-21 10:47:07.195root 11241100x8000000000000000425631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be4e22ee811f78ec2021-12-21 10:47:07.196root 11241100x8000000000000000425632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c7ab26f78fb28712021-12-21 10:47:07.196root 11241100x8000000000000000425633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4a83357136ec0182021-12-21 10:47:07.196root 11241100x8000000000000000425634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3ffb99713eb77092021-12-21 10:47:07.196root 11241100x8000000000000000425635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a853c6f1997506a2021-12-21 10:47:07.197root 11241100x8000000000000000425636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a703c4243b17e8db2021-12-21 10:47:07.197root 11241100x8000000000000000425637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af61e10d5a7a24e2021-12-21 10:47:07.197root 11241100x8000000000000000425638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf6e5db09e37e6c2021-12-21 10:47:07.197root 11241100x8000000000000000425639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db9efe950dbda8632021-12-21 10:47:07.197root 11241100x8000000000000000425640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c29d72ddfdaf33db2021-12-21 10:47:07.198root 11241100x8000000000000000425641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff6b91f2192a2832021-12-21 10:47:07.198root 11241100x8000000000000000425642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.083a6e77c4a658d32021-12-21 10:47:07.198root 11241100x8000000000000000425643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bdd82575b4891632021-12-21 10:47:07.198root 11241100x8000000000000000425644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66f0391ef81521b22021-12-21 10:47:07.198root 11241100x8000000000000000425645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d67e396ab05e9f3b2021-12-21 10:47:07.199root 11241100x8000000000000000425646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61d39e273750bd802021-12-21 10:47:07.199root 11241100x8000000000000000425647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e8bc8a24321aae42021-12-21 10:47:07.199root 11241100x8000000000000000425648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8141c888e941dbfa2021-12-21 10:47:07.200root 11241100x8000000000000000425649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651d9b9ac265abc32021-12-21 10:47:07.694root 11241100x8000000000000000425650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ac4ae26ac11d442021-12-21 10:47:07.694root 11241100x8000000000000000425651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.567e9ebb0b0af2a62021-12-21 10:47:07.694root 11241100x8000000000000000425652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04a86aa6618c7a682021-12-21 10:47:07.694root 11241100x8000000000000000425653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.691085367edd64da2021-12-21 10:47:07.694root 11241100x8000000000000000425654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47133e624bdb070e2021-12-21 10:47:07.694root 11241100x8000000000000000425655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507309fa252cc0b92021-12-21 10:47:07.694root 11241100x8000000000000000425656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ccab219e634b31b2021-12-21 10:47:07.694root 11241100x8000000000000000425657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a8ceadc2339a4f2021-12-21 10:47:07.695root 11241100x8000000000000000425658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.297b7c7d3d71e4222021-12-21 10:47:07.695root 11241100x8000000000000000425659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc24dfc7c2a5e3172021-12-21 10:47:07.695root 11241100x8000000000000000425660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45eb3fbc340052df2021-12-21 10:47:07.695root 11241100x8000000000000000425661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39392b8bf577fff2021-12-21 10:47:07.695root 11241100x8000000000000000425662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab1655b7dab0fa42021-12-21 10:47:07.695root 11241100x8000000000000000425663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8443f7fed981cc752021-12-21 10:47:07.695root 11241100x8000000000000000425664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88335cea9c7c4e0e2021-12-21 10:47:07.695root 11241100x8000000000000000425665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdaccd18c91bc4fa2021-12-21 10:47:07.695root 11241100x8000000000000000425666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01c7c6817adaefea2021-12-21 10:47:07.695root 11241100x8000000000000000425667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a120d5ea29f7772021-12-21 10:47:07.695root 11241100x8000000000000000425668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d2d0dd5363a4602021-12-21 10:47:07.695root 11241100x8000000000000000425669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.814bf092013e56862021-12-21 10:47:07.695root 11241100x8000000000000000425670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f7efe79b36ac4d82021-12-21 10:47:07.696root 11241100x8000000000000000425671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.451ce07a1a4e606c2021-12-21 10:47:07.696root 11241100x8000000000000000425672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3cd62302c0e70da2021-12-21 10:47:07.696root 11241100x8000000000000000425673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1699187890cc0802021-12-21 10:47:07.696root 11241100x8000000000000000425674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95e8b5947bfb652f2021-12-21 10:47:07.696root 11241100x8000000000000000425675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48ece75ea169b5022021-12-21 10:47:07.696root 11241100x8000000000000000425676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ceccf0ef4cf84822021-12-21 10:47:07.696root 11241100x8000000000000000425677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcfc5a7ea95b46c22021-12-21 10:47:07.696root 11241100x8000000000000000425678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe5b019e5c3035e32021-12-21 10:47:07.696root 11241100x8000000000000000425679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7fc3277bce3d57c2021-12-21 10:47:07.696root 11241100x8000000000000000425680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.731238a9a27774b12021-12-21 10:47:07.696root 11241100x8000000000000000425681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0122449d87f2aad2021-12-21 10:47:07.696root 11241100x8000000000000000425682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7b3659dcaf816572021-12-21 10:47:07.696root 11241100x8000000000000000425683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.084b7ce6fcb07d422021-12-21 10:47:07.696root 11241100x8000000000000000425684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b15dc911651b8b2021-12-21 10:47:07.696root 11241100x8000000000000000425685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f4c36fb7f133ea2021-12-21 10:47:07.696root 11241100x8000000000000000425686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:07.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b8942e5d9b900df2021-12-21 10:47:07.697root 11241100x8000000000000000425687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad03bf5892fca272021-12-21 10:47:08.194root 11241100x8000000000000000425688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecb5c5392ba89c022021-12-21 10:47:08.194root 11241100x8000000000000000425689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ffdd0f4be03ef942021-12-21 10:47:08.194root 11241100x8000000000000000425690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.735316096d0e13322021-12-21 10:47:08.194root 11241100x8000000000000000425691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68e10f07a25a80672021-12-21 10:47:08.194root 11241100x8000000000000000425692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.284ad38f058c93ea2021-12-21 10:47:08.194root 11241100x8000000000000000425693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c032fd5fdfe8d4282021-12-21 10:47:08.194root 11241100x8000000000000000425694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8536e7625cec06a2021-12-21 10:47:08.194root 11241100x8000000000000000425695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae17f1690ef3c08d2021-12-21 10:47:08.195root 11241100x8000000000000000425696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb09f411badd6e82021-12-21 10:47:08.195root 11241100x8000000000000000425697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58956ae6fca3d7a72021-12-21 10:47:08.195root 11241100x8000000000000000425698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c318454b0488522021-12-21 10:47:08.195root 11241100x8000000000000000425699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56351f163a18c8622021-12-21 10:47:08.195root 11241100x8000000000000000425700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e5f42e4e1f5bae82021-12-21 10:47:08.195root 11241100x8000000000000000425701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3254bc7fb4f4630e2021-12-21 10:47:08.195root 11241100x8000000000000000425702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b389c6f3e002ad1b2021-12-21 10:47:08.195root 11241100x8000000000000000425703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d43789872e618f02021-12-21 10:47:08.195root 11241100x8000000000000000425704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2785ebc219e662962021-12-21 10:47:08.195root 11241100x8000000000000000425705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58aaf2e34b87a64d2021-12-21 10:47:08.195root 11241100x8000000000000000425706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d07a6dcad4ad7a102021-12-21 10:47:08.195root 11241100x8000000000000000425707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1ab7d12028104f12021-12-21 10:47:08.195root 11241100x8000000000000000425708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dae5f21d04c9da02021-12-21 10:47:08.195root 11241100x8000000000000000425709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95748720500d90162021-12-21 10:47:08.195root 11241100x8000000000000000425710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c8379dcb5ed00f2021-12-21 10:47:08.196root 11241100x8000000000000000425711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e13444ac12f272f2021-12-21 10:47:08.196root 11241100x8000000000000000425712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32491e8ea689a3582021-12-21 10:47:08.196root 11241100x8000000000000000425713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdff902da9876a0c2021-12-21 10:47:08.196root 11241100x8000000000000000425714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd6d3958ffd8b182021-12-21 10:47:08.196root 11241100x8000000000000000425715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10908293d37682492021-12-21 10:47:08.196root 11241100x8000000000000000425716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc88eb328b568dbc2021-12-21 10:47:08.196root 11241100x8000000000000000425717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d6a23aac6273dbe2021-12-21 10:47:08.196root 11241100x8000000000000000425718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380574b37c4374002021-12-21 10:47:08.196root 11241100x8000000000000000425719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce24d8c7f72ae72d2021-12-21 10:47:08.196root 11241100x8000000000000000425720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1002eb77e1b1f89c2021-12-21 10:47:08.196root 11241100x8000000000000000425721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae9188c662ca7cf2021-12-21 10:47:08.196root 11241100x8000000000000000425722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01fef0fc09de2ec22021-12-21 10:47:08.196root 11241100x8000000000000000425723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42579df2010675bb2021-12-21 10:47:08.196root 11241100x8000000000000000425724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fc71fced68ee2812021-12-21 10:47:08.196root 11241100x8000000000000000425725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b3eec89ce83af22021-12-21 10:47:08.694root 11241100x8000000000000000425726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f3f55dafc9fe9952021-12-21 10:47:08.694root 11241100x8000000000000000425727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6144d09707985e582021-12-21 10:47:08.694root 11241100x8000000000000000425728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d6e9ff2c3e94152021-12-21 10:47:08.694root 11241100x8000000000000000425729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe1df666349de442021-12-21 10:47:08.694root 11241100x8000000000000000425730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6484735e38c3ec6e2021-12-21 10:47:08.694root 11241100x8000000000000000425731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d3a6aedce3d983a2021-12-21 10:47:08.694root 11241100x8000000000000000425732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c467bfe41ed08152021-12-21 10:47:08.694root 11241100x8000000000000000425733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb38aed44712d2c2021-12-21 10:47:08.694root 11241100x8000000000000000425734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8588ad1aecfaafc2021-12-21 10:47:08.695root 11241100x8000000000000000425735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b22ef32657a897f92021-12-21 10:47:08.695root 11241100x8000000000000000425736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.575c776146f6d3b72021-12-21 10:47:08.695root 11241100x8000000000000000425737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ffe45433759ba12021-12-21 10:47:08.695root 11241100x8000000000000000425738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69ed84687e617be42021-12-21 10:47:08.695root 11241100x8000000000000000425739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11983ac03c7349de2021-12-21 10:47:08.695root 11241100x8000000000000000425740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ce38e173f047982021-12-21 10:47:08.695root 11241100x8000000000000000425741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a59ed9f758b492512021-12-21 10:47:08.695root 11241100x8000000000000000425742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b2c6c32f10c9ca52021-12-21 10:47:08.695root 11241100x8000000000000000425743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d4ccd00e4fc007c2021-12-21 10:47:08.695root 11241100x8000000000000000425744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a212f4acfa4121d2021-12-21 10:47:08.695root 11241100x8000000000000000425745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b1d4db0b5f29052021-12-21 10:47:08.695root 11241100x8000000000000000425746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09b11fa58a0f7442021-12-21 10:47:08.695root 11241100x8000000000000000425747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cedac7c4e1c25e02021-12-21 10:47:08.695root 11241100x8000000000000000425748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e53a3e651b2036e2021-12-21 10:47:08.696root 11241100x8000000000000000425749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df3e5442425ed1372021-12-21 10:47:08.696root 11241100x8000000000000000425750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a9a6732ae7cc142021-12-21 10:47:08.696root 11241100x8000000000000000425751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e2e330f9a18ea0a2021-12-21 10:47:08.696root 11241100x8000000000000000425752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3638d331a12589f2021-12-21 10:47:08.696root 11241100x8000000000000000425753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b00ca0920214702021-12-21 10:47:08.696root 11241100x8000000000000000425754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74949c5c556972832021-12-21 10:47:08.696root 11241100x8000000000000000425755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d08fda8b4aab6c2021-12-21 10:47:08.696root 11241100x8000000000000000425756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52f8dca4b0b537b32021-12-21 10:47:08.696root 11241100x8000000000000000425757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7079a853c93a9da2021-12-21 10:47:08.696root 11241100x8000000000000000425758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bad09049ae227652021-12-21 10:47:08.696root 11241100x8000000000000000425759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f11af3ba8d048d2d2021-12-21 10:47:08.696root 11241100x8000000000000000425760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22bc10e448cca7ee2021-12-21 10:47:08.696root 11241100x8000000000000000425761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.437b6a8e281d4ed62021-12-21 10:47:08.696root 11241100x8000000000000000425762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70fcba7dfeac2a432021-12-21 10:47:08.696root 11241100x8000000000000000425763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0f22678387454d62021-12-21 10:47:09.194root 11241100x8000000000000000425764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74fef92026bb2a3c2021-12-21 10:47:09.194root 11241100x8000000000000000425765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4868dabd848436f72021-12-21 10:47:09.194root 11241100x8000000000000000425766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39e80463560ff5422021-12-21 10:47:09.194root 11241100x8000000000000000425767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.176c805a1192fe802021-12-21 10:47:09.195root 11241100x8000000000000000425768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f887aa4aed853f3f2021-12-21 10:47:09.195root 11241100x8000000000000000425769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c604ecb7821f95ca2021-12-21 10:47:09.195root 11241100x8000000000000000425770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1572f6e4e1734c112021-12-21 10:47:09.195root 11241100x8000000000000000425771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04a020c2aa9f42902021-12-21 10:47:09.195root 11241100x8000000000000000425772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f840240101c49312021-12-21 10:47:09.195root 11241100x8000000000000000425773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e53b61028803c32e2021-12-21 10:47:09.195root 11241100x8000000000000000425774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92c87e0771b165c82021-12-21 10:47:09.195root 11241100x8000000000000000425775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80730b1fb2dbaf362021-12-21 10:47:09.195root 11241100x8000000000000000425776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c223139dd555d82021-12-21 10:47:09.195root 11241100x8000000000000000425777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10bca1f0312b562d2021-12-21 10:47:09.195root 11241100x8000000000000000425778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dca77741e9bbd482021-12-21 10:47:09.196root 11241100x8000000000000000425779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1909b7894c12a8292021-12-21 10:47:09.196root 11241100x8000000000000000425780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d904b8149249a92021-12-21 10:47:09.196root 11241100x8000000000000000425781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a8cf5b930588db72021-12-21 10:47:09.196root 11241100x8000000000000000425782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e14fcd9cefd44ce2021-12-21 10:47:09.196root 11241100x8000000000000000425783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a5fdf2d214a879c2021-12-21 10:47:09.196root 11241100x8000000000000000425784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d3d928685c821432021-12-21 10:47:09.196root 11241100x8000000000000000425785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d473d2a4f36afb322021-12-21 10:47:09.197root 11241100x8000000000000000425786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.423f98eecfcc25fc2021-12-21 10:47:09.197root 11241100x8000000000000000425787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b104ca15764d26502021-12-21 10:47:09.197root 11241100x8000000000000000425788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.086ba8de623c89be2021-12-21 10:47:09.197root 11241100x8000000000000000425789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fad09be08441c482021-12-21 10:47:09.197root 11241100x8000000000000000425790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a39ed98ad703ad582021-12-21 10:47:09.197root 11241100x8000000000000000425791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0321b7c0376446a72021-12-21 10:47:09.197root 11241100x8000000000000000425792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a01cc6434f140b292021-12-21 10:47:09.197root 11241100x8000000000000000425793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.979aa5881465874b2021-12-21 10:47:09.197root 11241100x8000000000000000425794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b1fe5afa862e0512021-12-21 10:47:09.198root 11241100x8000000000000000425795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9b0c2711f431b462021-12-21 10:47:09.198root 11241100x8000000000000000425796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7801215edd9b692f2021-12-21 10:47:09.198root 11241100x8000000000000000425797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df28c27cb8b21c502021-12-21 10:47:09.198root 11241100x8000000000000000425798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d20828b458550882021-12-21 10:47:09.198root 11241100x8000000000000000425799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18f4c953291efab2021-12-21 10:47:09.198root 11241100x8000000000000000425800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ccb4659cf2766cd2021-12-21 10:47:09.198root 23542300x8000000000000000425801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.230{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000425802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f67e375dc1e1ef2021-12-21 10:47:09.694root 11241100x8000000000000000425803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a28604b7e2f0f732021-12-21 10:47:09.694root 11241100x8000000000000000425804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a4f3887bcbbc152021-12-21 10:47:09.694root 11241100x8000000000000000425805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a7939c7d64f54fa2021-12-21 10:47:09.695root 11241100x8000000000000000425806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3de7a09f5c87f722021-12-21 10:47:09.695root 11241100x8000000000000000425807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d07043a30ab4d07b2021-12-21 10:47:09.695root 11241100x8000000000000000425808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6cf47040eb79892021-12-21 10:47:09.695root 11241100x8000000000000000425809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1108e4087dfc38dd2021-12-21 10:47:09.695root 11241100x8000000000000000425810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8753987868aa95252021-12-21 10:47:09.695root 11241100x8000000000000000425811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.805592ea986e12642021-12-21 10:47:09.695root 11241100x8000000000000000425812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4ba549aeb0d4cb2021-12-21 10:47:09.695root 11241100x8000000000000000425813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4c1ec725c87ac92021-12-21 10:47:09.695root 11241100x8000000000000000425814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d6434f44809ef02021-12-21 10:47:09.696root 11241100x8000000000000000425815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5ee9a937ad17bf62021-12-21 10:47:09.696root 11241100x8000000000000000425816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c6b8afe77cd94892021-12-21 10:47:09.696root 11241100x8000000000000000425817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e27c0185d606c82021-12-21 10:47:09.696root 11241100x8000000000000000425818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61163831faf577a62021-12-21 10:47:09.696root 11241100x8000000000000000425819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8908406e30c99b2d2021-12-21 10:47:09.696root 11241100x8000000000000000425820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03cbbf4855aeac612021-12-21 10:47:09.696root 11241100x8000000000000000425821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c757d1682ae38be52021-12-21 10:47:09.697root 11241100x8000000000000000425822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.261430ce95fc98922021-12-21 10:47:09.697root 11241100x8000000000000000425823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59bdce3bbe3b92972021-12-21 10:47:09.697root 11241100x8000000000000000425824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fcb14d56e6c153c2021-12-21 10:47:09.697root 11241100x8000000000000000425825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8117150236bda9852021-12-21 10:47:09.697root 11241100x8000000000000000425826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4572c00d258d3c2021-12-21 10:47:09.697root 11241100x8000000000000000425827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bbfb0d0a219bfdc2021-12-21 10:47:09.697root 11241100x8000000000000000425828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e461f746e6252ff2021-12-21 10:47:09.697root 11241100x8000000000000000425829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af0e4145e03f6f32021-12-21 10:47:09.697root 11241100x8000000000000000425830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a64f78a52b1abf022021-12-21 10:47:09.697root 11241100x8000000000000000425831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e209093172f475082021-12-21 10:47:09.697root 11241100x8000000000000000425832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6982a74d38d8f8e92021-12-21 10:47:09.697root 11241100x8000000000000000425833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e94043c1f8a8e822021-12-21 10:47:09.698root 11241100x8000000000000000425834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fd22c1528431a402021-12-21 10:47:09.698root 11241100x8000000000000000425835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe7bbd62fa532e052021-12-21 10:47:09.698root 11241100x8000000000000000425836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d94407847899abf32021-12-21 10:47:09.698root 11241100x8000000000000000425837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b222a8c6b56e1a922021-12-21 10:47:09.698root 11241100x8000000000000000425838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84501f9f612eb89a2021-12-21 10:47:09.698root 11241100x8000000000000000425839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a10f36c7b1ce7962021-12-21 10:47:09.698root 11241100x8000000000000000425840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d8badc63fa1ef92021-12-21 10:47:09.698root 534500x8000000000000000425841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:09.754{ec2b6afe-9233-61c1-c81a-006eee550000}454/lib/systemd/systemd-journaldroot 354300x8000000000000000425842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.129{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47596-false10.0.1.12-8000- 11241100x8000000000000000425843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.129{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3185410cc3d2fa832021-12-21 10:47:10.129root 11241100x8000000000000000425844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.129{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2fba3c9fa1577452021-12-21 10:47:10.129root 11241100x8000000000000000425845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.129{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e72bd523c827a742021-12-21 10:47:10.129root 11241100x8000000000000000425846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a07c254e22c8cb2021-12-21 10:47:10.130root 11241100x8000000000000000425847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f6b55281f4ab6ef2021-12-21 10:47:10.130root 11241100x8000000000000000425848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32fed0f963579c2f2021-12-21 10:47:10.130root 11241100x8000000000000000425849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a44b99b99881938f2021-12-21 10:47:10.130root 11241100x8000000000000000425850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2080383ce871e9592021-12-21 10:47:10.130root 11241100x8000000000000000425851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d34ed0407878d5d2021-12-21 10:47:10.130root 11241100x8000000000000000425852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25580cd190f6d072021-12-21 10:47:10.130root 11241100x8000000000000000425853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0702684b7efac6f32021-12-21 10:47:10.130root 11241100x8000000000000000425854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881eadb6f64a43592021-12-21 10:47:10.130root 11241100x8000000000000000425855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9224df03391a5ab2021-12-21 10:47:10.130root 11241100x8000000000000000425856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.744e5c1b50e21f932021-12-21 10:47:10.130root 11241100x8000000000000000425857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fc2bb45864ff3322021-12-21 10:47:10.130root 11241100x8000000000000000425858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.130{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebe0d7653d398d852021-12-21 10:47:10.130root 11241100x8000000000000000425859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dfe007acc00d4bc2021-12-21 10:47:10.131root 11241100x8000000000000000425860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f18bf2d3acafa52021-12-21 10:47:10.131root 11241100x8000000000000000425861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a8d85eb581df4d2021-12-21 10:47:10.131root 11241100x8000000000000000425862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef4d7c8af525957f2021-12-21 10:47:10.131root 11241100x8000000000000000425863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b88e25e349c1acd12021-12-21 10:47:10.131root 11241100x8000000000000000425864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ff46e9d8838f5942021-12-21 10:47:10.131root 11241100x8000000000000000425865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c8b701dc61ca752021-12-21 10:47:10.131root 11241100x8000000000000000425866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2dabf31e814b1b52021-12-21 10:47:10.131root 11241100x8000000000000000425867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4ea29ab922d474f2021-12-21 10:47:10.131root 11241100x8000000000000000425868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.733734598cfccfc92021-12-21 10:47:10.131root 11241100x8000000000000000425869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.132{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5393717caa233d7c2021-12-21 10:47:10.132root 11241100x8000000000000000425870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.132{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd86a4624f64970d2021-12-21 10:47:10.132root 11241100x8000000000000000425871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.132{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.424b2b972efe92e72021-12-21 10:47:10.132root 11241100x8000000000000000425872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.132{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0a44cb2eaa905d42021-12-21 10:47:10.132root 11241100x8000000000000000425873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.132{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67fd2f2e3db446e72021-12-21 10:47:10.132root 11241100x8000000000000000425874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.132{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef684b24bc7a6dce2021-12-21 10:47:10.132root 11241100x8000000000000000425875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.132{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fb9a1d6e41441ec2021-12-21 10:47:10.132root 11241100x8000000000000000425876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.132{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc433480f28f8442021-12-21 10:47:10.132root 11241100x8000000000000000425877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.132{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b28d7adb9ecec1c2021-12-21 10:47:10.132root 11241100x8000000000000000425878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.132{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5aa557f90c48fa32021-12-21 10:47:10.132root 11241100x8000000000000000425879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.132{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.639bb443d774e4002021-12-21 10:47:10.132root 11241100x8000000000000000425880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a6d36568a67e802021-12-21 10:47:10.133root 11241100x8000000000000000425881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d5be60e2885a1332021-12-21 10:47:10.133root 11241100x8000000000000000425882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9081970a3681015c2021-12-21 10:47:10.133root 11241100x8000000000000000425883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5231449ed6c67a52021-12-21 10:47:10.133root 11241100x8000000000000000425884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16a60caaeaf5229b2021-12-21 10:47:10.133root 11241100x8000000000000000425885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4396f69dd94c674c2021-12-21 10:47:10.133root 11241100x8000000000000000425886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caee9523cd295b8f2021-12-21 10:47:10.133root 11241100x8000000000000000425887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6cbb565a8a3ba0f2021-12-21 10:47:10.134root 11241100x8000000000000000425888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaf0730153321a262021-12-21 10:47:10.134root 11241100x8000000000000000425889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3593cb7017f24c372021-12-21 10:47:10.134root 11241100x8000000000000000425890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839099178fe0eded2021-12-21 10:47:10.134root 11241100x8000000000000000425891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62ca2238e190b4e2021-12-21 10:47:10.134root 11241100x8000000000000000425892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8ae200f0f0beeba2021-12-21 10:47:10.134root 11241100x8000000000000000425893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a9b2816cf150442021-12-21 10:47:10.134root 11241100x8000000000000000425894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a7bf5a09b3993e12021-12-21 10:47:10.134root 11241100x8000000000000000425895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed6064235dd831b32021-12-21 10:47:10.134root 11241100x8000000000000000425896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.135{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b6ac461beb928192021-12-21 10:47:10.135root 11241100x8000000000000000425897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.135{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177f649454e7c0e32021-12-21 10:47:10.135root 11241100x8000000000000000425898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.135{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67dd9657a23a1182021-12-21 10:47:10.135root 11241100x8000000000000000425899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.135{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef7e597e158cbc5f2021-12-21 10:47:10.135root 11241100x8000000000000000425900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.135{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71f91c820e695d42021-12-21 10:47:10.135root 11241100x8000000000000000425901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.135{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8fd10ce7cbef4402021-12-21 10:47:10.135root 11241100x8000000000000000425902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.135{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e956adbd0f734aa12021-12-21 10:47:10.135root 11241100x8000000000000000425903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.135{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee8d370b313e06772021-12-21 10:47:10.135root 11241100x8000000000000000425904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.135{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b744a74660a8ce2021-12-21 10:47:10.135root 11241100x8000000000000000425905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.135{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0192e73c782592a32021-12-21 10:47:10.135root 11241100x8000000000000000425906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.136{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47cb3ba9d73a2bfc2021-12-21 10:47:10.136root 11241100x8000000000000000425907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.136{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c37fd68f5d584b2021-12-21 10:47:10.136root 11241100x8000000000000000425908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.136{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc3bf4095fddbaf2021-12-21 10:47:10.136root 11241100x8000000000000000425909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.136{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03351fb57de5fe002021-12-21 10:47:10.136root 11241100x8000000000000000425910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.136{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0065d71d3da8f82021-12-21 10:47:10.136root 11241100x8000000000000000425911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.136{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0462695d4a334092021-12-21 10:47:10.136root 11241100x8000000000000000425912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.136{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0541cd7f14d5c8ab2021-12-21 10:47:10.136root 11241100x8000000000000000425913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.136{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c201c86559b9bf7c2021-12-21 10:47:10.136root 11241100x8000000000000000425914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.136{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e512e4e197bbb72f2021-12-21 10:47:10.136root 11241100x8000000000000000425915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.364f4738434e07162021-12-21 10:47:10.137root 11241100x8000000000000000425916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82fcd621629344952021-12-21 10:47:10.137root 11241100x8000000000000000425917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca859fecd60e99c2021-12-21 10:47:10.137root 11241100x8000000000000000425918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b46cfe862febec72021-12-21 10:47:10.137root 11241100x8000000000000000425919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71680311ce143c6e2021-12-21 10:47:10.137root 11241100x8000000000000000425920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77349a9d3a5920632021-12-21 10:47:10.137root 11241100x8000000000000000425921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d5629113af92bc2021-12-21 10:47:10.137root 11241100x8000000000000000425922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf89b1cc35ef2972021-12-21 10:47:10.137root 11241100x8000000000000000425923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a74644880fa15002021-12-21 10:47:10.137root 11241100x8000000000000000425924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a37c6939a85d33b82021-12-21 10:47:10.137root 11241100x8000000000000000425925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8975239117c5d4fc2021-12-21 10:47:10.138root 11241100x8000000000000000425926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d822451ea3d0c3572021-12-21 10:47:10.138root 11241100x8000000000000000425927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbdb978ffe1031bb2021-12-21 10:47:10.138root 11241100x8000000000000000425928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d07656b8a951cc12021-12-21 10:47:10.138root 11241100x8000000000000000425929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5982d5c7cf9cc7fe2021-12-21 10:47:10.138root 11241100x8000000000000000425930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d05d6f227f3122252021-12-21 10:47:10.138root 11241100x8000000000000000425931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0568eed59566e732021-12-21 10:47:10.138root 11241100x8000000000000000425932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439d0c5c99f1d5092021-12-21 10:47:10.139root 11241100x8000000000000000425933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489c43e01c8f88162021-12-21 10:47:10.139root 11241100x8000000000000000425934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7efe904a15f99b0f2021-12-21 10:47:10.139root 11241100x8000000000000000425935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb6c77047189d2f2021-12-21 10:47:10.139root 11241100x8000000000000000425936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e68f0373abb4e6b2021-12-21 10:47:10.443root 11241100x8000000000000000425937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140fdf3ea792f5f62021-12-21 10:47:10.443root 11241100x8000000000000000425938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.615e4e94219e62a42021-12-21 10:47:10.444root 11241100x8000000000000000425939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2629e442fb845d0d2021-12-21 10:47:10.444root 11241100x8000000000000000425940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e3ceb1851074c82021-12-21 10:47:10.444root 11241100x8000000000000000425941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.572314f3cf9acd992021-12-21 10:47:10.444root 11241100x8000000000000000425942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.572102dd0b6f29762021-12-21 10:47:10.444root 11241100x8000000000000000425943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51dd428810b6d5ae2021-12-21 10:47:10.444root 11241100x8000000000000000425944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c80d34f40e62172021-12-21 10:47:10.445root 11241100x8000000000000000425945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a18d2531a51b5be42021-12-21 10:47:10.445root 11241100x8000000000000000425946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5afe2e22adf88c72021-12-21 10:47:10.445root 11241100x8000000000000000425947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d451f450c08f6582021-12-21 10:47:10.445root 11241100x8000000000000000425948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08a732fb8eb5f7002021-12-21 10:47:10.445root 11241100x8000000000000000425949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07226af47af0113e2021-12-21 10:47:10.445root 11241100x8000000000000000425950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af0fc96a7bd0373c2021-12-21 10:47:10.445root 11241100x8000000000000000425951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7c1828ab44adce2021-12-21 10:47:10.445root 11241100x8000000000000000425952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.679035af062ccbfa2021-12-21 10:47:10.446root 11241100x8000000000000000425953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3155b8181a960e862021-12-21 10:47:10.446root 11241100x8000000000000000425954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e682f073238894d2021-12-21 10:47:10.446root 11241100x8000000000000000425955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7763e29946bfd802021-12-21 10:47:10.446root 11241100x8000000000000000425956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.045bf13394e49eac2021-12-21 10:47:10.446root 11241100x8000000000000000425957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9758449d4654683a2021-12-21 10:47:10.446root 11241100x8000000000000000425958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca0572718ff279a32021-12-21 10:47:10.446root 11241100x8000000000000000425959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe1cc435998de9f2021-12-21 10:47:10.446root 11241100x8000000000000000425960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8863868b96829b352021-12-21 10:47:10.446root 11241100x8000000000000000425961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f22d0347f9d81d9b2021-12-21 10:47:10.446root 11241100x8000000000000000425962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da68ef1e4a69b6e32021-12-21 10:47:10.446root 11241100x8000000000000000425963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae49a1f67fa37ca2021-12-21 10:47:10.446root 11241100x8000000000000000425964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eedc86855ecf7d52021-12-21 10:47:10.446root 11241100x8000000000000000425965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90aa950732af846a2021-12-21 10:47:10.446root 11241100x8000000000000000425966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab1dbf1c793e51be2021-12-21 10:47:10.447root 11241100x8000000000000000425967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af658aebefce2f32021-12-21 10:47:10.447root 11241100x8000000000000000425968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9825f70c44b95aad2021-12-21 10:47:10.447root 11241100x8000000000000000425969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b27a1f91f888d0f2021-12-21 10:47:10.447root 11241100x8000000000000000425970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c34809407ce7f72021-12-21 10:47:10.447root 11241100x8000000000000000425971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a62def462905c252021-12-21 10:47:10.447root 11241100x8000000000000000425972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d84d875c1258f112021-12-21 10:47:10.447root 11241100x8000000000000000425973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff0eb4ad9f5955d12021-12-21 10:47:10.447root 11241100x8000000000000000425974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9837e6bc598c90c2021-12-21 10:47:10.447root 11241100x8000000000000000425975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5b9534471efbaa2021-12-21 10:47:10.447root 11241100x8000000000000000425976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dfa611a2dafff9c2021-12-21 10:47:10.447root 11241100x8000000000000000425977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.575ea2ee9f8e517d2021-12-21 10:47:10.447root 11241100x8000000000000000425978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96382f2031ffeee92021-12-21 10:47:10.447root 11241100x8000000000000000425979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7e4be9a014764c2021-12-21 10:47:10.447root 11241100x8000000000000000425980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95bb84466e544c802021-12-21 10:47:10.447root 11241100x8000000000000000425981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4505f4380c6dd9d72021-12-21 10:47:10.447root 11241100x8000000000000000425982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce033504c2be7c12021-12-21 10:47:10.943root 11241100x8000000000000000425983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc9d2787d2007f272021-12-21 10:47:10.943root 11241100x8000000000000000425984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.014f80e1945e92512021-12-21 10:47:10.943root 11241100x8000000000000000425985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f21c9fcaaf2e5e2021-12-21 10:47:10.943root 11241100x8000000000000000425986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a27433c49fac1f712021-12-21 10:47:10.944root 11241100x8000000000000000425987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd73bb94301bfec2021-12-21 10:47:10.944root 11241100x8000000000000000425988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d77ea99902c64d2021-12-21 10:47:10.944root 11241100x8000000000000000425989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab45dd52a57ea2d2021-12-21 10:47:10.944root 11241100x8000000000000000425990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ff0dbdc1dbf4df2021-12-21 10:47:10.944root 11241100x8000000000000000425991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f1cea6945e11b692021-12-21 10:47:10.944root 11241100x8000000000000000425992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa6d4859551839e2021-12-21 10:47:10.944root 11241100x8000000000000000425993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7516795ec489e2b2021-12-21 10:47:10.944root 11241100x8000000000000000425994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff8ef7f2d043747f2021-12-21 10:47:10.944root 11241100x8000000000000000425995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c3fc069810724802021-12-21 10:47:10.944root 11241100x8000000000000000425996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3376d665c46d7642021-12-21 10:47:10.944root 11241100x8000000000000000425997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3068efb3d50cd7882021-12-21 10:47:10.944root 11241100x8000000000000000425998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190c2915e2253bc82021-12-21 10:47:10.944root 11241100x8000000000000000425999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f7a1628a803d4202021-12-21 10:47:10.944root 11241100x8000000000000000426000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5dee5bd37f1febb2021-12-21 10:47:10.944root 11241100x8000000000000000426001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8699a7517f0eeb582021-12-21 10:47:10.944root 11241100x8000000000000000426002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c715541eefd07e522021-12-21 10:47:10.945root 11241100x8000000000000000426003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c914cfa924cd6cf82021-12-21 10:47:10.945root 11241100x8000000000000000426004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea1d03400232ae282021-12-21 10:47:10.945root 11241100x8000000000000000426005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84df49d51c5002452021-12-21 10:47:10.945root 11241100x8000000000000000426006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32eca5d99c8d37ae2021-12-21 10:47:10.945root 11241100x8000000000000000426007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea3efe6d211c1b82021-12-21 10:47:10.945root 11241100x8000000000000000426008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cad2820f9f24aee22021-12-21 10:47:10.945root 11241100x8000000000000000426009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3e221c0bd7ca2c2021-12-21 10:47:10.945root 11241100x8000000000000000426010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d62a057c149bf4642021-12-21 10:47:10.945root 11241100x8000000000000000426011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.958f4a5b4bcab9f82021-12-21 10:47:10.945root 11241100x8000000000000000426012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.820f640e4a67c68e2021-12-21 10:47:10.945root 11241100x8000000000000000426013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c805d4d17786a26a2021-12-21 10:47:10.945root 11241100x8000000000000000426014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df2e6185592768ad2021-12-21 10:47:10.945root 11241100x8000000000000000426015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8633227c49b78bb12021-12-21 10:47:10.945root 11241100x8000000000000000426016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dfb999610d278be2021-12-21 10:47:10.945root 11241100x8000000000000000426017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b9231433449caeb2021-12-21 10:47:10.945root 11241100x8000000000000000426018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bc2e83598368adb2021-12-21 10:47:10.945root 11241100x8000000000000000426019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19266f659e0958952021-12-21 10:47:10.946root 11241100x8000000000000000426020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1cf2526be5218e12021-12-21 10:47:10.946root 11241100x8000000000000000426021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8762aff15b1a88812021-12-21 10:47:10.947root 11241100x8000000000000000426022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:10.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a7f650101e1e3762021-12-21 10:47:10.947root 11241100x8000000000000000426023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d4629a3426264fa2021-12-21 10:47:11.443root 11241100x8000000000000000426024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a5e71caa30a0e12021-12-21 10:47:11.443root 11241100x8000000000000000426025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e4f9b24a43219422021-12-21 10:47:11.443root 11241100x8000000000000000426026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ba67ed7c2ce51ad2021-12-21 10:47:11.443root 11241100x8000000000000000426027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d6d5a05c49b8e1f2021-12-21 10:47:11.443root 11241100x8000000000000000426028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4646622465031b382021-12-21 10:47:11.444root 11241100x8000000000000000426029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f42b910f3ba2d32021-12-21 10:47:11.444root 11241100x8000000000000000426030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b66f4b63664e19d2021-12-21 10:47:11.444root 11241100x8000000000000000426031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20f7daadad5ccb222021-12-21 10:47:11.444root 11241100x8000000000000000426032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1309065d02b39522021-12-21 10:47:11.444root 11241100x8000000000000000426033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b93d50489554ae2021-12-21 10:47:11.444root 11241100x8000000000000000426034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be55e1bd7f9ba0812021-12-21 10:47:11.444root 11241100x8000000000000000426035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d18de75e66651b502021-12-21 10:47:11.444root 11241100x8000000000000000426036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.700e9a255e6293d82021-12-21 10:47:11.444root 11241100x8000000000000000426037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2470616ff29301082021-12-21 10:47:11.444root 11241100x8000000000000000426038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47fae1c450911db72021-12-21 10:47:11.444root 11241100x8000000000000000426039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62a35b324284ef1d2021-12-21 10:47:11.444root 11241100x8000000000000000426040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83bb0ae37ea817442021-12-21 10:47:11.444root 11241100x8000000000000000426041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.650f12430268c1842021-12-21 10:47:11.444root 11241100x8000000000000000426042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea6bbf502fe428662021-12-21 10:47:11.444root 11241100x8000000000000000426043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb28f2c39338f98c2021-12-21 10:47:11.444root 11241100x8000000000000000426044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d70ff68ffc36b7242021-12-21 10:47:11.445root 11241100x8000000000000000426045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79994b24c5793a262021-12-21 10:47:11.445root 11241100x8000000000000000426046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b95740c7ec0f712021-12-21 10:47:11.445root 11241100x8000000000000000426047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a465b5163f55be972021-12-21 10:47:11.445root 11241100x8000000000000000426048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd1cc0a8061951d32021-12-21 10:47:11.445root 11241100x8000000000000000426049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.485162cb9b54da812021-12-21 10:47:11.445root 11241100x8000000000000000426050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ad1de0436534b92021-12-21 10:47:11.445root 11241100x8000000000000000426051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf97a7c29304a812021-12-21 10:47:11.445root 11241100x8000000000000000426052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b7a93232cdbbe682021-12-21 10:47:11.445root 11241100x8000000000000000426053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fda2d6e0c46fe20b2021-12-21 10:47:11.445root 11241100x8000000000000000426054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36ac90ad7a4061722021-12-21 10:47:11.445root 11241100x8000000000000000426055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ffb1bf1a04535962021-12-21 10:47:11.445root 11241100x8000000000000000426056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eef39f4c6c378622021-12-21 10:47:11.445root 11241100x8000000000000000426057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a30afa6d4bf7ca622021-12-21 10:47:11.445root 11241100x8000000000000000426058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115bb32900dd608c2021-12-21 10:47:11.445root 11241100x8000000000000000426059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba76f172fab9d74e2021-12-21 10:47:11.445root 11241100x8000000000000000426060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a0ba7ee3c27fce62021-12-21 10:47:11.446root 11241100x8000000000000000426061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c496c81d43a0663c2021-12-21 10:47:11.446root 11241100x8000000000000000426062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921a417d0f843d912021-12-21 10:47:11.446root 11241100x8000000000000000426063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b8040bc14556b0e2021-12-21 10:47:11.446root 11241100x8000000000000000426064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4cd8256eb9491222021-12-21 10:47:11.446root 11241100x8000000000000000426065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b060c3ebbc34b872021-12-21 10:47:11.446root 11241100x8000000000000000426066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daad1596d58038022021-12-21 10:47:11.446root 11241100x8000000000000000426067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f72e4f23e1a5c7232021-12-21 10:47:11.446root 11241100x8000000000000000426068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.379d032e9bc998c92021-12-21 10:47:11.943root 11241100x8000000000000000426069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af223525ee5a0202021-12-21 10:47:11.944root 11241100x8000000000000000426070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.996ffc155e8832172021-12-21 10:47:11.944root 11241100x8000000000000000426071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b4b00b2bf92eaeb2021-12-21 10:47:11.944root 11241100x8000000000000000426072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd70e4448dfe89c02021-12-21 10:47:11.944root 11241100x8000000000000000426073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc7e2f836fea834b2021-12-21 10:47:11.944root 11241100x8000000000000000426074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f6b712ef4f7adc2021-12-21 10:47:11.944root 11241100x8000000000000000426075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7984df2af4c2349c2021-12-21 10:47:11.944root 11241100x8000000000000000426076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d04b2dda04a58812021-12-21 10:47:11.944root 11241100x8000000000000000426077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f609737ca9eb28842021-12-21 10:47:11.944root 11241100x8000000000000000426078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e57414cc7f9f1822021-12-21 10:47:11.944root 11241100x8000000000000000426079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d366edc36efe4a9f2021-12-21 10:47:11.945root 11241100x8000000000000000426080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b7b13388699f2c72021-12-21 10:47:11.945root 11241100x8000000000000000426081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.778b777d2ac633fa2021-12-21 10:47:11.945root 11241100x8000000000000000426082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.243ea8ffce999b322021-12-21 10:47:11.945root 11241100x8000000000000000426083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0022b343b38e93142021-12-21 10:47:11.945root 11241100x8000000000000000426084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81a3b14cebc58382021-12-21 10:47:11.945root 11241100x8000000000000000426085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c661bf903b4d69412021-12-21 10:47:11.945root 11241100x8000000000000000426086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fea17b250f79f5322021-12-21 10:47:11.945root 11241100x8000000000000000426087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1889f8305db7942c2021-12-21 10:47:11.945root 11241100x8000000000000000426088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda759f4d64adb5d2021-12-21 10:47:11.945root 11241100x8000000000000000426089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4bcd6096cdead7a2021-12-21 10:47:11.945root 11241100x8000000000000000426090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4c27894c91d1a42021-12-21 10:47:11.945root 11241100x8000000000000000426091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d32fb9154b76c882021-12-21 10:47:11.945root 11241100x8000000000000000426092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430679d66de84ab72021-12-21 10:47:11.945root 11241100x8000000000000000426093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4515f639475e9de72021-12-21 10:47:11.945root 11241100x8000000000000000426094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca8ff998231d37432021-12-21 10:47:11.945root 11241100x8000000000000000426095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c52e4a3ddf21931f2021-12-21 10:47:11.946root 11241100x8000000000000000426096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.febbff21edf775b02021-12-21 10:47:11.946root 11241100x8000000000000000426097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a04e482526f2e02021-12-21 10:47:11.946root 11241100x8000000000000000426098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a72cd816a493382021-12-21 10:47:11.946root 11241100x8000000000000000426099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c6ee492b196e15e2021-12-21 10:47:11.946root 11241100x8000000000000000426100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fa2a81f132e65042021-12-21 10:47:11.946root 11241100x8000000000000000426101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.543c968e491beca72021-12-21 10:47:11.946root 11241100x8000000000000000426102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec889c82dc05f0bf2021-12-21 10:47:11.946root 11241100x8000000000000000426103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88c13da03c6c05b82021-12-21 10:47:11.946root 11241100x8000000000000000426104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea1a998d63dfa8002021-12-21 10:47:11.946root 11241100x8000000000000000426105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.767d8287765b20e52021-12-21 10:47:11.946root 11241100x8000000000000000426106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec9a1272860e7c4a2021-12-21 10:47:11.946root 11241100x8000000000000000426107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3adf7362ab8e6a0e2021-12-21 10:47:11.946root 11241100x8000000000000000426108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c088f6461bb50792021-12-21 10:47:11.946root 11241100x8000000000000000426109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56dd48fd5fc40a872021-12-21 10:47:11.946root 11241100x8000000000000000426110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.119ea8dd953bb3f72021-12-21 10:47:12.443root 11241100x8000000000000000426111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7e690e22978a5be2021-12-21 10:47:12.443root 11241100x8000000000000000426112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f2eafca75bb74052021-12-21 10:47:12.443root 11241100x8000000000000000426113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a1d0fa53526cdb2021-12-21 10:47:12.444root 11241100x8000000000000000426114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f33dc18a6e22bfba2021-12-21 10:47:12.444root 11241100x8000000000000000426115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc437bc4b8bfedeb2021-12-21 10:47:12.444root 11241100x8000000000000000426116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62222ccf068175772021-12-21 10:47:12.444root 11241100x8000000000000000426117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7894fc2b20beccc32021-12-21 10:47:12.444root 11241100x8000000000000000426118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fae9935289474b722021-12-21 10:47:12.444root 11241100x8000000000000000426119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d00dcb63b9dbf1712021-12-21 10:47:12.444root 11241100x8000000000000000426120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8e13bbb3d1ba962021-12-21 10:47:12.444root 11241100x8000000000000000426121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc0a876974f15a42021-12-21 10:47:12.444root 11241100x8000000000000000426122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.772778d61f1282012021-12-21 10:47:12.444root 11241100x8000000000000000426123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8591b503866874e2021-12-21 10:47:12.444root 11241100x8000000000000000426124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c3fa15b6d3e68a92021-12-21 10:47:12.444root 11241100x8000000000000000426125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.386524284130c1e62021-12-21 10:47:12.444root 11241100x8000000000000000426126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e07c28dfd1e9da2021-12-21 10:47:12.444root 11241100x8000000000000000426127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de344b6016c2adb2021-12-21 10:47:12.444root 11241100x8000000000000000426128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36ba35facfaaab92021-12-21 10:47:12.444root 11241100x8000000000000000426129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80e2046b27c2e0d82021-12-21 10:47:12.445root 11241100x8000000000000000426130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e54bfbdb3e7e5dee2021-12-21 10:47:12.445root 11241100x8000000000000000426131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d1386f0f5d2c66a2021-12-21 10:47:12.445root 11241100x8000000000000000426132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02b48d0037cf31142021-12-21 10:47:12.445root 11241100x8000000000000000426133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18fc4eb0eb3e3bf42021-12-21 10:47:12.445root 11241100x8000000000000000426134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43796afd22659bfc2021-12-21 10:47:12.445root 11241100x8000000000000000426135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d1343ce6b7ff8c2021-12-21 10:47:12.445root 11241100x8000000000000000426136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e70fef44b8016d4c2021-12-21 10:47:12.445root 11241100x8000000000000000426137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f540b218c7e0e1e2021-12-21 10:47:12.445root 11241100x8000000000000000426138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cea119b701c836152021-12-21 10:47:12.445root 11241100x8000000000000000426139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef83be47df9927da2021-12-21 10:47:12.445root 11241100x8000000000000000426140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c516aa66746d606d2021-12-21 10:47:12.445root 11241100x8000000000000000426141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d340dab2e405502021-12-21 10:47:12.445root 11241100x8000000000000000426142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7096bcf17c0de22f2021-12-21 10:47:12.445root 11241100x8000000000000000426143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c15a442f8e003e2021-12-21 10:47:12.445root 11241100x8000000000000000426144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae65a248529f250a2021-12-21 10:47:12.445root 11241100x8000000000000000426145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3689c4ccf9657742021-12-21 10:47:12.446root 11241100x8000000000000000426146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3abcafc4168e66ac2021-12-21 10:47:12.446root 11241100x8000000000000000426147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da680afae4c0c1f92021-12-21 10:47:12.446root 11241100x8000000000000000426148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65dcb7bad34f81742021-12-21 10:47:12.446root 11241100x8000000000000000426149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd59934644de57b22021-12-21 10:47:12.446root 11241100x8000000000000000426150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd8569eb4e61e7c2021-12-21 10:47:12.446root 11241100x8000000000000000426151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5faff83a1a07ce62021-12-21 10:47:12.446root 11241100x8000000000000000426152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.accce59d5f4aea902021-12-21 10:47:12.943root 11241100x8000000000000000426153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d6e56433aecc932021-12-21 10:47:12.943root 11241100x8000000000000000426154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c254ab5d19cfd22021-12-21 10:47:12.943root 11241100x8000000000000000426155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c059f70f3bf28542021-12-21 10:47:12.944root 11241100x8000000000000000426156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77143c83dab4ccdb2021-12-21 10:47:12.944root 11241100x8000000000000000426157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ab1c1f9c800f9bc2021-12-21 10:47:12.944root 11241100x8000000000000000426158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab65b0fa09d05dc62021-12-21 10:47:12.944root 11241100x8000000000000000426159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6224c100635117ac2021-12-21 10:47:12.944root 11241100x8000000000000000426160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7567e1f79a051582021-12-21 10:47:12.944root 11241100x8000000000000000426161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05142d6c66ee630e2021-12-21 10:47:12.944root 11241100x8000000000000000426162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e0163633cbc11c2021-12-21 10:47:12.944root 11241100x8000000000000000426163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10bd13fd95cdc4c22021-12-21 10:47:12.944root 11241100x8000000000000000426164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a8eff0a17a8a102021-12-21 10:47:12.944root 11241100x8000000000000000426165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bb3a887189b52af2021-12-21 10:47:12.944root 11241100x8000000000000000426166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77313adc429a5eb32021-12-21 10:47:12.944root 11241100x8000000000000000426167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4536aa0adceee7e2021-12-21 10:47:12.944root 11241100x8000000000000000426168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.673406dbd99eef482021-12-21 10:47:12.944root 11241100x8000000000000000426169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f9b9db414b286f72021-12-21 10:47:12.944root 11241100x8000000000000000426170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e3b9d26d860ce542021-12-21 10:47:12.944root 11241100x8000000000000000426171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f51b357e58e5efb52021-12-21 10:47:12.945root 11241100x8000000000000000426172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5fef70167c98f3c2021-12-21 10:47:12.945root 11241100x8000000000000000426173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca85cd8a75e560e2021-12-21 10:47:12.945root 11241100x8000000000000000426174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d2dac1baf9f87332021-12-21 10:47:12.945root 11241100x8000000000000000426175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0803550b79b77dce2021-12-21 10:47:12.945root 11241100x8000000000000000426176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.149b3e6a3ef0b2512021-12-21 10:47:12.945root 11241100x8000000000000000426177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0823d26f8ecc715d2021-12-21 10:47:12.945root 11241100x8000000000000000426178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42daddcab693485a2021-12-21 10:47:12.945root 11241100x8000000000000000426179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d22e27a106ff19b2021-12-21 10:47:12.945root 11241100x8000000000000000426180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.364b3001a0664e0a2021-12-21 10:47:12.945root 11241100x8000000000000000426181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fdc6e085a118ebb2021-12-21 10:47:12.945root 11241100x8000000000000000426182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff49f625e196bff42021-12-21 10:47:12.945root 11241100x8000000000000000426183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4651818b6d9e8eea2021-12-21 10:47:12.945root 11241100x8000000000000000426184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8695f492094c8602021-12-21 10:47:12.945root 11241100x8000000000000000426185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4478a094f8f3f22021-12-21 10:47:12.945root 11241100x8000000000000000426186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d99c0d13ee0571bc2021-12-21 10:47:12.945root 11241100x8000000000000000426187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.294dd8b8469d600b2021-12-21 10:47:12.945root 11241100x8000000000000000426188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff9efab0a03105b2021-12-21 10:47:12.946root 11241100x8000000000000000426189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2caf4a0a957bc852021-12-21 10:47:12.946root 11241100x8000000000000000426190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee85c6881343fbbe2021-12-21 10:47:12.946root 11241100x8000000000000000426191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b38c74c0993a1e2021-12-21 10:47:12.946root 11241100x8000000000000000426192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8a489d41504e9e82021-12-21 10:47:12.946root 11241100x8000000000000000426193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881d206059d095272021-12-21 10:47:12.946root 11241100x8000000000000000426194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d21f3c5cde935c2021-12-21 10:47:12.946root 11241100x8000000000000000426195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:12.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc78672c389c31a12021-12-21 10:47:12.947root 11241100x8000000000000000426196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23288ce00206d5a2021-12-21 10:47:13.443root 11241100x8000000000000000426197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb2c82126381c292021-12-21 10:47:13.443root 11241100x8000000000000000426198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c372bbcd0a4d10e2021-12-21 10:47:13.443root 11241100x8000000000000000426199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae0ba200ef2fadcd2021-12-21 10:47:13.444root 11241100x8000000000000000426200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e079de88e3cdd0c2021-12-21 10:47:13.444root 11241100x8000000000000000426201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a066ca620b4bcca2021-12-21 10:47:13.444root 11241100x8000000000000000426202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28cdafeb31365e62021-12-21 10:47:13.444root 11241100x8000000000000000426203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d98ef30a2653c12021-12-21 10:47:13.444root 11241100x8000000000000000426204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef8c2aa548f74f692021-12-21 10:47:13.444root 11241100x8000000000000000426205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b3b49405d5afc652021-12-21 10:47:13.444root 11241100x8000000000000000426206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58336329093adfb72021-12-21 10:47:13.444root 11241100x8000000000000000426207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80992abfd923bf782021-12-21 10:47:13.444root 11241100x8000000000000000426208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.758f97873f2bd2a12021-12-21 10:47:13.444root 11241100x8000000000000000426209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac0417d47e73f1a2021-12-21 10:47:13.444root 11241100x8000000000000000426210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba96f8b0d041d482021-12-21 10:47:13.444root 11241100x8000000000000000426211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3d2f91b1c75dfb52021-12-21 10:47:13.444root 11241100x8000000000000000426212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7332cb2799b6da2021-12-21 10:47:13.444root 11241100x8000000000000000426213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b735cc5b159e6e7b2021-12-21 10:47:13.444root 11241100x8000000000000000426214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0142385556edccb2021-12-21 10:47:13.444root 11241100x8000000000000000426215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1268cf1bd96d307a2021-12-21 10:47:13.445root 11241100x8000000000000000426216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c79dcf3ee30cb2a2021-12-21 10:47:13.445root 11241100x8000000000000000426217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c454197b5f383362021-12-21 10:47:13.445root 11241100x8000000000000000426218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b9cba8a8a75a7322021-12-21 10:47:13.445root 11241100x8000000000000000426219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4919b989bfea2eee2021-12-21 10:47:13.445root 11241100x8000000000000000426220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a144f86c83326962021-12-21 10:47:13.445root 11241100x8000000000000000426221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e44f745bb9e952b2021-12-21 10:47:13.445root 11241100x8000000000000000426222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a40c04c68187ae2021-12-21 10:47:13.445root 11241100x8000000000000000426223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0393c598c479ab102021-12-21 10:47:13.445root 11241100x8000000000000000426224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faedfa4fabad2c2f2021-12-21 10:47:13.445root 11241100x8000000000000000426225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a27b07470940572021-12-21 10:47:13.445root 11241100x8000000000000000426226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d68a62bbce55dec2021-12-21 10:47:13.445root 11241100x8000000000000000426227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e8b914f3e9e15d2021-12-21 10:47:13.445root 11241100x8000000000000000426228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f452a2d160d4ecef2021-12-21 10:47:13.445root 11241100x8000000000000000426229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e70e4bad7b5f85652021-12-21 10:47:13.445root 11241100x8000000000000000426230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.686cab6be9f0913f2021-12-21 10:47:13.445root 11241100x8000000000000000426231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dafd5b1d476929a2021-12-21 10:47:13.445root 11241100x8000000000000000426232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d5e6f5b9a6fee7c2021-12-21 10:47:13.446root 11241100x8000000000000000426233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.109736230bdc74aa2021-12-21 10:47:13.446root 11241100x8000000000000000426234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca4643790cf532dc2021-12-21 10:47:13.446root 11241100x8000000000000000426235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.475eca00230257d52021-12-21 10:47:13.446root 11241100x8000000000000000426236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1960cc3fa78dd3c72021-12-21 10:47:13.446root 11241100x8000000000000000426237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c515a0ec4eb768c2021-12-21 10:47:13.447root 11241100x8000000000000000426238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e344fb0d42a16282021-12-21 10:47:13.447root 11241100x8000000000000000426239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5568b0bcc8b1d5ed2021-12-21 10:47:13.447root 11241100x8000000000000000426240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd97dd02e5098062021-12-21 10:47:13.447root 11241100x8000000000000000426241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b25d3f3ba16b57782021-12-21 10:47:13.943root 11241100x8000000000000000426242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7791772dc4404dbe2021-12-21 10:47:13.943root 11241100x8000000000000000426243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e2cc31911c7add2021-12-21 10:47:13.943root 11241100x8000000000000000426244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d793d78e68b989592021-12-21 10:47:13.943root 11241100x8000000000000000426245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae91276d81b4ce62021-12-21 10:47:13.944root 11241100x8000000000000000426246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48652886121612f52021-12-21 10:47:13.944root 11241100x8000000000000000426247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af5e5dcd260de3092021-12-21 10:47:13.944root 11241100x8000000000000000426248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d250ff59d8cdbc52021-12-21 10:47:13.944root 11241100x8000000000000000426249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03b92f23ba39164a2021-12-21 10:47:13.944root 11241100x8000000000000000426250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3eeaba097ceb41b2021-12-21 10:47:13.944root 11241100x8000000000000000426251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d373cbc2782cf6c42021-12-21 10:47:13.944root 11241100x8000000000000000426252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d76e1fb7a1560f272021-12-21 10:47:13.944root 11241100x8000000000000000426253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5363e87f0a2132442021-12-21 10:47:13.944root 11241100x8000000000000000426254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4dfaa80dd2f41682021-12-21 10:47:13.944root 11241100x8000000000000000426255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd66066f078878272021-12-21 10:47:13.944root 11241100x8000000000000000426256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb058585bf33185b2021-12-21 10:47:13.944root 11241100x8000000000000000426257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.069000342c7d61e52021-12-21 10:47:13.944root 11241100x8000000000000000426258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.360b41770c5f03b22021-12-21 10:47:13.944root 11241100x8000000000000000426259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43d46d994a84e1802021-12-21 10:47:13.945root 11241100x8000000000000000426260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2a7caf7224855c2021-12-21 10:47:13.945root 11241100x8000000000000000426261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d0b10514fa85f662021-12-21 10:47:13.945root 11241100x8000000000000000426262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2520e2a18004c9a2021-12-21 10:47:13.945root 11241100x8000000000000000426263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c37bf7fcabe4782021-12-21 10:47:13.945root 11241100x8000000000000000426264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aeee54676b6315d2021-12-21 10:47:13.945root 11241100x8000000000000000426265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da15246cda48eab2021-12-21 10:47:13.945root 11241100x8000000000000000426266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9ab23708f8577aa2021-12-21 10:47:13.945root 11241100x8000000000000000426267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f0d97c74c951dd2021-12-21 10:47:13.945root 11241100x8000000000000000426268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb0f86bd9e02121d2021-12-21 10:47:13.945root 11241100x8000000000000000426269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8484e610e9e035492021-12-21 10:47:13.945root 11241100x8000000000000000426270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e50927be491b9a2021-12-21 10:47:13.945root 11241100x8000000000000000426271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc5af9fbc49622f02021-12-21 10:47:13.945root 11241100x8000000000000000426272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cbfb949bf67fa9a2021-12-21 10:47:13.945root 11241100x8000000000000000426273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb0f6213e45f5432021-12-21 10:47:13.945root 11241100x8000000000000000426274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd1beac2439b28122021-12-21 10:47:13.946root 11241100x8000000000000000426275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.235f0ed6379b7fb02021-12-21 10:47:13.946root 11241100x8000000000000000426276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03cd81bf6c671c082021-12-21 10:47:13.946root 11241100x8000000000000000426277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1790cf53e7158752021-12-21 10:47:13.946root 11241100x8000000000000000426278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e23ce50dd323392021-12-21 10:47:13.946root 11241100x8000000000000000426279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12681d12119145df2021-12-21 10:47:13.946root 11241100x8000000000000000426280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.229994c69e0482982021-12-21 10:47:13.947root 11241100x8000000000000000426281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7df5198b8ebe5822021-12-21 10:47:13.947root 11241100x8000000000000000426282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c372e7bb525f36e42021-12-21 10:47:13.947root 11241100x8000000000000000426283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.720900e558fa13fc2021-12-21 10:47:13.947root 11241100x8000000000000000426284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560e639aa485858e2021-12-21 10:47:13.947root 11241100x8000000000000000426285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:13.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b75dbd8fe7a62b42021-12-21 10:47:13.947root 11241100x8000000000000000426286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cba62dc0af948b62021-12-21 10:47:14.443root 11241100x8000000000000000426287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0eed25952b11bb82021-12-21 10:47:14.444root 11241100x8000000000000000426288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1040b7912e1dca282021-12-21 10:47:14.444root 11241100x8000000000000000426289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b60c49695f31a0de2021-12-21 10:47:14.444root 11241100x8000000000000000426290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603d9eb81117262c2021-12-21 10:47:14.444root 11241100x8000000000000000426291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c064f85d3881f412021-12-21 10:47:14.444root 11241100x8000000000000000426292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.844b5de94912275a2021-12-21 10:47:14.445root 11241100x8000000000000000426293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2106cbd65a103e7f2021-12-21 10:47:14.445root 11241100x8000000000000000426294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d0b9202ab285362021-12-21 10:47:14.445root 11241100x8000000000000000426295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.682daa889474bfe42021-12-21 10:47:14.445root 11241100x8000000000000000426296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f408d67df4acb92021-12-21 10:47:14.445root 11241100x8000000000000000426297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce55d34fd0cb3bf2021-12-21 10:47:14.445root 11241100x8000000000000000426298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115bea0a7534f1712021-12-21 10:47:14.446root 11241100x8000000000000000426299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.361f242ef26130582021-12-21 10:47:14.446root 11241100x8000000000000000426300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8351072621d6d5b2021-12-21 10:47:14.446root 11241100x8000000000000000426301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a12eca14c6d76e32021-12-21 10:47:14.446root 11241100x8000000000000000426302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a0489605a4860d92021-12-21 10:47:14.446root 11241100x8000000000000000426303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6895b49223ff57e2021-12-21 10:47:14.447root 11241100x8000000000000000426304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbc3cc0f957e7fd42021-12-21 10:47:14.447root 11241100x8000000000000000426305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3810e577ec2f6ba62021-12-21 10:47:14.447root 11241100x8000000000000000426306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0c448b556fecf6f2021-12-21 10:47:14.447root 11241100x8000000000000000426307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a8cf62095c7a64b2021-12-21 10:47:14.447root 11241100x8000000000000000426308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.573bec930ee074fa2021-12-21 10:47:14.447root 11241100x8000000000000000426309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a0f2f3fef60af82021-12-21 10:47:14.448root 11241100x8000000000000000426310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.733844670e1befb52021-12-21 10:47:14.448root 11241100x8000000000000000426311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296838fc0e350b352021-12-21 10:47:14.448root 11241100x8000000000000000426312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.333d687d4bcd8c0f2021-12-21 10:47:14.448root 11241100x8000000000000000426313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a55cd16935ac4e362021-12-21 10:47:14.448root 11241100x8000000000000000426314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.385024f90f9680252021-12-21 10:47:14.448root 11241100x8000000000000000426315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325cd0debc2b89bb2021-12-21 10:47:14.449root 11241100x8000000000000000426316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f299efa1d6eb4e992021-12-21 10:47:14.449root 11241100x8000000000000000426317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f2bcfe887522f4f2021-12-21 10:47:14.449root 11241100x8000000000000000426318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24efb6febc1f47d2021-12-21 10:47:14.449root 11241100x8000000000000000426319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff7ff087428507502021-12-21 10:47:14.449root 11241100x8000000000000000426320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e3ba459a4d4983c2021-12-21 10:47:14.449root 11241100x8000000000000000426321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.032e26139c0342942021-12-21 10:47:14.449root 11241100x8000000000000000426322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac3d31b788c84d42021-12-21 10:47:14.450root 11241100x8000000000000000426323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0924ba9686333b622021-12-21 10:47:14.450root 11241100x8000000000000000426324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce56a7c6e9c4ef22021-12-21 10:47:14.450root 11241100x8000000000000000426325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e36bab347abc952021-12-21 10:47:14.450root 11241100x8000000000000000426326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf8e63264814873b2021-12-21 10:47:14.451root 11241100x8000000000000000426327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adadaa5866e30c062021-12-21 10:47:14.451root 11241100x8000000000000000426328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.199c96b216fcc1982021-12-21 10:47:14.451root 11241100x8000000000000000426329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0320c465a59b9c102021-12-21 10:47:14.452root 11241100x8000000000000000426330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1596cc27d5d81702021-12-21 10:47:14.452root 11241100x8000000000000000426331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7269610fd79f8f382021-12-21 10:47:14.943root 11241100x8000000000000000426332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d3a43d5bf4428e12021-12-21 10:47:14.943root 11241100x8000000000000000426333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0985ced6911789912021-12-21 10:47:14.944root 11241100x8000000000000000426334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d101cfabc06e3e32021-12-21 10:47:14.944root 11241100x8000000000000000426335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be144f302fb55c5f2021-12-21 10:47:14.944root 11241100x8000000000000000426336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac2e87733399c312021-12-21 10:47:14.944root 11241100x8000000000000000426337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.273951f4b54a86242021-12-21 10:47:14.944root 11241100x8000000000000000426338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe05e28e7a5661f2021-12-21 10:47:14.944root 11241100x8000000000000000426339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea785ef2755198842021-12-21 10:47:14.945root 11241100x8000000000000000426340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc739875e6a391bb2021-12-21 10:47:14.945root 11241100x8000000000000000426341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03297e18c7965742021-12-21 10:47:14.945root 11241100x8000000000000000426342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b0a98d9209e89932021-12-21 10:47:14.945root 11241100x8000000000000000426343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.446be2463a6759f72021-12-21 10:47:14.945root 11241100x8000000000000000426344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965a91c01c45355d2021-12-21 10:47:14.945root 11241100x8000000000000000426345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775e717d2c6a828a2021-12-21 10:47:14.945root 11241100x8000000000000000426346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a6e2b5758e835772021-12-21 10:47:14.945root 11241100x8000000000000000426347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eefc4976eada73b2021-12-21 10:47:14.945root 11241100x8000000000000000426348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaee1ceea93b95382021-12-21 10:47:14.946root 11241100x8000000000000000426349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.758315d29b5152772021-12-21 10:47:14.946root 11241100x8000000000000000426350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.913d8f0cf1e91d592021-12-21 10:47:14.946root 11241100x8000000000000000426351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ce3b6f2b918a052021-12-21 10:47:14.946root 11241100x8000000000000000426352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ae0d50a5f666632021-12-21 10:47:14.946root 11241100x8000000000000000426353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.006b0e5f881ebca22021-12-21 10:47:14.946root 11241100x8000000000000000426354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.befd3e3e69f19ae62021-12-21 10:47:14.946root 11241100x8000000000000000426355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.830e327859ee47f82021-12-21 10:47:14.946root 11241100x8000000000000000426356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea3f4cedf0d48482021-12-21 10:47:14.946root 11241100x8000000000000000426357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15cdf2dc144e224c2021-12-21 10:47:14.946root 11241100x8000000000000000426358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de95ec304485b072021-12-21 10:47:14.946root 11241100x8000000000000000426359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b866b864481dd55c2021-12-21 10:47:14.946root 11241100x8000000000000000426360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7534919cb13465d12021-12-21 10:47:14.946root 11241100x8000000000000000426361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b57e6c0cca93422021-12-21 10:47:14.946root 11241100x8000000000000000426362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b1df6fd4357a4512021-12-21 10:47:14.946root 11241100x8000000000000000426363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc63879671eaea2f2021-12-21 10:47:14.946root 11241100x8000000000000000426364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb6d2c8ca83a16f2021-12-21 10:47:14.946root 11241100x8000000000000000426365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fcb7b857735fdf82021-12-21 10:47:14.947root 11241100x8000000000000000426366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e19fb4a9dfff7ab2021-12-21 10:47:14.947root 11241100x8000000000000000426367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80ff9c81f8db799a2021-12-21 10:47:14.947root 11241100x8000000000000000426368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a5e5dcc7ff01512021-12-21 10:47:14.947root 11241100x8000000000000000426369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cebfe66fb26553572021-12-21 10:47:14.947root 11241100x8000000000000000426370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8fc989f990689342021-12-21 10:47:14.947root 11241100x8000000000000000426371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68bade246688faad2021-12-21 10:47:14.947root 11241100x8000000000000000426372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e39dd284c76093762021-12-21 10:47:14.947root 11241100x8000000000000000426373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b720cba9d6d9de12021-12-21 10:47:14.947root 11241100x8000000000000000426374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc2f47cdb5da69152021-12-21 10:47:14.947root 11241100x8000000000000000426375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9433da3154bfae52021-12-21 10:47:14.947root 11241100x8000000000000000426376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a6613b868398752021-12-21 10:47:14.947root 354300x8000000000000000426377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.218{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47598-false10.0.1.12-8000- 11241100x8000000000000000426378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.226b9c656ae5005b2021-12-21 10:47:15.219root 11241100x8000000000000000426379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c152d8f977bb60012021-12-21 10:47:15.219root 11241100x8000000000000000426380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4bf2ac7a679f8f12021-12-21 10:47:15.219root 11241100x8000000000000000426381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c491cac1ab15b1c2021-12-21 10:47:15.219root 11241100x8000000000000000426382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b69733377b8ea7d2021-12-21 10:47:15.220root 11241100x8000000000000000426383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f29c13141720c26a2021-12-21 10:47:15.220root 11241100x8000000000000000426384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7f9493907fc9d4a2021-12-21 10:47:15.220root 11241100x8000000000000000426385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ddc44d245256992021-12-21 10:47:15.220root 11241100x8000000000000000426386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06619c115499ebf22021-12-21 10:47:15.220root 11241100x8000000000000000426387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.491577c22d0ac2c92021-12-21 10:47:15.220root 11241100x8000000000000000426388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ef79d849dcb22ab2021-12-21 10:47:15.221root 11241100x8000000000000000426389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.558f0a8dd5e34a2e2021-12-21 10:47:15.221root 11241100x8000000000000000426390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c6abf50f8a314f22021-12-21 10:47:15.221root 11241100x8000000000000000426391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.309320a057ebaddb2021-12-21 10:47:15.221root 11241100x8000000000000000426392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc6ddcf6b0e55062021-12-21 10:47:15.221root 11241100x8000000000000000426393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b5673e09694cf22021-12-21 10:47:15.221root 11241100x8000000000000000426394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a9e78c5c342cb912021-12-21 10:47:15.221root 11241100x8000000000000000426395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a190e939881466a72021-12-21 10:47:15.221root 11241100x8000000000000000426396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc19d4dfbd8f36272021-12-21 10:47:15.222root 11241100x8000000000000000426397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.870bcba4e069b8d52021-12-21 10:47:15.222root 11241100x8000000000000000426398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa6099f521a6cae2021-12-21 10:47:15.222root 11241100x8000000000000000426399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8063a74b003c17082021-12-21 10:47:15.222root 11241100x8000000000000000426400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e226744a7b6bde692021-12-21 10:47:15.222root 11241100x8000000000000000426401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cea75d8ada1369c22021-12-21 10:47:15.222root 11241100x8000000000000000426402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdaa174cb98923dd2021-12-21 10:47:15.222root 11241100x8000000000000000426403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd4e3d832e364c862021-12-21 10:47:15.222root 11241100x8000000000000000426404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82421763aa292ad72021-12-21 10:47:15.222root 11241100x8000000000000000426405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ae439b8cc8b989d2021-12-21 10:47:15.222root 11241100x8000000000000000426406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5faf7b7d797a7b312021-12-21 10:47:15.222root 11241100x8000000000000000426407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee0ca360b261ce92021-12-21 10:47:15.223root 11241100x8000000000000000426408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a38c77fd2e94e8f2021-12-21 10:47:15.223root 11241100x8000000000000000426409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31cb8fa2e16cf2d82021-12-21 10:47:15.223root 11241100x8000000000000000426410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a24aa6ed4b4db73e2021-12-21 10:47:15.223root 11241100x8000000000000000426411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b841f918cf2bd72021-12-21 10:47:15.224root 11241100x8000000000000000426412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b3f5d5fb35e12642021-12-21 10:47:15.224root 11241100x8000000000000000426413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62665aacb9d711ce2021-12-21 10:47:15.224root 11241100x8000000000000000426414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef92001c97c232b42021-12-21 10:47:15.224root 11241100x8000000000000000426415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d22b46e97af468ab2021-12-21 10:47:15.225root 11241100x8000000000000000426416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d570c43c7260af82021-12-21 10:47:15.225root 11241100x8000000000000000426417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dae9eded5453a5c2021-12-21 10:47:15.225root 11241100x8000000000000000426418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d13d37bd8670f62021-12-21 10:47:15.225root 11241100x8000000000000000426419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9966c5bcc480f482021-12-21 10:47:15.225root 11241100x8000000000000000426420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae4f0b6057867642021-12-21 10:47:15.225root 11241100x8000000000000000426421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.226{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507af778403f122f2021-12-21 10:47:15.226root 11241100x8000000000000000426422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.226{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b68368dafb1c701a2021-12-21 10:47:15.226root 11241100x8000000000000000426423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.226{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.662587d07d44ee0e2021-12-21 10:47:15.226root 11241100x8000000000000000426424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.226{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe83ad77663ffaa2021-12-21 10:47:15.226root 11241100x8000000000000000426425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.226{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d56ff92644248af22021-12-21 10:47:15.226root 11241100x8000000000000000426426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.226{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e7270e5d964ebf2021-12-21 10:47:15.226root 11241100x8000000000000000426427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.227{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44dddcc475f3fde32021-12-21 10:47:15.227root 11241100x8000000000000000426428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.227{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6794aa30b0da7cbe2021-12-21 10:47:15.227root 11241100x8000000000000000426429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.227{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d8093c35558b0d2021-12-21 10:47:15.227root 11241100x8000000000000000426430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.227{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7065d9441904cc2021-12-21 10:47:15.227root 11241100x8000000000000000426431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.227{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b91cd83cdbbb56002021-12-21 10:47:15.227root 11241100x8000000000000000426432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.227{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de1de9733d664752021-12-21 10:47:15.227root 11241100x8000000000000000426433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.227{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9344f56f76e649172021-12-21 10:47:15.227root 11241100x8000000000000000426434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.227{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4883974d47e0cd82021-12-21 10:47:15.227root 11241100x8000000000000000426435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c11a50de2feec4a42021-12-21 10:47:15.228root 11241100x8000000000000000426436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9397ae007513db082021-12-21 10:47:15.228root 11241100x8000000000000000426437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.221e14ba1be0731f2021-12-21 10:47:15.228root 11241100x8000000000000000426438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f55269afbdd0422021-12-21 10:47:15.228root 11241100x8000000000000000426439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9af67bc92720b0a72021-12-21 10:47:15.694root 11241100x8000000000000000426440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df059edbd583f462021-12-21 10:47:15.694root 11241100x8000000000000000426441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd33a09817bfe0d52021-12-21 10:47:15.695root 11241100x8000000000000000426442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a5aa653d119700a2021-12-21 10:47:15.695root 11241100x8000000000000000426443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5185364ea9bfbe3a2021-12-21 10:47:15.695root 11241100x8000000000000000426444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6715468036ccffd92021-12-21 10:47:15.695root 11241100x8000000000000000426445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ff1dfa9fd706d412021-12-21 10:47:15.695root 11241100x8000000000000000426446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e862b32f1d20ad32021-12-21 10:47:15.695root 11241100x8000000000000000426447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2353fa849d1ddac2021-12-21 10:47:15.695root 11241100x8000000000000000426448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08219e89638113e92021-12-21 10:47:15.695root 11241100x8000000000000000426449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23d557b9e7f091552021-12-21 10:47:15.695root 11241100x8000000000000000426450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad2ff7309e3dbb02021-12-21 10:47:15.695root 11241100x8000000000000000426451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d4d7063f3167442021-12-21 10:47:15.696root 11241100x8000000000000000426452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c20d6ea1602907c2021-12-21 10:47:15.696root 11241100x8000000000000000426453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e2d5a15bd6a994b2021-12-21 10:47:15.696root 11241100x8000000000000000426454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf58e0ce3780e6ac2021-12-21 10:47:15.696root 11241100x8000000000000000426455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd3ded3e0fd6cfa92021-12-21 10:47:15.696root 11241100x8000000000000000426456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1dec4c6d4d4d862021-12-21 10:47:15.696root 11241100x8000000000000000426457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70dfe21bd5b128ca2021-12-21 10:47:15.696root 11241100x8000000000000000426458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7b06f7587f777c42021-12-21 10:47:15.696root 11241100x8000000000000000426459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0285131123f86df2021-12-21 10:47:15.696root 11241100x8000000000000000426460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.102b50703d12d5e32021-12-21 10:47:15.696root 11241100x8000000000000000426461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cac6ac56216f62402021-12-21 10:47:15.696root 11241100x8000000000000000426462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6475ab3f80f606c2021-12-21 10:47:15.696root 11241100x8000000000000000426463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69ad8c597683fcac2021-12-21 10:47:15.696root 11241100x8000000000000000426464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93edb86d6a682b952021-12-21 10:47:15.697root 11241100x8000000000000000426465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fedec393fd99feff2021-12-21 10:47:15.697root 11241100x8000000000000000426466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b016bf4c66153d72021-12-21 10:47:15.697root 11241100x8000000000000000426467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ebef021557d8be2021-12-21 10:47:15.697root 11241100x8000000000000000426468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc97e63db070f982021-12-21 10:47:15.697root 11241100x8000000000000000426469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5de2ecc5eb0fb822021-12-21 10:47:15.697root 11241100x8000000000000000426470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3461a1bb6363a5102021-12-21 10:47:15.697root 11241100x8000000000000000426471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51864615ce4c68082021-12-21 10:47:15.697root 11241100x8000000000000000426472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec0a8f6f54eb99602021-12-21 10:47:15.697root 11241100x8000000000000000426473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2b391ead508c2e82021-12-21 10:47:15.698root 11241100x8000000000000000426474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c6ab25145017062021-12-21 10:47:15.698root 11241100x8000000000000000426475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ba6b7e947c0aa82021-12-21 10:47:15.698root 11241100x8000000000000000426476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3166c904551550362021-12-21 10:47:15.698root 11241100x8000000000000000426477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ce671c7af2a7d62021-12-21 10:47:15.698root 11241100x8000000000000000426478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64969c0b0a3a6d802021-12-21 10:47:15.698root 11241100x8000000000000000426479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ddc8f12cda97c22021-12-21 10:47:15.698root 11241100x8000000000000000426480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:15.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc38baa6d07e85962021-12-21 10:47:15.698root 11241100x8000000000000000426481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bff6e99bd57ffed2021-12-21 10:47:16.194root 11241100x8000000000000000426482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3697383a39ba1d722021-12-21 10:47:16.194root 11241100x8000000000000000426483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7543c5f9d0e2bfd52021-12-21 10:47:16.194root 11241100x8000000000000000426484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.276b8046615e37582021-12-21 10:47:16.194root 11241100x8000000000000000426485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.528ae3ca5eb768dd2021-12-21 10:47:16.194root 11241100x8000000000000000426486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d630f3944d40cc522021-12-21 10:47:16.195root 11241100x8000000000000000426487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03b5e74e9ae2b9222021-12-21 10:47:16.195root 11241100x8000000000000000426488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34370b287d23692e2021-12-21 10:47:16.195root 11241100x8000000000000000426489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de3b75ef82c983912021-12-21 10:47:16.195root 11241100x8000000000000000426490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bcf4b789396bde52021-12-21 10:47:16.195root 11241100x8000000000000000426491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0414a39be785f7c12021-12-21 10:47:16.195root 11241100x8000000000000000426492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f3f83748d28c3542021-12-21 10:47:16.195root 11241100x8000000000000000426493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1789202435d8d6d42021-12-21 10:47:16.195root 11241100x8000000000000000426494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cca5ade956b715d2021-12-21 10:47:16.195root 11241100x8000000000000000426495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27bfaf0499f9689a2021-12-21 10:47:16.195root 11241100x8000000000000000426496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b946e796de867f2021-12-21 10:47:16.195root 11241100x8000000000000000426497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e5e5f6010959632021-12-21 10:47:16.195root 11241100x8000000000000000426498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3be1f9c9fa18bf4a2021-12-21 10:47:16.195root 11241100x8000000000000000426499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489f016d853369592021-12-21 10:47:16.195root 11241100x8000000000000000426500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc723eefd0f031492021-12-21 10:47:16.195root 11241100x8000000000000000426501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.865bda4a34396c3d2021-12-21 10:47:16.196root 11241100x8000000000000000426502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6704b4a26952eced2021-12-21 10:47:16.196root 11241100x8000000000000000426503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f6a923425e3c032021-12-21 10:47:16.196root 11241100x8000000000000000426504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb49d8db8f6d054e2021-12-21 10:47:16.196root 11241100x8000000000000000426505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165a877758e8dbb32021-12-21 10:47:16.196root 11241100x8000000000000000426506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68cf9b86707ec8382021-12-21 10:47:16.196root 11241100x8000000000000000426507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c69e079395b824c2021-12-21 10:47:16.196root 11241100x8000000000000000426508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0097085c6d380012021-12-21 10:47:16.196root 11241100x8000000000000000426509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd031a396ec98b932021-12-21 10:47:16.196root 11241100x8000000000000000426510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d49f78e82b14e1b2021-12-21 10:47:16.196root 11241100x8000000000000000426511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f45c3764d7af722021-12-21 10:47:16.197root 11241100x8000000000000000426512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae4aa3b4bfceb4822021-12-21 10:47:16.197root 11241100x8000000000000000426513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfaf3149b25dcf962021-12-21 10:47:16.197root 11241100x8000000000000000426514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77959f37765533572021-12-21 10:47:16.197root 11241100x8000000000000000426515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e8b4305b878e292021-12-21 10:47:16.197root 11241100x8000000000000000426516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b15618cccae1a432021-12-21 10:47:16.197root 11241100x8000000000000000426517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f6804c84cc187df2021-12-21 10:47:16.197root 11241100x8000000000000000426518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9799642e87a0c0762021-12-21 10:47:16.197root 11241100x8000000000000000426519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ea220eadac58432021-12-21 10:47:16.197root 11241100x8000000000000000426520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81cf8a76182c52232021-12-21 10:47:16.197root 11241100x8000000000000000426521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b809ea5fa01e6e2021-12-21 10:47:16.197root 11241100x8000000000000000426522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7e7572126400dfa2021-12-21 10:47:16.197root 11241100x8000000000000000426523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca596c5755494ad92021-12-21 10:47:16.693root 11241100x8000000000000000426524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd143a7d206e1882021-12-21 10:47:16.693root 11241100x8000000000000000426525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22e341f8f999ffa2021-12-21 10:47:16.693root 11241100x8000000000000000426526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e43d700721ebe7d42021-12-21 10:47:16.693root 11241100x8000000000000000426527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a50fc7552072e102021-12-21 10:47:16.694root 11241100x8000000000000000426528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc38d0d7f751c1212021-12-21 10:47:16.694root 11241100x8000000000000000426529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43512c8b937390662021-12-21 10:47:16.694root 11241100x8000000000000000426530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63d12caba5554eaf2021-12-21 10:47:16.694root 11241100x8000000000000000426531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f63325d46a580ab72021-12-21 10:47:16.694root 11241100x8000000000000000426532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.291ee6e15851709c2021-12-21 10:47:16.694root 11241100x8000000000000000426533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fbe0cad8fe88e182021-12-21 10:47:16.694root 11241100x8000000000000000426534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7310b2a5b029fc152021-12-21 10:47:16.694root 11241100x8000000000000000426535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03837da232165d6a2021-12-21 10:47:16.694root 11241100x8000000000000000426536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ffc1ff990a79152021-12-21 10:47:16.694root 11241100x8000000000000000426537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.637fd2a180a7c8f02021-12-21 10:47:16.694root 11241100x8000000000000000426538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec4c58fd65c226a2021-12-21 10:47:16.695root 11241100x8000000000000000426539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b574357e09842b52021-12-21 10:47:16.695root 11241100x8000000000000000426540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9caa573c52159a762021-12-21 10:47:16.695root 11241100x8000000000000000426541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec5defc2564b42b2021-12-21 10:47:16.695root 11241100x8000000000000000426542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3296479c253a10942021-12-21 10:47:16.695root 11241100x8000000000000000426543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.689a6c31684b44a52021-12-21 10:47:16.695root 11241100x8000000000000000426544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b557b4a63b614fc92021-12-21 10:47:16.695root 11241100x8000000000000000426545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.557b5b9a322704ef2021-12-21 10:47:16.695root 11241100x8000000000000000426546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1dd6456078c4d562021-12-21 10:47:16.695root 11241100x8000000000000000426547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb56d773e0d27ca2021-12-21 10:47:16.695root 11241100x8000000000000000426548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5282880f0150a402021-12-21 10:47:16.695root 11241100x8000000000000000426549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff1448c5d1baced2021-12-21 10:47:16.695root 11241100x8000000000000000426550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c7e9bd4edd07eb2021-12-21 10:47:16.695root 11241100x8000000000000000426551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8baa9eae2406ad9e2021-12-21 10:47:16.695root 11241100x8000000000000000426552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb84b633967a31b2021-12-21 10:47:16.695root 11241100x8000000000000000426553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.559ed7005afd60be2021-12-21 10:47:16.696root 11241100x8000000000000000426554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ee8af0b92e13802021-12-21 10:47:16.696root 11241100x8000000000000000426555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc668daf046b94b2021-12-21 10:47:16.696root 11241100x8000000000000000426556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.273ad4ec707adc022021-12-21 10:47:16.696root 11241100x8000000000000000426557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c9610e764e1f2c02021-12-21 10:47:16.696root 11241100x8000000000000000426558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca5a05f3f63d37422021-12-21 10:47:16.696root 11241100x8000000000000000426559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e90c565a3433b2f2021-12-21 10:47:16.696root 11241100x8000000000000000426560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e7065e32413ae342021-12-21 10:47:16.696root 11241100x8000000000000000426561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef8ad5a081bea78c2021-12-21 10:47:16.696root 11241100x8000000000000000426562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f0ff074b2c6719a2021-12-21 10:47:16.696root 11241100x8000000000000000426563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f654dc4540e4dd2021-12-21 10:47:16.696root 11241100x8000000000000000426564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.860c4d5331ea459e2021-12-21 10:47:16.696root 11241100x8000000000000000426565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.672e39c28809ccf42021-12-21 10:47:16.696root 11241100x8000000000000000426566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ba23bb28ed329ad2021-12-21 10:47:16.696root 11241100x8000000000000000426567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.324321712c47a3552021-12-21 10:47:16.696root 11241100x8000000000000000426568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09e37194e851c8c2021-12-21 10:47:16.697root 11241100x8000000000000000426569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c444def8f55c322021-12-21 10:47:16.697root 11241100x8000000000000000426570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5cee8d1d4a132212021-12-21 10:47:16.697root 11241100x8000000000000000426571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a4664363af2cf222021-12-21 10:47:16.697root 11241100x8000000000000000426572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e37c09ea8895bd712021-12-21 10:47:16.697root 11241100x8000000000000000426573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.666ece06c6aa5d082021-12-21 10:47:16.697root 11241100x8000000000000000426574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5abac6d2d8c527f72021-12-21 10:47:16.697root 11241100x8000000000000000426575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dd0ec2bb6ea5d442021-12-21 10:47:16.697root 11241100x8000000000000000426576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.176a106a4af98ce22021-12-21 10:47:16.698root 11241100x8000000000000000426577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab690e98ba2a6e22021-12-21 10:47:16.698root 11241100x8000000000000000426578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6311dcb4f98cdfe42021-12-21 10:47:16.698root 11241100x8000000000000000426579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d6d1f70f062db0f2021-12-21 10:47:16.698root 11241100x8000000000000000426580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b28ff3fe421f5c82021-12-21 10:47:16.698root 11241100x8000000000000000426581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97862f45bc375c72021-12-21 10:47:16.698root 11241100x8000000000000000426582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70bb062a1cc60e3a2021-12-21 10:47:16.698root 11241100x8000000000000000426583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcf8c918fc58d5922021-12-21 10:47:16.698root 11241100x8000000000000000426584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e98c2aedb7cf42792021-12-21 10:47:16.698root 11241100x8000000000000000426585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.369595a29bd167ca2021-12-21 10:47:16.699root 11241100x8000000000000000426586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f8540a77d9dd042021-12-21 10:47:16.699root 11241100x8000000000000000426587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ffd5b282a0f8062021-12-21 10:47:16.699root 11241100x8000000000000000426588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a0c875c01cc759c2021-12-21 10:47:16.699root 11241100x8000000000000000426589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc0a1fa5e5aba06e2021-12-21 10:47:16.699root 11241100x8000000000000000426590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953d033fab6e7efe2021-12-21 10:47:16.699root 11241100x8000000000000000426591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.719623d39cf643952021-12-21 10:47:16.700root 11241100x8000000000000000426592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fbb8b231f8e6ef52021-12-21 10:47:16.700root 11241100x8000000000000000426593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51a87f0c0b02696c2021-12-21 10:47:16.700root 11241100x8000000000000000426594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd575cf70584767b2021-12-21 10:47:16.700root 11241100x8000000000000000426595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c83928b30898fec92021-12-21 10:47:16.700root 11241100x8000000000000000426596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d44239086d33ee2021-12-21 10:47:16.700root 11241100x8000000000000000426597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48ed82f8b6925dfe2021-12-21 10:47:16.701root 11241100x8000000000000000426598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:16.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55d71bc0512e85862021-12-21 10:47:16.701root 11241100x8000000000000000426599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a09b8c545e09a92021-12-21 10:47:17.194root 11241100x8000000000000000426600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.008d781d584dfc872021-12-21 10:47:17.195root 11241100x8000000000000000426601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0df8b4f062c716cd2021-12-21 10:47:17.195root 11241100x8000000000000000426602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb22a428c52f66242021-12-21 10:47:17.195root 11241100x8000000000000000426603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f65094a6f4f7ab992021-12-21 10:47:17.195root 11241100x8000000000000000426604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56ceb21256546c472021-12-21 10:47:17.196root 11241100x8000000000000000426605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecb2c79c50a07a2d2021-12-21 10:47:17.196root 11241100x8000000000000000426606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21af7e8f8d676f0e2021-12-21 10:47:17.196root 11241100x8000000000000000426607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09dd4adfde4a5e112021-12-21 10:47:17.196root 11241100x8000000000000000426608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b84a07f755550d3e2021-12-21 10:47:17.196root 11241100x8000000000000000426609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2781333de3d380672021-12-21 10:47:17.197root 11241100x8000000000000000426610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.642025f08482c0852021-12-21 10:47:17.197root 11241100x8000000000000000426611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c888c426eafdf5d2021-12-21 10:47:17.197root 11241100x8000000000000000426612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce291b9a9aac0b912021-12-21 10:47:17.197root 11241100x8000000000000000426613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac1444cce5aeafed2021-12-21 10:47:17.197root 11241100x8000000000000000426614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30caa8bdfe0c39682021-12-21 10:47:17.198root 11241100x8000000000000000426615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd2781615ea043002021-12-21 10:47:17.198root 11241100x8000000000000000426616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e26fd58f6f5379132021-12-21 10:47:17.198root 11241100x8000000000000000426617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13bdc118bee45ec72021-12-21 10:47:17.198root 11241100x8000000000000000426618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b42d05fca00e2e7a2021-12-21 10:47:17.198root 11241100x8000000000000000426619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e3652e7ae4632c72021-12-21 10:47:17.198root 11241100x8000000000000000426620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b23ee6aaa3b67e1b2021-12-21 10:47:17.198root 11241100x8000000000000000426621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3db242d38076002021-12-21 10:47:17.199root 11241100x8000000000000000426622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1091eaadfcc93e02021-12-21 10:47:17.199root 11241100x8000000000000000426623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c3787827ae4d6042021-12-21 10:47:17.199root 11241100x8000000000000000426624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f76add2ae67ead62021-12-21 10:47:17.199root 11241100x8000000000000000426625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70ec1f960c1993982021-12-21 10:47:17.199root 11241100x8000000000000000426626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1cec7b5f211d3f2021-12-21 10:47:17.200root 11241100x8000000000000000426627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88865b3ae3bf99eb2021-12-21 10:47:17.200root 11241100x8000000000000000426628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c1e587962594b22021-12-21 10:47:17.200root 11241100x8000000000000000426629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ae49f28147eb2b2021-12-21 10:47:17.200root 11241100x8000000000000000426630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62c0346bff13d17c2021-12-21 10:47:17.201root 11241100x8000000000000000426631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7010e223f8a81022021-12-21 10:47:17.201root 11241100x8000000000000000426632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa05888c535ddb8a2021-12-21 10:47:17.201root 11241100x8000000000000000426633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db288d8eac14d892021-12-21 10:47:17.201root 11241100x8000000000000000426634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b246910199657e1e2021-12-21 10:47:17.202root 11241100x8000000000000000426635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d83122029123dc332021-12-21 10:47:17.202root 11241100x8000000000000000426636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b326af866efc83cb2021-12-21 10:47:17.202root 11241100x8000000000000000426637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac9105fdc8a57ecf2021-12-21 10:47:17.202root 11241100x8000000000000000426638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c33a5d9b250a4482021-12-21 10:47:17.202root 11241100x8000000000000000426639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2525e2f15768c372021-12-21 10:47:17.203root 11241100x8000000000000000426640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b49c45414a33e112021-12-21 10:47:17.203root 11241100x8000000000000000426641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bcc868a0327f23b2021-12-21 10:47:17.694root 11241100x8000000000000000426642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db2c713224b66a442021-12-21 10:47:17.694root 11241100x8000000000000000426643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df49f47fbe29a092021-12-21 10:47:17.694root 11241100x8000000000000000426644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a57fe3760e280c002021-12-21 10:47:17.694root 11241100x8000000000000000426645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3f730174a995a32021-12-21 10:47:17.695root 11241100x8000000000000000426646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f884859b3f96ec722021-12-21 10:47:17.695root 11241100x8000000000000000426647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138d6412a33d4afb2021-12-21 10:47:17.695root 11241100x8000000000000000426648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bcd78896f35188a2021-12-21 10:47:17.695root 11241100x8000000000000000426649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c32bb9631422ae22021-12-21 10:47:17.695root 11241100x8000000000000000426650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68de7f4efb4c920b2021-12-21 10:47:17.695root 11241100x8000000000000000426651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e164f0a31da32d02021-12-21 10:47:17.695root 11241100x8000000000000000426652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.317548147ca1fb322021-12-21 10:47:17.695root 11241100x8000000000000000426653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf9f8e9f7ffb8f72021-12-21 10:47:17.695root 11241100x8000000000000000426654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.495f5a1e59d9c02f2021-12-21 10:47:17.695root 11241100x8000000000000000426655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99552855477778542021-12-21 10:47:17.695root 11241100x8000000000000000426656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfaa6b8425d2a5a22021-12-21 10:47:17.695root 11241100x8000000000000000426657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a861a279ff1f88eb2021-12-21 10:47:17.695root 11241100x8000000000000000426658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.512be9dcd7713cfa2021-12-21 10:47:17.695root 11241100x8000000000000000426659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf3e1a143b42f252021-12-21 10:47:17.695root 11241100x8000000000000000426660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf0b584e1a7e1212021-12-21 10:47:17.696root 11241100x8000000000000000426661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd3e453b1ad6fba2021-12-21 10:47:17.696root 11241100x8000000000000000426662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4967ed54b9ffbd4c2021-12-21 10:47:17.696root 11241100x8000000000000000426663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a2a735566ae5ad62021-12-21 10:47:17.696root 11241100x8000000000000000426664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1866ad0acbea2c42021-12-21 10:47:17.696root 11241100x8000000000000000426665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe704013fbaff7dc2021-12-21 10:47:17.696root 11241100x8000000000000000426666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a00fdfa3ee17fbda2021-12-21 10:47:17.696root 11241100x8000000000000000426667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70abc559156a17592021-12-21 10:47:17.696root 11241100x8000000000000000426668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9ab97cbd2982512021-12-21 10:47:17.696root 11241100x8000000000000000426669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f8f20dabaaf3482021-12-21 10:47:17.696root 11241100x8000000000000000426670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3226877ea034252c2021-12-21 10:47:17.696root 11241100x8000000000000000426671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05fc8f7d14f690802021-12-21 10:47:17.696root 11241100x8000000000000000426672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a4fabfd0fd763452021-12-21 10:47:17.697root 11241100x8000000000000000426673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d653860f3d19e82021-12-21 10:47:17.697root 11241100x8000000000000000426674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9130d8d54bc2bbc2021-12-21 10:47:17.697root 11241100x8000000000000000426675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.636c7be2750947fd2021-12-21 10:47:17.697root 11241100x8000000000000000426676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47200952cee6ee802021-12-21 10:47:17.697root 11241100x8000000000000000426677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ba02da6df38b3e2021-12-21 10:47:17.697root 11241100x8000000000000000426678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0693ceaaa5c753ed2021-12-21 10:47:17.697root 11241100x8000000000000000426679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b294f61f4bf1c3962021-12-21 10:47:17.697root 11241100x8000000000000000426680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfbbea2c57a096042021-12-21 10:47:17.697root 11241100x8000000000000000426681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1295b2f251ba466b2021-12-21 10:47:17.697root 11241100x8000000000000000426682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:17.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1830ad43a119f4912021-12-21 10:47:17.697root 11241100x8000000000000000426683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f432bf76635f3a182021-12-21 10:47:18.193root 11241100x8000000000000000426684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595385e997d8148b2021-12-21 10:47:18.193root 11241100x8000000000000000426685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22f5ceeb5946d1992021-12-21 10:47:18.193root 11241100x8000000000000000426686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbd0deb75fb9ed832021-12-21 10:47:18.193root 11241100x8000000000000000426687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8218babfac461822021-12-21 10:47:18.193root 11241100x8000000000000000426688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef595ea87b795332021-12-21 10:47:18.194root 11241100x8000000000000000426689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ceafc4c1c412c7b2021-12-21 10:47:18.194root 11241100x8000000000000000426690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e13716adda2e0a3b2021-12-21 10:47:18.194root 11241100x8000000000000000426691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1b74973f4780b532021-12-21 10:47:18.194root 11241100x8000000000000000426692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ca741b1018be842021-12-21 10:47:18.194root 11241100x8000000000000000426693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b1ff6639bf617f22021-12-21 10:47:18.194root 11241100x8000000000000000426694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b896bc2e3dbddf2021-12-21 10:47:18.194root 11241100x8000000000000000426695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e93e1f4cb6a0a6e22021-12-21 10:47:18.194root 11241100x8000000000000000426696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f04283f4f39914a52021-12-21 10:47:18.194root 11241100x8000000000000000426697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee64d6fc0b990d1d2021-12-21 10:47:18.194root 11241100x8000000000000000426698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce5720eeddae84f02021-12-21 10:47:18.194root 11241100x8000000000000000426699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2768fe3b336f3e2c2021-12-21 10:47:18.195root 11241100x8000000000000000426700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c509b3304ecb732021-12-21 10:47:18.195root 11241100x8000000000000000426701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.950b6b212b725a892021-12-21 10:47:18.195root 11241100x8000000000000000426702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1710337cef9b9da82021-12-21 10:47:18.195root 11241100x8000000000000000426703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c3bb959101114892021-12-21 10:47:18.195root 11241100x8000000000000000426704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1744da4af0c5065c2021-12-21 10:47:18.195root 11241100x8000000000000000426705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e3709f2e87ef3362021-12-21 10:47:18.195root 11241100x8000000000000000426706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.907a87e301818cd22021-12-21 10:47:18.195root 11241100x8000000000000000426707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dcb917c2677d1832021-12-21 10:47:18.195root 11241100x8000000000000000426708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3742cd2c608d1282021-12-21 10:47:18.195root 11241100x8000000000000000426709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa53084aa2094952021-12-21 10:47:18.195root 11241100x8000000000000000426710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.210c2a96d7990d8c2021-12-21 10:47:18.196root 11241100x8000000000000000426711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ee7fe12e7736e62021-12-21 10:47:18.196root 11241100x8000000000000000426712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ea097a0289303b2021-12-21 10:47:18.196root 11241100x8000000000000000426713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d76a75a537148e272021-12-21 10:47:18.196root 11241100x8000000000000000426714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3e9ee071af2a4202021-12-21 10:47:18.196root 11241100x8000000000000000426715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52072eeccba4b64a2021-12-21 10:47:18.196root 11241100x8000000000000000426716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8f1ba03935ee5252021-12-21 10:47:18.196root 11241100x8000000000000000426717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f6457bd3dc1bfe2021-12-21 10:47:18.196root 11241100x8000000000000000426718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b69ac3562423d652021-12-21 10:47:18.196root 11241100x8000000000000000426719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.273d27a5b243628b2021-12-21 10:47:18.196root 11241100x8000000000000000426720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1088d9ed89c39afd2021-12-21 10:47:18.196root 11241100x8000000000000000426721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.329d047826dc41d32021-12-21 10:47:18.197root 11241100x8000000000000000426722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ece09bd2d430c7702021-12-21 10:47:18.197root 11241100x8000000000000000426723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c42765bb109f4c42021-12-21 10:47:18.197root 11241100x8000000000000000426724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61b4533e594a2542021-12-21 10:47:18.197root 11241100x8000000000000000426725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac766b7ac4f143cc2021-12-21 10:47:18.197root 11241100x8000000000000000426726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c5b01f708bffba2021-12-21 10:47:18.693root 11241100x8000000000000000426727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c256d5a6d2feeaaf2021-12-21 10:47:18.694root 11241100x8000000000000000426728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290df8bb92bf41712021-12-21 10:47:18.694root 11241100x8000000000000000426729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1b80d9ab5a379812021-12-21 10:47:18.694root 11241100x8000000000000000426730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00bb611a689071192021-12-21 10:47:18.694root 11241100x8000000000000000426731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc2b3ad6bbfdadf2021-12-21 10:47:18.694root 11241100x8000000000000000426732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67153639bd9bb6362021-12-21 10:47:18.694root 11241100x8000000000000000426733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987bec44885271332021-12-21 10:47:18.694root 11241100x8000000000000000426734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1cfa26488fc8eeb2021-12-21 10:47:18.694root 11241100x8000000000000000426735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a89f9a3fbce1152021-12-21 10:47:18.694root 11241100x8000000000000000426736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d6ff610af9cabf42021-12-21 10:47:18.695root 11241100x8000000000000000426737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a5027f754a54c22021-12-21 10:47:18.695root 11241100x8000000000000000426738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3abc25f9a8a809ff2021-12-21 10:47:18.695root 11241100x8000000000000000426739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bde29d024f8adcb2021-12-21 10:47:18.695root 11241100x8000000000000000426740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19cf8494153163db2021-12-21 10:47:18.695root 11241100x8000000000000000426741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f371ca78968d092021-12-21 10:47:18.695root 11241100x8000000000000000426742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07e0071ea466c9a2021-12-21 10:47:18.695root 11241100x8000000000000000426743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d51da5c528583fde2021-12-21 10:47:18.695root 11241100x8000000000000000426744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755b70df881595f52021-12-21 10:47:18.695root 11241100x8000000000000000426745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8502ab7f9f954a752021-12-21 10:47:18.695root 11241100x8000000000000000426746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62da2b553b6255fb2021-12-21 10:47:18.696root 11241100x8000000000000000426747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.908f438a08eb60532021-12-21 10:47:18.696root 11241100x8000000000000000426748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bbccd089706133c2021-12-21 10:47:18.696root 11241100x8000000000000000426749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.240d89d160ac775c2021-12-21 10:47:18.696root 11241100x8000000000000000426750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd9bb842044e2782021-12-21 10:47:18.696root 11241100x8000000000000000426751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c26d4826f42761e2021-12-21 10:47:18.696root 11241100x8000000000000000426752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507f0978da615fc42021-12-21 10:47:18.696root 11241100x8000000000000000426753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e588469b4220512021-12-21 10:47:18.696root 11241100x8000000000000000426754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed8fbf57c49819d72021-12-21 10:47:18.696root 11241100x8000000000000000426755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c2e20b4b8e2b4792021-12-21 10:47:18.696root 11241100x8000000000000000426756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acba40bd2178d6352021-12-21 10:47:18.696root 11241100x8000000000000000426757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e5929e723718392021-12-21 10:47:18.697root 11241100x8000000000000000426758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e67b60d488174452021-12-21 10:47:18.697root 11241100x8000000000000000426759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.763cb88d9d097d4c2021-12-21 10:47:18.697root 11241100x8000000000000000426760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541e7c5870f53ab42021-12-21 10:47:18.697root 11241100x8000000000000000426761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d34fbd8d7492f41e2021-12-21 10:47:18.697root 11241100x8000000000000000426762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.350f9c055afec62b2021-12-21 10:47:18.697root 11241100x8000000000000000426763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df057c71912c49a52021-12-21 10:47:18.697root 11241100x8000000000000000426764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d7eb26f67b21312021-12-21 10:47:18.697root 11241100x8000000000000000426765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30cac0446066dffe2021-12-21 10:47:18.697root 11241100x8000000000000000426766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8209df3bf09495982021-12-21 10:47:18.697root 11241100x8000000000000000426767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f91c1bdb0a03b5752021-12-21 10:47:18.697root 11241100x8000000000000000426768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b44d512901c1a0c2021-12-21 10:47:18.698root 11241100x8000000000000000426769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a63cb6b53791ef282021-12-21 10:47:18.698root 11241100x8000000000000000426770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:18.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6352393140faf162021-12-21 10:47:18.698root 11241100x8000000000000000426771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca4ec3dbf69737f2021-12-21 10:47:19.194root 11241100x8000000000000000426772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d693d3d21e2f6a512021-12-21 10:47:19.194root 11241100x8000000000000000426773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e77a6eecf48f3f8a2021-12-21 10:47:19.194root 11241100x8000000000000000426774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06bad93fc979bdc42021-12-21 10:47:19.195root 11241100x8000000000000000426775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bba3a412ee8cfd12021-12-21 10:47:19.195root 11241100x8000000000000000426776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f79eb7d73321d6842021-12-21 10:47:19.195root 11241100x8000000000000000426777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac405909dffc6ac92021-12-21 10:47:19.195root 11241100x8000000000000000426778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dcb4ef8df28eb632021-12-21 10:47:19.195root 11241100x8000000000000000426779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d6cb8e02e7bbf2f2021-12-21 10:47:19.195root 11241100x8000000000000000426780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf49b8dbca2c8ad02021-12-21 10:47:19.195root 11241100x8000000000000000426781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3205ec9b60e6faaf2021-12-21 10:47:19.195root 11241100x8000000000000000426782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d97a2ba951fff042021-12-21 10:47:19.195root 11241100x8000000000000000426783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e1537446db081b72021-12-21 10:47:19.195root 11241100x8000000000000000426784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e429432e71e482912021-12-21 10:47:19.195root 11241100x8000000000000000426785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a46407f35067462021-12-21 10:47:19.195root 11241100x8000000000000000426786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.253bb21dc0d41cb62021-12-21 10:47:19.195root 11241100x8000000000000000426787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e48f800aa6685362021-12-21 10:47:19.196root 11241100x8000000000000000426788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df0cd9083263ceb2021-12-21 10:47:19.196root 11241100x8000000000000000426789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e5baa64f5e7f99d2021-12-21 10:47:19.196root 11241100x8000000000000000426790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49763ce2d2f009af2021-12-21 10:47:19.196root 11241100x8000000000000000426791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f59095810486222021-12-21 10:47:19.196root 11241100x8000000000000000426792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d10e235d504b99ff2021-12-21 10:47:19.196root 11241100x8000000000000000426793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83487827d045c0d82021-12-21 10:47:19.196root 11241100x8000000000000000426794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63bf40b239a4de862021-12-21 10:47:19.196root 11241100x8000000000000000426795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b84bab53a0ef855d2021-12-21 10:47:19.196root 11241100x8000000000000000426796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e46a222a91a45a2021-12-21 10:47:19.196root 11241100x8000000000000000426797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be547319654c37582021-12-21 10:47:19.196root 11241100x8000000000000000426798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de08231bb2289302021-12-21 10:47:19.196root 11241100x8000000000000000426799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fffebe69f06e1d5b2021-12-21 10:47:19.196root 11241100x8000000000000000426800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b6fbb7dca5a5452021-12-21 10:47:19.196root 11241100x8000000000000000426801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ff8df8b20bc11da2021-12-21 10:47:19.196root 11241100x8000000000000000426802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ec3223533340e52021-12-21 10:47:19.197root 11241100x8000000000000000426803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e03488e995f00a42021-12-21 10:47:19.197root 11241100x8000000000000000426804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c1e18af1d8730152021-12-21 10:47:19.197root 11241100x8000000000000000426805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4849b5b6aced55b2021-12-21 10:47:19.197root 11241100x8000000000000000426806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b846f37ff7051b032021-12-21 10:47:19.197root 11241100x8000000000000000426807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69c7a5bba4b402b2021-12-21 10:47:19.197root 11241100x8000000000000000426808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ae3b37a6bf9cd682021-12-21 10:47:19.197root 11241100x8000000000000000426809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d3730cbf7c72042021-12-21 10:47:19.197root 11241100x8000000000000000426810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f54ebd1adf7e7b2c2021-12-21 10:47:19.197root 11241100x8000000000000000426811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8facb09b230926272021-12-21 10:47:19.197root 11241100x8000000000000000426812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d57f49d38b7fa9d2021-12-21 10:47:19.198root 11241100x8000000000000000426813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b534233823caa12021-12-21 10:47:19.694root 11241100x8000000000000000426814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0002b047d512232021-12-21 10:47:19.694root 11241100x8000000000000000426815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7c9d81d931bad02021-12-21 10:47:19.694root 11241100x8000000000000000426816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f30cfcb57d6189832021-12-21 10:47:19.694root 11241100x8000000000000000426817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00905dc1c0408a3a2021-12-21 10:47:19.695root 11241100x8000000000000000426818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621df16f4438f6dd2021-12-21 10:47:19.695root 11241100x8000000000000000426819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d2cdc661805cc82021-12-21 10:47:19.695root 11241100x8000000000000000426820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.134c557900a5c1a72021-12-21 10:47:19.695root 11241100x8000000000000000426821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0948b501a6891ba82021-12-21 10:47:19.695root 11241100x8000000000000000426822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.698cb1bcf017c76f2021-12-21 10:47:19.695root 11241100x8000000000000000426823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc18e4eefe598c22021-12-21 10:47:19.695root 11241100x8000000000000000426824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cd3063b4255241b2021-12-21 10:47:19.695root 11241100x8000000000000000426825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb075374afcfacd2021-12-21 10:47:19.695root 11241100x8000000000000000426826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e146d5e28626752021-12-21 10:47:19.695root 11241100x8000000000000000426827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb02b2d65d840812021-12-21 10:47:19.696root 11241100x8000000000000000426828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.702d5d616421079a2021-12-21 10:47:19.696root 11241100x8000000000000000426829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.574158164d5d54402021-12-21 10:47:19.696root 11241100x8000000000000000426830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0557f4551817edba2021-12-21 10:47:19.696root 11241100x8000000000000000426831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a9cb50cb066459c2021-12-21 10:47:19.696root 11241100x8000000000000000426832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d5afb25fb69a5b2021-12-21 10:47:19.696root 11241100x8000000000000000426833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93a0ecead7b7f6e22021-12-21 10:47:19.696root 11241100x8000000000000000426834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.123b3ed879aab3bf2021-12-21 10:47:19.697root 11241100x8000000000000000426835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.155581922a3fdd152021-12-21 10:47:19.697root 11241100x8000000000000000426836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e1cb459a8864a092021-12-21 10:47:19.697root 11241100x8000000000000000426837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d94de757e2c1c72021-12-21 10:47:19.697root 11241100x8000000000000000426838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e11cad23d04b802021-12-21 10:47:19.697root 11241100x8000000000000000426839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fd47de7da9a9d432021-12-21 10:47:19.698root 11241100x8000000000000000426840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d52a6ef81855f7d22021-12-21 10:47:19.698root 11241100x8000000000000000426841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ac455b1c969d952021-12-21 10:47:19.698root 11241100x8000000000000000426842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1bae3356f83d8b52021-12-21 10:47:19.698root 11241100x8000000000000000426843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2b5bd173fdb03032021-12-21 10:47:19.698root 11241100x8000000000000000426844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b4330420c667ab2021-12-21 10:47:19.698root 11241100x8000000000000000426845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b02360393a5ea1d2021-12-21 10:47:19.699root 11241100x8000000000000000426846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.201b5f39b418b8f42021-12-21 10:47:19.699root 11241100x8000000000000000426847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35aed382ec3423462021-12-21 10:47:19.700root 11241100x8000000000000000426848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75c2c651aea5d97d2021-12-21 10:47:19.701root 11241100x8000000000000000426849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26df09a9c579ff462021-12-21 10:47:19.701root 11241100x8000000000000000426850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb84a4c125bddc22021-12-21 10:47:19.701root 11241100x8000000000000000426851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ea13604a475c9b2021-12-21 10:47:19.701root 11241100x8000000000000000426852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b3cf1ee1d285d842021-12-21 10:47:19.701root 11241100x8000000000000000426853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7919f25dad29f12e2021-12-21 10:47:19.701root 11241100x8000000000000000426854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:19.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.089593ec099b8cb82021-12-21 10:47:19.701root 11241100x8000000000000000426855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f75485d40b73619a2021-12-21 10:47:20.194root 11241100x8000000000000000426856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25fa14d30509d2e62021-12-21 10:47:20.194root 11241100x8000000000000000426857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81b2b6319ee1236f2021-12-21 10:47:20.195root 11241100x8000000000000000426858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99cfb1bad6246e502021-12-21 10:47:20.195root 11241100x8000000000000000426859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f1abae0aec800932021-12-21 10:47:20.195root 11241100x8000000000000000426860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a5cbcb0efb9255b2021-12-21 10:47:20.195root 11241100x8000000000000000426861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b885ff8ec3418b62021-12-21 10:47:20.195root 11241100x8000000000000000426862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4db205924c8b2fd2021-12-21 10:47:20.195root 11241100x8000000000000000426863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff30a05a57db4c392021-12-21 10:47:20.195root 11241100x8000000000000000426864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e4126a9654b8d3b2021-12-21 10:47:20.195root 11241100x8000000000000000426865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190562a883babb312021-12-21 10:47:20.195root 11241100x8000000000000000426866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4a662e26a503d652021-12-21 10:47:20.195root 11241100x8000000000000000426867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f718ffa432e94272021-12-21 10:47:20.195root 11241100x8000000000000000426868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5301d73912a77202021-12-21 10:47:20.195root 11241100x8000000000000000426869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a3c54453afa35522021-12-21 10:47:20.196root 11241100x8000000000000000426870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.848e9bcb41b0a16a2021-12-21 10:47:20.196root 11241100x8000000000000000426871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e451f22480170d6b2021-12-21 10:47:20.196root 11241100x8000000000000000426872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34214f3a51abb9ca2021-12-21 10:47:20.196root 11241100x8000000000000000426873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.730c39eca17131ee2021-12-21 10:47:20.196root 11241100x8000000000000000426874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ad166387069ca12021-12-21 10:47:20.196root 11241100x8000000000000000426875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9143e056442ebe492021-12-21 10:47:20.196root 11241100x8000000000000000426876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f43a3aaea9c415592021-12-21 10:47:20.196root 11241100x8000000000000000426877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae921b5024b45732021-12-21 10:47:20.196root 11241100x8000000000000000426878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c887990db3f18a4b2021-12-21 10:47:20.196root 11241100x8000000000000000426879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39fbe9ab6c4619922021-12-21 10:47:20.196root 11241100x8000000000000000426880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a226e78487517b02021-12-21 10:47:20.197root 11241100x8000000000000000426881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73e013b171be57982021-12-21 10:47:20.197root 11241100x8000000000000000426882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7708ef399c3ed6612021-12-21 10:47:20.197root 11241100x8000000000000000426883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7600898b27a20db42021-12-21 10:47:20.197root 11241100x8000000000000000426884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5215b72650ba50b2021-12-21 10:47:20.197root 11241100x8000000000000000426885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07d8fce01f65c7912021-12-21 10:47:20.197root 11241100x8000000000000000426886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e3eb97a16fc597d2021-12-21 10:47:20.197root 11241100x8000000000000000426887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddc7bb6f0d94bcea2021-12-21 10:47:20.197root 11241100x8000000000000000426888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae982aa350305a7c2021-12-21 10:47:20.197root 11241100x8000000000000000426889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cb04f52e3690a802021-12-21 10:47:20.197root 11241100x8000000000000000426890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.262e524b73c3016c2021-12-21 10:47:20.198root 11241100x8000000000000000426891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b17b3310742779e2021-12-21 10:47:20.198root 11241100x8000000000000000426892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7ee08e80fbc20702021-12-21 10:47:20.198root 11241100x8000000000000000426893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ac19700023571a2021-12-21 10:47:20.198root 11241100x8000000000000000426894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70480e41c1aca49f2021-12-21 10:47:20.198root 11241100x8000000000000000426895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4576c0aa9cfdf0de2021-12-21 10:47:20.198root 11241100x8000000000000000426896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b3e8a2fbc619452021-12-21 10:47:20.198root 11241100x8000000000000000426897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4410b3cfcd1535032021-12-21 10:47:20.694root 11241100x8000000000000000426898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c114f0ef489c19c2021-12-21 10:47:20.694root 11241100x8000000000000000426899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce368cf50f7a0442021-12-21 10:47:20.694root 11241100x8000000000000000426900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a7015a36e4461c12021-12-21 10:47:20.694root 11241100x8000000000000000426901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5b3b699177a2bd02021-12-21 10:47:20.695root 11241100x8000000000000000426902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96a6025cb695cee2021-12-21 10:47:20.695root 11241100x8000000000000000426903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5a67a6c5eff76ea2021-12-21 10:47:20.695root 11241100x8000000000000000426904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9dde7b98a80b742021-12-21 10:47:20.696root 11241100x8000000000000000426905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb0f9aacc1ede75f2021-12-21 10:47:20.697root 11241100x8000000000000000426906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ce3ac1f190563d2021-12-21 10:47:20.697root 11241100x8000000000000000426907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.807ab23266a883122021-12-21 10:47:20.697root 11241100x8000000000000000426908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b2ea48d793173a2021-12-21 10:47:20.697root 11241100x8000000000000000426909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66b6d06568ea6c2e2021-12-21 10:47:20.697root 11241100x8000000000000000426910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44311de39f1a07402021-12-21 10:47:20.697root 11241100x8000000000000000426911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.700af3eaae4a02c12021-12-21 10:47:20.697root 11241100x8000000000000000426912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4437428450aabd7d2021-12-21 10:47:20.698root 11241100x8000000000000000426913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a5067259bd434902021-12-21 10:47:20.698root 11241100x8000000000000000426914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f06e326d1b3a8f82021-12-21 10:47:20.698root 11241100x8000000000000000426915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b987a5e12061e002021-12-21 10:47:20.699root 11241100x8000000000000000426916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b74ac746f80e222021-12-21 10:47:20.699root 11241100x8000000000000000426917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f58d6b0c81fdf22021-12-21 10:47:20.699root 11241100x8000000000000000426918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965926bfa9c6c2f82021-12-21 10:47:20.700root 11241100x8000000000000000426919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b2687b6adf6f14a2021-12-21 10:47:20.700root 11241100x8000000000000000426920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08b063cec6f31362021-12-21 10:47:20.700root 11241100x8000000000000000426921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4cd03e860b1e5f22021-12-21 10:47:20.700root 11241100x8000000000000000426922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd066e13e80b4bdb2021-12-21 10:47:20.701root 11241100x8000000000000000426923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a724d0a83a0fd9852021-12-21 10:47:20.701root 11241100x8000000000000000426924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89e3505f3b5741322021-12-21 10:47:20.701root 11241100x8000000000000000426925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c5190e1d94746992021-12-21 10:47:20.701root 11241100x8000000000000000426926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b3ff835dcd98d22021-12-21 10:47:20.701root 11241100x8000000000000000426927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d6d6b5a60ae967e2021-12-21 10:47:20.701root 11241100x8000000000000000426928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c238f7ad7c1015762021-12-21 10:47:20.701root 11241100x8000000000000000426929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1572cdbce627f6872021-12-21 10:47:20.701root 11241100x8000000000000000426930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be2d4fe090aeb5ae2021-12-21 10:47:20.702root 11241100x8000000000000000426931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2877cfd3003096c2021-12-21 10:47:20.702root 11241100x8000000000000000426932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5479d651d6334802021-12-21 10:47:20.703root 11241100x8000000000000000426933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f1d257ef5c65ef2021-12-21 10:47:20.703root 11241100x8000000000000000426934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6cf76848b0ee6d52021-12-21 10:47:20.703root 11241100x8000000000000000426935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a6d345cccebc742021-12-21 10:47:20.703root 11241100x8000000000000000426936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26137ca96e3a73ab2021-12-21 10:47:20.703root 11241100x8000000000000000426937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec5078d693528622021-12-21 10:47:20.703root 11241100x8000000000000000426938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:20.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69214f74f54b19832021-12-21 10:47:20.703root 354300x8000000000000000426939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.086{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47600-false10.0.1.12-8000- 11241100x8000000000000000426940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2297636dd927a6b82021-12-21 10:47:21.087root 11241100x8000000000000000426941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f859ad0420fa5fdb2021-12-21 10:47:21.087root 11241100x8000000000000000426942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c1fea4124d326562021-12-21 10:47:21.087root 11241100x8000000000000000426943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad11c483ef27ebc2021-12-21 10:47:21.087root 11241100x8000000000000000426944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a636eb07cc8a282021-12-21 10:47:21.087root 11241100x8000000000000000426945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8f3916de21e1f482021-12-21 10:47:21.087root 11241100x8000000000000000426946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.088{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7836917c79f2c92021-12-21 10:47:21.088root 11241100x8000000000000000426947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.088{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e19e51cde1bc0d412021-12-21 10:47:21.088root 11241100x8000000000000000426948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.088{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf61c9c24495c6772021-12-21 10:47:21.088root 11241100x8000000000000000426949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.088{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f41ad1ad2ba4d5052021-12-21 10:47:21.088root 11241100x8000000000000000426950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.088{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff874ac84cd32e3b2021-12-21 10:47:21.088root 11241100x8000000000000000426951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.088{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989268920ea48a922021-12-21 10:47:21.088root 11241100x8000000000000000426952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.088{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.226934810d52e8722021-12-21 10:47:21.088root 11241100x8000000000000000426953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.089{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9001735a394da93c2021-12-21 10:47:21.089root 11241100x8000000000000000426954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.089{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c88a9a5eec957b2021-12-21 10:47:21.089root 11241100x8000000000000000426955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.089{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ff0f4e04f52e612021-12-21 10:47:21.089root 11241100x8000000000000000426956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.089{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea75121c7ad2ddd32021-12-21 10:47:21.089root 11241100x8000000000000000426957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.089{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a03dee816ee12002021-12-21 10:47:21.089root 11241100x8000000000000000426958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.089{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cbf0d94cbe126932021-12-21 10:47:21.089root 11241100x8000000000000000426959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.089{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c380649fbfa210552021-12-21 10:47:21.089root 11241100x8000000000000000426960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.089{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06604b62762f1be52021-12-21 10:47:21.089root 11241100x8000000000000000426961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.090{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b3bfb74a99c80b52021-12-21 10:47:21.090root 11241100x8000000000000000426962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.090{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7524ecf6caaedf4b2021-12-21 10:47:21.090root 11241100x8000000000000000426963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.090{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1de8aa43cb0e8e2a2021-12-21 10:47:21.090root 11241100x8000000000000000426964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.090{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3797695acc22d4ab2021-12-21 10:47:21.090root 11241100x8000000000000000426965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.090{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d16f97ac4d0000642021-12-21 10:47:21.090root 11241100x8000000000000000426966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.090{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2c5317cbc369582021-12-21 10:47:21.090root 11241100x8000000000000000426967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.091{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38233ca881183e162021-12-21 10:47:21.091root 11241100x8000000000000000426968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.091{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d93de76fedb1f4fc2021-12-21 10:47:21.091root 11241100x8000000000000000426969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.091{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.919f8cd6b1b3f9002021-12-21 10:47:21.091root 11241100x8000000000000000426970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.091{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4f5673e53fc6c3e2021-12-21 10:47:21.091root 11241100x8000000000000000426971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.091{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f06cd6a901abda9b2021-12-21 10:47:21.091root 11241100x8000000000000000426972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.092{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40beefa34ad8d8432021-12-21 10:47:21.092root 11241100x8000000000000000426973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.092{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e7b88b9042945cb2021-12-21 10:47:21.092root 11241100x8000000000000000426974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.092{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ef1921e69cfec52021-12-21 10:47:21.092root 11241100x8000000000000000426975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.092{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b8605cc6d0884e2021-12-21 10:47:21.092root 11241100x8000000000000000426976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.092{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b0cf032d3184c12021-12-21 10:47:21.092root 11241100x8000000000000000426977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.092{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64cdf5917d016b1d2021-12-21 10:47:21.092root 11241100x8000000000000000426978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.093{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd452b0f11db798c2021-12-21 10:47:21.093root 11241100x8000000000000000426979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.093{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73cffd33fc6002632021-12-21 10:47:21.093root 11241100x8000000000000000426980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.093{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbe29f1277637bee2021-12-21 10:47:21.093root 11241100x8000000000000000426981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.093{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36db8aaf6baba6f62021-12-21 10:47:21.093root 11241100x8000000000000000426982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.093{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e52ac58a275fb9d92021-12-21 10:47:21.093root 11241100x8000000000000000426983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189fde71c366dfed2021-12-21 10:47:21.094root 11241100x8000000000000000426984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.533bf7b994f8e4042021-12-21 10:47:21.094root 11241100x8000000000000000426985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb3379df8f17b0c2021-12-21 10:47:21.094root 11241100x8000000000000000426986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce73826f953e548d2021-12-21 10:47:21.094root 11241100x8000000000000000426987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40efe62abd4dc6b02021-12-21 10:47:21.094root 11241100x8000000000000000426988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eaec5feab86061a2021-12-21 10:47:21.095root 11241100x8000000000000000426989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58af2db9fa816a9e2021-12-21 10:47:21.095root 11241100x8000000000000000426990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d4ace5ea3e76ff2021-12-21 10:47:21.095root 11241100x8000000000000000426991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac409fd0051771852021-12-21 10:47:21.095root 11241100x8000000000000000426992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b8f1dd5de83b642021-12-21 10:47:21.095root 11241100x8000000000000000426993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.262eff7ff11d8a3f2021-12-21 10:47:21.095root 11241100x8000000000000000426994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.357456a10489668a2021-12-21 10:47:21.096root 11241100x8000000000000000426995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cfb22009c7772c62021-12-21 10:47:21.096root 11241100x8000000000000000426996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c55f04a541a0832021-12-21 10:47:21.096root 11241100x8000000000000000426997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ade67a2f591aef472021-12-21 10:47:21.096root 11241100x8000000000000000426998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74b84312f6ab10b62021-12-21 10:47:21.096root 11241100x8000000000000000426999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7652366904941952021-12-21 10:47:21.097root 11241100x8000000000000000427000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37ed80b83bd209542021-12-21 10:47:21.097root 11241100x8000000000000000427001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500eb052a84b27662021-12-21 10:47:21.097root 11241100x8000000000000000427002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.727d2ba21b61e67b2021-12-21 10:47:21.097root 11241100x8000000000000000427003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4045b6daa96054a2021-12-21 10:47:21.097root 11241100x8000000000000000427004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94aefe0645be7e1d2021-12-21 10:47:21.098root 11241100x8000000000000000427005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71073bff7ac32f722021-12-21 10:47:21.098root 11241100x8000000000000000427006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c3b5e9232286442021-12-21 10:47:21.099root 11241100x8000000000000000427007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25cc2f3c12572cef2021-12-21 10:47:21.099root 11241100x8000000000000000427008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ecc0de0a9daad3d2021-12-21 10:47:21.099root 11241100x8000000000000000427009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.099{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.133ed52d2cf083112021-12-21 10:47:21.099root 11241100x8000000000000000427010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.100{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0938b29f5ffe037c2021-12-21 10:47:21.100root 11241100x8000000000000000427011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.100{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c7528fdf2970fe2021-12-21 10:47:21.100root 11241100x8000000000000000427012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.100{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d91727c1ec5289f2021-12-21 10:47:21.100root 11241100x8000000000000000427013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.100{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368878bed14045672021-12-21 10:47:21.100root 11241100x8000000000000000427014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cad1bbc196939a92021-12-21 10:47:21.101root 11241100x8000000000000000427015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed52c388c4b9d21f2021-12-21 10:47:21.443root 11241100x8000000000000000427016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d06540043cdc89372021-12-21 10:47:21.443root 11241100x8000000000000000427017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c605a13c202a8102021-12-21 10:47:21.443root 11241100x8000000000000000427018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.227dd944a5f74f762021-12-21 10:47:21.443root 11241100x8000000000000000427019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.546ab3ae8496b4e42021-12-21 10:47:21.444root 11241100x8000000000000000427020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbdf4fd7b4abea042021-12-21 10:47:21.444root 11241100x8000000000000000427021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57fb3451b28e85482021-12-21 10:47:21.444root 11241100x8000000000000000427022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1810be4abf50518d2021-12-21 10:47:21.444root 11241100x8000000000000000427023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d32cf631f17b6e82021-12-21 10:47:21.444root 11241100x8000000000000000427024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56544059c0e0e4ba2021-12-21 10:47:21.444root 11241100x8000000000000000427025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44330b128f9a540a2021-12-21 10:47:21.444root 11241100x8000000000000000427026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c38735805574b4b22021-12-21 10:47:21.444root 11241100x8000000000000000427027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f2dd14809a1599c2021-12-21 10:47:21.444root 11241100x8000000000000000427028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df1d4b46a70e74c2021-12-21 10:47:21.444root 11241100x8000000000000000427029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f38916e5da3609d42021-12-21 10:47:21.444root 11241100x8000000000000000427030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.835fc5e8786f33562021-12-21 10:47:21.444root 11241100x8000000000000000427031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b74e285f4274862021-12-21 10:47:21.444root 11241100x8000000000000000427032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33be2d3f8f3f03fd2021-12-21 10:47:21.444root 11241100x8000000000000000427033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d8abb7e17b1f2ec2021-12-21 10:47:21.445root 11241100x8000000000000000427034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd96fb7b1494f0882021-12-21 10:47:21.445root 11241100x8000000000000000427035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889a52aff01623502021-12-21 10:47:21.445root 11241100x8000000000000000427036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8646cfef9c77fe2f2021-12-21 10:47:21.445root 11241100x8000000000000000427037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d3e45becc1f9a62021-12-21 10:47:21.445root 11241100x8000000000000000427038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b0e555c045535e2021-12-21 10:47:21.445root 11241100x8000000000000000427039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce5c5449c1a8487e2021-12-21 10:47:21.445root 11241100x8000000000000000427040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac78c5058c7b3f0b2021-12-21 10:47:21.445root 11241100x8000000000000000427041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e0f1b5d7bd0a102021-12-21 10:47:21.445root 11241100x8000000000000000427042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66a9c9e10e302a792021-12-21 10:47:21.445root 11241100x8000000000000000427043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1311ef95e3aa8f02021-12-21 10:47:21.445root 11241100x8000000000000000427044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.812f155b27871bcf2021-12-21 10:47:21.445root 11241100x8000000000000000427045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e2e729579f1447c2021-12-21 10:47:21.445root 11241100x8000000000000000427046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90aa586fcc4202e72021-12-21 10:47:21.445root 11241100x8000000000000000427047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5325acd239656952021-12-21 10:47:21.445root 11241100x8000000000000000427048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d9173f2a758546b2021-12-21 10:47:21.445root 11241100x8000000000000000427049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f36965a6240364482021-12-21 10:47:21.446root 11241100x8000000000000000427050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.060120038886b1712021-12-21 10:47:21.446root 11241100x8000000000000000427051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ebfee5d893080d2021-12-21 10:47:21.446root 11241100x8000000000000000427052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff6676602bb7a9702021-12-21 10:47:21.446root 11241100x8000000000000000427053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.959ba8521a4ca2b72021-12-21 10:47:21.446root 11241100x8000000000000000427054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8071b5817078830c2021-12-21 10:47:21.446root 11241100x8000000000000000427055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e048940417bec4912021-12-21 10:47:21.446root 11241100x8000000000000000427056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f099930ceac6ef432021-12-21 10:47:21.447root 11241100x8000000000000000427057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa2812d241ce2652021-12-21 10:47:21.447root 11241100x8000000000000000427058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c546aa7b50a0a582021-12-21 10:47:21.447root 11241100x8000000000000000427059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c2117a22a21046e2021-12-21 10:47:21.447root 11241100x8000000000000000427060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e04ba359c7fd52b2021-12-21 10:47:21.447root 11241100x8000000000000000427061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c9aadb6f7758902021-12-21 10:47:21.447root 11241100x8000000000000000427062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb8e217052cbbef2021-12-21 10:47:21.447root 11241100x8000000000000000427063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13a49ff9c9fa79262021-12-21 10:47:21.447root 11241100x8000000000000000427064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc3f37598ffde4bf2021-12-21 10:47:21.447root 11241100x8000000000000000427065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a3dc2e92c901a92021-12-21 10:47:21.448root 11241100x8000000000000000427066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af2197ec7c4775c2021-12-21 10:47:21.448root 11241100x8000000000000000427067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07d579d916b053e92021-12-21 10:47:21.448root 11241100x8000000000000000427068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94a3448ee61c96772021-12-21 10:47:21.448root 11241100x8000000000000000427069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc5cc5dcff47d242021-12-21 10:47:21.448root 11241100x8000000000000000427070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccf6e65c205d662f2021-12-21 10:47:21.448root 11241100x8000000000000000427071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef9737f61888740a2021-12-21 10:47:21.448root 11241100x8000000000000000427072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17b5f2d0eab6f0d82021-12-21 10:47:21.448root 11241100x8000000000000000427073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aeefbffccc95eb62021-12-21 10:47:21.449root 11241100x8000000000000000427074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d32a84a5dc5eb62021-12-21 10:47:21.449root 11241100x8000000000000000427075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903f87100911a27c2021-12-21 10:47:21.449root 11241100x8000000000000000427076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ca15ed6e53dd152021-12-21 10:47:21.449root 11241100x8000000000000000427077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18753f7d2cfd30d92021-12-21 10:47:21.449root 11241100x8000000000000000427078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f571ac77b36fff62021-12-21 10:47:21.449root 11241100x8000000000000000427079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f548bce4c6c18952021-12-21 10:47:21.449root 11241100x8000000000000000427080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64743c1c8b62c52c2021-12-21 10:47:21.449root 11241100x8000000000000000427081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf774b2bdbcff4b32021-12-21 10:47:21.449root 11241100x8000000000000000427082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e260e31fb057aa02021-12-21 10:47:21.449root 11241100x8000000000000000427083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef6ebe090932dc382021-12-21 10:47:21.450root 11241100x8000000000000000427084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d90ea4746190e1f82021-12-21 10:47:21.450root 11241100x8000000000000000427085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c91df0110c2a932021-12-21 10:47:21.450root 11241100x8000000000000000427086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7382ee9661e0d9672021-12-21 10:47:21.450root 11241100x8000000000000000427087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b20514c292409a972021-12-21 10:47:21.450root 11241100x8000000000000000427088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a485891abd82b3872021-12-21 10:47:21.450root 11241100x8000000000000000427089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7ef99628315943d2021-12-21 10:47:21.943root 11241100x8000000000000000427090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa1dfab2b418ba8a2021-12-21 10:47:21.943root 11241100x8000000000000000427091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbcfc176eca4745b2021-12-21 10:47:21.943root 11241100x8000000000000000427092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd0e332a268ca902021-12-21 10:47:21.944root 11241100x8000000000000000427093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c70d9b0068e6e6552021-12-21 10:47:21.944root 11241100x8000000000000000427094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac089df3b06f9c4f2021-12-21 10:47:21.944root 11241100x8000000000000000427095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67727b5c09f942e42021-12-21 10:47:21.944root 11241100x8000000000000000427096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.171fedad95bf065b2021-12-21 10:47:21.944root 11241100x8000000000000000427097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.021224bb392ce9012021-12-21 10:47:21.944root 11241100x8000000000000000427098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c439e814f3622ace2021-12-21 10:47:21.944root 11241100x8000000000000000427099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d957afb3bf8a8a582021-12-21 10:47:21.944root 11241100x8000000000000000427100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18254b8ffd2aee2f2021-12-21 10:47:21.944root 11241100x8000000000000000427101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.981011e6afbb29e72021-12-21 10:47:21.945root 11241100x8000000000000000427102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.444441438d9457c82021-12-21 10:47:21.945root 11241100x8000000000000000427103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3731f615ff28fb142021-12-21 10:47:21.945root 11241100x8000000000000000427104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58acd2b17fc54e2e2021-12-21 10:47:21.945root 11241100x8000000000000000427105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839a64a0b60b8ee92021-12-21 10:47:21.945root 11241100x8000000000000000427106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.251738083fbb24dd2021-12-21 10:47:21.945root 11241100x8000000000000000427107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08aa4af43d00cbfa2021-12-21 10:47:21.945root 11241100x8000000000000000427108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30bd39b311ed45332021-12-21 10:47:21.945root 11241100x8000000000000000427109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b363f506d7ba50c52021-12-21 10:47:21.945root 11241100x8000000000000000427110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f2c691fbcc8fdf12021-12-21 10:47:21.945root 11241100x8000000000000000427111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed00295fb662e612021-12-21 10:47:21.945root 11241100x8000000000000000427112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd9da1b7c1ecbdb12021-12-21 10:47:21.945root 11241100x8000000000000000427113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bca726827f75d75b2021-12-21 10:47:21.945root 11241100x8000000000000000427114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a18eeaac3521c262021-12-21 10:47:21.946root 11241100x8000000000000000427115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a08de88419775032021-12-21 10:47:21.946root 11241100x8000000000000000427116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.982f4d0318e713a42021-12-21 10:47:21.946root 11241100x8000000000000000427117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7588eadbfcca79692021-12-21 10:47:21.946root 11241100x8000000000000000427118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa3f3ef287201132021-12-21 10:47:21.946root 11241100x8000000000000000427119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f8b01862af03d42021-12-21 10:47:21.946root 11241100x8000000000000000427120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ada07bfa157bd6a2021-12-21 10:47:21.946root 11241100x8000000000000000427121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fda2af5b58cf7cd2021-12-21 10:47:21.946root 11241100x8000000000000000427122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da7d4be0ccfd4aa2021-12-21 10:47:21.946root 11241100x8000000000000000427123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2a98a6a9ea2b22f2021-12-21 10:47:21.946root 11241100x8000000000000000427124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ab51a8141fd196c2021-12-21 10:47:21.946root 11241100x8000000000000000427125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b5bf7f8b55458ad2021-12-21 10:47:21.947root 11241100x8000000000000000427126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f67775afd3fd322021-12-21 10:47:21.947root 11241100x8000000000000000427127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c9f66d4309f8df2021-12-21 10:47:21.947root 11241100x8000000000000000427128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f196857368dd9a4b2021-12-21 10:47:21.947root 11241100x8000000000000000427129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc38c6d9456477142021-12-21 10:47:21.947root 11241100x8000000000000000427130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4aa5f0e75bfd1d52021-12-21 10:47:21.947root 11241100x8000000000000000427131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b51cdd761725ba12021-12-21 10:47:21.947root 11241100x8000000000000000427132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b08ab22df0383942021-12-21 10:47:21.947root 11241100x8000000000000000427133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc49a10858ef1f822021-12-21 10:47:21.947root 11241100x8000000000000000427134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4f34cef46decb5a2021-12-21 10:47:21.948root 11241100x8000000000000000427135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b7234850fe1c492021-12-21 10:47:21.948root 11241100x8000000000000000427136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.631b58e340de9b712021-12-21 10:47:21.948root 11241100x8000000000000000427137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae98d2e005bf91b82021-12-21 10:47:21.948root 11241100x8000000000000000427138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95366b897439b8c42021-12-21 10:47:21.948root 11241100x8000000000000000427139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d690ba89f7c416782021-12-21 10:47:21.948root 11241100x8000000000000000427140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e788f97eeedcb482021-12-21 10:47:21.948root 11241100x8000000000000000427141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a3e8b9f717ce0cd2021-12-21 10:47:21.948root 11241100x8000000000000000427142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:21.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33bcfe48d30f25b02021-12-21 10:47:21.948root 11241100x8000000000000000427143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1226fd5d4ca266b2021-12-21 10:47:22.443root 11241100x8000000000000000427144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22cd7a5945af61892021-12-21 10:47:22.443root 11241100x8000000000000000427145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e59029de1c0c65b62021-12-21 10:47:22.444root 11241100x8000000000000000427146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af67e912c5784ace2021-12-21 10:47:22.444root 11241100x8000000000000000427147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad57820ea77592212021-12-21 10:47:22.444root 11241100x8000000000000000427148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04039222679482122021-12-21 10:47:22.444root 11241100x8000000000000000427149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4f49999271d9b3a2021-12-21 10:47:22.444root 11241100x8000000000000000427150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d817c36489769992021-12-21 10:47:22.444root 11241100x8000000000000000427151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e7d329df08447422021-12-21 10:47:22.444root 11241100x8000000000000000427152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da4a4c7721ad84362021-12-21 10:47:22.444root 11241100x8000000000000000427153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82761819f41b360f2021-12-21 10:47:22.444root 11241100x8000000000000000427154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e0ab607d7f5fe1b2021-12-21 10:47:22.444root 11241100x8000000000000000427155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c23e5abd8d2e402021-12-21 10:47:22.445root 11241100x8000000000000000427156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac6e6bc1e8d70f32021-12-21 10:47:22.445root 11241100x8000000000000000427157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ada2bd3f0cdd282021-12-21 10:47:22.445root 11241100x8000000000000000427158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d37782eed90ed122021-12-21 10:47:22.445root 11241100x8000000000000000427159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa5f1388e558f2392021-12-21 10:47:22.445root 11241100x8000000000000000427160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599d34034ddda6fb2021-12-21 10:47:22.445root 11241100x8000000000000000427161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8f583ada22fdce02021-12-21 10:47:22.445root 11241100x8000000000000000427162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b2d4f35d0fac902021-12-21 10:47:22.445root 11241100x8000000000000000427163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa09f15de8365ce02021-12-21 10:47:22.445root 11241100x8000000000000000427164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bbe155db1d1c61f2021-12-21 10:47:22.445root 11241100x8000000000000000427165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b17b1e100c13b80e2021-12-21 10:47:22.446root 11241100x8000000000000000427166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d60de4c28a93a272021-12-21 10:47:22.446root 11241100x8000000000000000427167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0993e022706021e12021-12-21 10:47:22.446root 11241100x8000000000000000427168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c38b7007ea7063382021-12-21 10:47:22.446root 11241100x8000000000000000427169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.258f6d5e8eec45a62021-12-21 10:47:22.446root 11241100x8000000000000000427170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42505e0b5f2d66052021-12-21 10:47:22.446root 11241100x8000000000000000427171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a1bf5e03e96e13e2021-12-21 10:47:22.446root 11241100x8000000000000000427172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb7ad04764fc4472021-12-21 10:47:22.446root 11241100x8000000000000000427173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1cc0ac4c7931e722021-12-21 10:47:22.447root 11241100x8000000000000000427174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec94e7455ea65782021-12-21 10:47:22.447root 11241100x8000000000000000427175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac3d7963d3bff122021-12-21 10:47:22.447root 11241100x8000000000000000427176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02918c98c144fb1a2021-12-21 10:47:22.447root 11241100x8000000000000000427177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11714706bf8e95652021-12-21 10:47:22.447root 11241100x8000000000000000427178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8faae557314747a2021-12-21 10:47:22.447root 11241100x8000000000000000427179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5ebd03a2905ec1f2021-12-21 10:47:22.447root 11241100x8000000000000000427180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06831ffd7cc35ade2021-12-21 10:47:22.447root 11241100x8000000000000000427181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac7833c0a25ec4f52021-12-21 10:47:22.447root 11241100x8000000000000000427182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f6ffb9bcca3d6fc2021-12-21 10:47:22.448root 11241100x8000000000000000427183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a2734104b02ac22021-12-21 10:47:22.448root 11241100x8000000000000000427184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36b2d48c09f857b92021-12-21 10:47:22.448root 11241100x8000000000000000427185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e27e216e7723ffec2021-12-21 10:47:22.448root 11241100x8000000000000000427186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.974c5678ef68ca972021-12-21 10:47:22.448root 11241100x8000000000000000427187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67ba68178f6c3412021-12-21 10:47:22.448root 11241100x8000000000000000427188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab340d4cbe029d2d2021-12-21 10:47:22.448root 11241100x8000000000000000427189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3303f3e6f3278c52021-12-21 10:47:22.449root 11241100x8000000000000000427190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea37955855c504a2021-12-21 10:47:22.449root 11241100x8000000000000000427191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d414bcfc307364002021-12-21 10:47:22.449root 11241100x8000000000000000427192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5391dfb3b799612021-12-21 10:47:22.449root 11241100x8000000000000000427193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d9c3480565923712021-12-21 10:47:22.449root 11241100x8000000000000000427194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52719d35fd4ebeed2021-12-21 10:47:22.449root 11241100x8000000000000000427195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a5430dc4cfb22692021-12-21 10:47:22.449root 11241100x8000000000000000427196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f36e0e0a8fbf64292021-12-21 10:47:22.449root 11241100x8000000000000000427197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d01ae93a3a3dea22021-12-21 10:47:22.449root 11241100x8000000000000000427198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e29503dd594624662021-12-21 10:47:22.943root 11241100x8000000000000000427199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a7ee7ba2af411d2021-12-21 10:47:22.943root 11241100x8000000000000000427200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b88815f4a729f40f2021-12-21 10:47:22.944root 11241100x8000000000000000427201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a6320595f9191052021-12-21 10:47:22.944root 11241100x8000000000000000427202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2293760a1b81c7ad2021-12-21 10:47:22.944root 11241100x8000000000000000427203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18da30138f54ed3e2021-12-21 10:47:22.944root 11241100x8000000000000000427204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c919848ebb8f452021-12-21 10:47:22.944root 11241100x8000000000000000427205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8086f0a3d7cb84a32021-12-21 10:47:22.944root 11241100x8000000000000000427206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd96a274a6b3759a2021-12-21 10:47:22.944root 11241100x8000000000000000427207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35250eeb624f0cfc2021-12-21 10:47:22.944root 11241100x8000000000000000427208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d96319bfa3a1e3b62021-12-21 10:47:22.944root 11241100x8000000000000000427209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e76b2930166267e72021-12-21 10:47:22.945root 11241100x8000000000000000427210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23df05c130223f812021-12-21 10:47:22.945root 11241100x8000000000000000427211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b125faf717818512021-12-21 10:47:22.945root 11241100x8000000000000000427212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c8263265269b1c12021-12-21 10:47:22.945root 11241100x8000000000000000427213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f5fea7476e01562021-12-21 10:47:22.945root 11241100x8000000000000000427214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd18d5e6f595ad282021-12-21 10:47:22.945root 11241100x8000000000000000427215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97077f1c97558f582021-12-21 10:47:22.945root 11241100x8000000000000000427216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f7394a3ef3db1d2021-12-21 10:47:22.945root 11241100x8000000000000000427217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe315d833ba5a2e92021-12-21 10:47:22.945root 11241100x8000000000000000427218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb299bf63a5a06df2021-12-21 10:47:22.945root 11241100x8000000000000000427219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7fd407878b44652021-12-21 10:47:22.945root 11241100x8000000000000000427220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf7a92fd14ec6f382021-12-21 10:47:22.945root 11241100x8000000000000000427221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6be7ee7974d2e7782021-12-21 10:47:22.946root 11241100x8000000000000000427222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b2c7ecb07a1d1a2021-12-21 10:47:22.946root 11241100x8000000000000000427223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7b8e09644606db2021-12-21 10:47:22.946root 11241100x8000000000000000427224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc9d18e0f74e3592021-12-21 10:47:22.946root 11241100x8000000000000000427225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4545abed6d3e462021-12-21 10:47:22.946root 11241100x8000000000000000427226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b6b174ec2fe7fe02021-12-21 10:47:22.946root 11241100x8000000000000000427227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f154fda8b965486d2021-12-21 10:47:22.946root 11241100x8000000000000000427228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff82b8be6e3c031c2021-12-21 10:47:22.946root 11241100x8000000000000000427229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13760ed5e5ff82152021-12-21 10:47:22.946root 11241100x8000000000000000427230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.319c6a12ebfb22da2021-12-21 10:47:22.946root 11241100x8000000000000000427231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d97f048b76911b352021-12-21 10:47:22.946root 11241100x8000000000000000427232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22364fa5522f11742021-12-21 10:47:22.946root 11241100x8000000000000000427233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7602fd6ed58c7d22021-12-21 10:47:22.947root 11241100x8000000000000000427234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38b20e3c3a8ca8202021-12-21 10:47:22.947root 11241100x8000000000000000427235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3fc64df7fa580e42021-12-21 10:47:22.947root 11241100x8000000000000000427236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25fbd3d18ea2cf052021-12-21 10:47:22.947root 11241100x8000000000000000427237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ae4c3022a8d6bc2021-12-21 10:47:22.947root 11241100x8000000000000000427238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a349a7b9ab8c18942021-12-21 10:47:22.947root 11241100x8000000000000000427239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9680c9ec600c62252021-12-21 10:47:22.948root 11241100x8000000000000000427240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac27becb8c1030142021-12-21 10:47:22.948root 11241100x8000000000000000427241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab9d385835d1db52021-12-21 10:47:22.948root 11241100x8000000000000000427242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a18c916a4ac782332021-12-21 10:47:22.948root 11241100x8000000000000000427243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b0f8199a66d3062021-12-21 10:47:22.948root 11241100x8000000000000000427244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bea646f3ddb442202021-12-21 10:47:22.948root 11241100x8000000000000000427245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.551c4e88d6d44ab72021-12-21 10:47:22.948root 11241100x8000000000000000427246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf8d6ff0880c7c632021-12-21 10:47:22.949root 11241100x8000000000000000427247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccea8ba336f29c972021-12-21 10:47:22.949root 11241100x8000000000000000427248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d14e335d33f687ac2021-12-21 10:47:22.949root 11241100x8000000000000000427249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3274ebded4215c72021-12-21 10:47:22.949root 11241100x8000000000000000427250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c30230cd7332cbfb2021-12-21 10:47:22.949root 11241100x8000000000000000427251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b06e3f9bd3aedb2021-12-21 10:47:22.950root 11241100x8000000000000000427252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7433edef0af530db2021-12-21 10:47:22.950root 11241100x8000000000000000427253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3877a466d0515f22021-12-21 10:47:22.951root 11241100x8000000000000000427254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.298302a5ec13bdd52021-12-21 10:47:22.951root 11241100x8000000000000000427255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4851d2eb7992d19f2021-12-21 10:47:22.951root 11241100x8000000000000000427256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d10e23e0a57d21a2021-12-21 10:47:22.951root 11241100x8000000000000000427257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8125744844b8b73f2021-12-21 10:47:22.951root 11241100x8000000000000000427258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6bca56784ed6bfe2021-12-21 10:47:22.951root 11241100x8000000000000000427259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd33d017674a5882021-12-21 10:47:22.951root 11241100x8000000000000000427260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01edad792dd6699e2021-12-21 10:47:22.951root 11241100x8000000000000000427261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55d99901212370692021-12-21 10:47:22.951root 11241100x8000000000000000427262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ac6092e94709c932021-12-21 10:47:22.952root 11241100x8000000000000000427263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e556817da9506cab2021-12-21 10:47:22.952root 11241100x8000000000000000427264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f8ec51eee0ac7f62021-12-21 10:47:22.952root 11241100x8000000000000000427265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aadbdf5867136e3c2021-12-21 10:47:22.952root 11241100x8000000000000000427266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6b59b86043f7a22021-12-21 10:47:22.952root 11241100x8000000000000000427267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff8473729cb3528d2021-12-21 10:47:22.952root 11241100x8000000000000000427268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.662f85e7c373ea322021-12-21 10:47:22.952root 11241100x8000000000000000427269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaafee4ef126dc362021-12-21 10:47:22.952root 11241100x8000000000000000427270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc826894d693b3b52021-12-21 10:47:22.952root 11241100x8000000000000000427271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1454014a9691d82021-12-21 10:47:22.952root 11241100x8000000000000000427272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f47991787d98c4a2021-12-21 10:47:22.952root 11241100x8000000000000000427273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b389778340d5fb12021-12-21 10:47:22.953root 11241100x8000000000000000427274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dca7a2216cff37c92021-12-21 10:47:22.953root 11241100x8000000000000000427275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ee7bd039e341122021-12-21 10:47:22.953root 11241100x8000000000000000427276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d0f9d0c6bc7deb72021-12-21 10:47:22.953root 11241100x8000000000000000427277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e5638ba6fa86b62021-12-21 10:47:22.953root 11241100x8000000000000000427278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a09cfaded0880cd2021-12-21 10:47:22.953root 11241100x8000000000000000427279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a997230a2efd091a2021-12-21 10:47:22.953root 11241100x8000000000000000427280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.680bd0ba141f7b9e2021-12-21 10:47:22.953root 11241100x8000000000000000427281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f2958aa8922ca9a2021-12-21 10:47:22.953root 11241100x8000000000000000427282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b05d4f0a1652baff2021-12-21 10:47:22.954root 11241100x8000000000000000427283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27165745b7cfcf542021-12-21 10:47:22.954root 11241100x8000000000000000427284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d19213e70721c842021-12-21 10:47:22.954root 11241100x8000000000000000427285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e503e87931b6fb052021-12-21 10:47:22.954root 11241100x8000000000000000427286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a1dbfaca898686f2021-12-21 10:47:22.955root 11241100x8000000000000000427287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c776b8b39f750242021-12-21 10:47:22.955root 11241100x8000000000000000427288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35767a44510c9ca42021-12-21 10:47:22.955root 11241100x8000000000000000427289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c99659c72bd49c2021-12-21 10:47:22.955root 11241100x8000000000000000427290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.141609ae7badb92d2021-12-21 10:47:22.955root 11241100x8000000000000000427291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c588df25f9b0c42021-12-21 10:47:22.955root 11241100x8000000000000000427292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad1b96187d52063c2021-12-21 10:47:22.956root 11241100x8000000000000000427293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f9407641d0bf802021-12-21 10:47:22.956root 11241100x8000000000000000427294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.787a2187f3ac02002021-12-21 10:47:22.956root 11241100x8000000000000000427295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d64c97b5be3c8a932021-12-21 10:47:22.956root 11241100x8000000000000000427296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.221888d5e04893772021-12-21 10:47:22.956root 11241100x8000000000000000427297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eac0e12ca6ab1402021-12-21 10:47:22.956root 11241100x8000000000000000427298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9227af36f6591f6d2021-12-21 10:47:22.956root 11241100x8000000000000000427299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49bcc0587c1d19f2021-12-21 10:47:22.956root 11241100x8000000000000000427300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e7067fc4c5de212021-12-21 10:47:22.957root 11241100x8000000000000000427301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.605a1e0c1f2319c62021-12-21 10:47:22.957root 11241100x8000000000000000427302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9fd1726f567a7d12021-12-21 10:47:22.959root 11241100x8000000000000000427303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28576ae53ec3f7bf2021-12-21 10:47:22.959root 11241100x8000000000000000427304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c810493ff731180e2021-12-21 10:47:22.959root 11241100x8000000000000000427305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.712493717333448a2021-12-21 10:47:22.959root 11241100x8000000000000000427306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b95719f8524256212021-12-21 10:47:22.959root 11241100x8000000000000000427307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b97a49a741ee20422021-12-21 10:47:22.959root 11241100x8000000000000000427308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8453da86e09706b2021-12-21 10:47:22.960root 11241100x8000000000000000427309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a77ed23263b2b2d2021-12-21 10:47:22.960root 11241100x8000000000000000427310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd532485818b30a2021-12-21 10:47:22.960root 11241100x8000000000000000427311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b77b7049ec3f23662021-12-21 10:47:22.960root 11241100x8000000000000000427312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4993712968854a42021-12-21 10:47:22.960root 11241100x8000000000000000427313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee256b4567c5f1d2021-12-21 10:47:22.960root 11241100x8000000000000000427314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.840f815693a9be1e2021-12-21 10:47:22.960root 11241100x8000000000000000427315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0806628fe35ff5c62021-12-21 10:47:22.960root 11241100x8000000000000000427316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f1c24055447c9e52021-12-21 10:47:22.960root 11241100x8000000000000000427317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.967fb66272c7accf2021-12-21 10:47:22.960root 11241100x8000000000000000427318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7874b81c4a3e4c802021-12-21 10:47:22.961root 11241100x8000000000000000427319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a005733758b0039d2021-12-21 10:47:22.961root 11241100x8000000000000000427320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7a48645017075942021-12-21 10:47:22.961root 11241100x8000000000000000427321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c66a7e2ee403813c2021-12-21 10:47:22.961root 11241100x8000000000000000427322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75649c639dc4179f2021-12-21 10:47:22.961root 11241100x8000000000000000427323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a974b8efe400bf52021-12-21 10:47:22.961root 11241100x8000000000000000427324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b145594db853fb32021-12-21 10:47:22.961root 11241100x8000000000000000427325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a5b1e842f93801b2021-12-21 10:47:22.961root 11241100x8000000000000000427326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acdef457d1b47f5e2021-12-21 10:47:22.961root 11241100x8000000000000000427327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd6a78d5a994bbb2021-12-21 10:47:22.961root 11241100x8000000000000000427328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e990252ce5c5877e2021-12-21 10:47:22.962root 11241100x8000000000000000427329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb721e885539ee322021-12-21 10:47:22.962root 11241100x8000000000000000427330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46c7c00a929483bc2021-12-21 10:47:22.962root 11241100x8000000000000000427331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.058ce6fafe77c8382021-12-21 10:47:22.962root 11241100x8000000000000000427332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e7d7264b86b81e02021-12-21 10:47:22.962root 11241100x8000000000000000427333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da3aa03c69a9598a2021-12-21 10:47:22.962root 11241100x8000000000000000427334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4736418a6a8ee9802021-12-21 10:47:22.962root 11241100x8000000000000000427335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f75cbc57d76ccd9e2021-12-21 10:47:22.962root 11241100x8000000000000000427336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.905b7407b06e082c2021-12-21 10:47:22.962root 11241100x8000000000000000427337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.425c8f80d8360b232021-12-21 10:47:22.962root 11241100x8000000000000000427338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c0e85f582659012021-12-21 10:47:22.962root 11241100x8000000000000000427339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b2c19789e0c4f42021-12-21 10:47:22.962root 11241100x8000000000000000427340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b7a3bbce6830fb82021-12-21 10:47:22.963root 11241100x8000000000000000427341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc694ed9b90fcab02021-12-21 10:47:22.963root 11241100x8000000000000000427342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe3ccb9259ebc0192021-12-21 10:47:22.963root 11241100x8000000000000000427343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c94dca60dcd7f42021-12-21 10:47:22.963root 11241100x8000000000000000427344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81fb60cec6f6c1192021-12-21 10:47:22.963root 11241100x8000000000000000427345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.017d35ca32a885962021-12-21 10:47:22.963root 11241100x8000000000000000427346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.964{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba58feb98ca248b82021-12-21 10:47:22.964root 11241100x8000000000000000427347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.964{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf857e1618f125b12021-12-21 10:47:22.964root 11241100x8000000000000000427348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.964{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cca8c60df1b26c72021-12-21 10:47:22.964root 11241100x8000000000000000427349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.964{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ec4ef06d057c97b2021-12-21 10:47:22.964root 11241100x8000000000000000427350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.964{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926639370b6a34e22021-12-21 10:47:22.964root 11241100x8000000000000000427351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.964{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f2d3b784507ff52021-12-21 10:47:22.964root 11241100x8000000000000000427352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.964{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a8fadf5dc66e342021-12-21 10:47:22.964root 11241100x8000000000000000427353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.773f58c9ed5c2cbf2021-12-21 10:47:22.965root 11241100x8000000000000000427354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66b84716a9733fda2021-12-21 10:47:22.965root 11241100x8000000000000000427355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec1d5f032c3fd792021-12-21 10:47:22.965root 11241100x8000000000000000427356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc2890018240a872021-12-21 10:47:22.965root 11241100x8000000000000000427357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b31d62ac2d49c202021-12-21 10:47:22.965root 11241100x8000000000000000427358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96325b0ee890a2232021-12-21 10:47:22.965root 11241100x8000000000000000427359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e0585cab8b0fcd92021-12-21 10:47:22.965root 11241100x8000000000000000427360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.966{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee00ecf8e5554d342021-12-21 10:47:22.966root 11241100x8000000000000000427361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.966{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1230a273255cbf62021-12-21 10:47:22.966root 11241100x8000000000000000427362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.966{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cb53cc931ac2e262021-12-21 10:47:22.966root 11241100x8000000000000000427363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.966{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25fdbfade649bced2021-12-21 10:47:22.966root 11241100x8000000000000000427364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.966{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0230951aa7f275872021-12-21 10:47:22.966root 11241100x8000000000000000427365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.966{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.116f800537cbfe8f2021-12-21 10:47:22.966root 11241100x8000000000000000427366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.966{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94827b6d9e226a22021-12-21 10:47:22.966root 11241100x8000000000000000427367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0dcd3ca30a845fd2021-12-21 10:47:22.967root 11241100x8000000000000000427368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23425252fa75e3332021-12-21 10:47:22.967root 11241100x8000000000000000427369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f17a9eec80d9cc2021-12-21 10:47:22.967root 11241100x8000000000000000427370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43507c6fbf3c5d382021-12-21 10:47:22.967root 11241100x8000000000000000427371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.102b0aa4659687cb2021-12-21 10:47:22.967root 11241100x8000000000000000427372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f297824d9613c9902021-12-21 10:47:22.967root 11241100x8000000000000000427373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0902dc92bd175ba2021-12-21 10:47:22.967root 11241100x8000000000000000427374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ab46816e2cd2e72021-12-21 10:47:22.967root 11241100x8000000000000000427375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980f9b8543fe14392021-12-21 10:47:22.968root 11241100x8000000000000000427376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf10c622240a294d2021-12-21 10:47:22.968root 11241100x8000000000000000427377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fea5a6d69606c5e62021-12-21 10:47:22.968root 11241100x8000000000000000427378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e21d9e827f13a1f12021-12-21 10:47:22.968root 11241100x8000000000000000427379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83280d04912976c42021-12-21 10:47:22.968root 11241100x8000000000000000427380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.316da89036f73d182021-12-21 10:47:22.968root 11241100x8000000000000000427381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc2a776454cf8a72021-12-21 10:47:22.968root 11241100x8000000000000000427382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93a67bd13d8b2ba42021-12-21 10:47:22.968root 11241100x8000000000000000427383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ba769d336470842021-12-21 10:47:22.968root 11241100x8000000000000000427384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fa69140a5da9cc42021-12-21 10:47:22.969root 11241100x8000000000000000427385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96ef61174c72b2002021-12-21 10:47:22.969root 11241100x8000000000000000427386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff8d30a9be41fd672021-12-21 10:47:22.969root 11241100x8000000000000000427387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f3f6c01c41b99a2021-12-21 10:47:22.969root 11241100x8000000000000000427388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df6d770d9610a382021-12-21 10:47:22.969root 11241100x8000000000000000427389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5ecb22fd777307c2021-12-21 10:47:22.969root 11241100x8000000000000000427390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf691725b4ae696b2021-12-21 10:47:22.969root 11241100x8000000000000000427391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a72bee9c0967e8a2021-12-21 10:47:22.969root 11241100x8000000000000000427392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd69ee9cd22eab0b2021-12-21 10:47:22.969root 11241100x8000000000000000427393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e61801a18f574a02021-12-21 10:47:22.969root 11241100x8000000000000000427394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.970{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc69b41b590614ea2021-12-21 10:47:22.970root 11241100x8000000000000000427395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.970{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff92f9e99b78b1f22021-12-21 10:47:22.970root 11241100x8000000000000000427396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.970{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56dfcade6830a73e2021-12-21 10:47:22.970root 11241100x8000000000000000427397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.970{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afda1a1a3de276a92021-12-21 10:47:22.970root 11241100x8000000000000000427398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.970{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19be015f586cd9372021-12-21 10:47:22.970root 11241100x8000000000000000427399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.970{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0a99adeba83ae362021-12-21 10:47:22.970root 11241100x8000000000000000427400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.970{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.605e90947e50adcc2021-12-21 10:47:22.970root 11241100x8000000000000000427401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.970{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de9f9185869c4b1d2021-12-21 10:47:22.970root 11241100x8000000000000000427402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d3836b594855ab62021-12-21 10:47:22.971root 11241100x8000000000000000427403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28ba87606dee886e2021-12-21 10:47:22.971root 11241100x8000000000000000427404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.530c444b661b08702021-12-21 10:47:22.971root 11241100x8000000000000000427405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c8bcfa0ef1d37a92021-12-21 10:47:22.971root 11241100x8000000000000000427406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13420b5f39c35a3e2021-12-21 10:47:22.971root 11241100x8000000000000000427407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25300e5aa99e4bdf2021-12-21 10:47:22.971root 11241100x8000000000000000427408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c451750eae0b3ae2021-12-21 10:47:22.971root 11241100x8000000000000000427409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f33570a23d1adbf2021-12-21 10:47:22.972root 11241100x8000000000000000427410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aebb8eaa03e872fb2021-12-21 10:47:22.972root 11241100x8000000000000000427411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d72d21ac7107eeb2021-12-21 10:47:22.972root 11241100x8000000000000000427412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:22.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a905d74c242dfe2021-12-21 10:47:22.972root 11241100x8000000000000000427413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acbc0df3c60b28322021-12-21 10:47:23.443root 11241100x8000000000000000427414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eed0d5e76ba97802021-12-21 10:47:23.443root 11241100x8000000000000000427415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195d52e86d321b7c2021-12-21 10:47:23.444root 11241100x8000000000000000427416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14879494a83c0d662021-12-21 10:47:23.444root 11241100x8000000000000000427417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.124bbcc513b608a72021-12-21 10:47:23.444root 11241100x8000000000000000427418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b091590e4fb62be2021-12-21 10:47:23.444root 11241100x8000000000000000427419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e1ac3f92c382e02021-12-21 10:47:23.444root 11241100x8000000000000000427420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7938dbe3ac397592021-12-21 10:47:23.444root 11241100x8000000000000000427421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66982d062f5ebe892021-12-21 10:47:23.444root 11241100x8000000000000000427422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.564503f419d576e92021-12-21 10:47:23.444root 11241100x8000000000000000427423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e14bd88f3b6c55062021-12-21 10:47:23.444root 11241100x8000000000000000427424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.566042babb7e6f042021-12-21 10:47:23.444root 11241100x8000000000000000427425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ba945ecef30e652021-12-21 10:47:23.444root 11241100x8000000000000000427426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b31cf8bf859b8d2b2021-12-21 10:47:23.444root 11241100x8000000000000000427427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd389abbe4c6c522021-12-21 10:47:23.444root 11241100x8000000000000000427428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de3b04f5bb61c342021-12-21 10:47:23.445root 11241100x8000000000000000427429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46453184bb1d795c2021-12-21 10:47:23.445root 11241100x8000000000000000427430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff5cf9fd24621d82021-12-21 10:47:23.445root 11241100x8000000000000000427431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf7f9d79db0909df2021-12-21 10:47:23.445root 11241100x8000000000000000427432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df21a9f6974df882021-12-21 10:47:23.445root 11241100x8000000000000000427433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b48481eec8be17d2021-12-21 10:47:23.445root 11241100x8000000000000000427434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c0fedd5f3e31912021-12-21 10:47:23.445root 11241100x8000000000000000427435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e15229630edad24d2021-12-21 10:47:23.445root 11241100x8000000000000000427436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6054e4732834be82021-12-21 10:47:23.446root 11241100x8000000000000000427437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76a51139898c985a2021-12-21 10:47:23.446root 11241100x8000000000000000427438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.253cec90169a12a12021-12-21 10:47:23.446root 11241100x8000000000000000427439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7db8d038a641592b2021-12-21 10:47:23.446root 11241100x8000000000000000427440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2892d4a39589a62d2021-12-21 10:47:23.446root 11241100x8000000000000000427441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad4c3c6bd42ed8602021-12-21 10:47:23.446root 11241100x8000000000000000427442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e8c2af1839946f92021-12-21 10:47:23.446root 11241100x8000000000000000427443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1cda4d32066e8862021-12-21 10:47:23.447root 11241100x8000000000000000427444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.453aa7415b5d441d2021-12-21 10:47:23.447root 11241100x8000000000000000427445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bab6dd7f43630282021-12-21 10:47:23.447root 11241100x8000000000000000427446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b04718b23a9cebfa2021-12-21 10:47:23.447root 11241100x8000000000000000427447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbdc289e45f9a8872021-12-21 10:47:23.447root 11241100x8000000000000000427448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e96fa9d6fdc3c02021-12-21 10:47:23.447root 11241100x8000000000000000427449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b55be78dc0bfcf2021-12-21 10:47:23.447root 11241100x8000000000000000427450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.751e89c3e8cbaf412021-12-21 10:47:23.448root 11241100x8000000000000000427451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90bb527ff6b046ff2021-12-21 10:47:23.448root 11241100x8000000000000000427452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4017c18f1773c0ee2021-12-21 10:47:23.448root 11241100x8000000000000000427453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a64ead98a5c274c02021-12-21 10:47:23.448root 11241100x8000000000000000427454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfee4b088b7053f52021-12-21 10:47:23.448root 11241100x8000000000000000427455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e9670aa9f7d54032021-12-21 10:47:23.448root 11241100x8000000000000000427456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.946490d844e7ad012021-12-21 10:47:23.448root 11241100x8000000000000000427457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9e614f509238bb2021-12-21 10:47:23.449root 11241100x8000000000000000427458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f73d92ad3b8888902021-12-21 10:47:23.449root 11241100x8000000000000000427459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68843754a16799ae2021-12-21 10:47:23.449root 11241100x8000000000000000427460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eec28a2d83c789d2021-12-21 10:47:23.449root 11241100x8000000000000000427461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ff1533e510793c2021-12-21 10:47:23.449root 11241100x8000000000000000427462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e64c7b96017a0d2021-12-21 10:47:23.449root 11241100x8000000000000000427463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3696da4d068d17722021-12-21 10:47:23.449root 11241100x8000000000000000427464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b46bc2a8c833e15a2021-12-21 10:47:23.449root 11241100x8000000000000000427465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f3cc7dcbbea82d22021-12-21 10:47:23.449root 11241100x8000000000000000427466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.246835139e4990442021-12-21 10:47:23.450root 11241100x8000000000000000427467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e245b98953a6b162021-12-21 10:47:23.450root 11241100x8000000000000000427468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04946ffd0a71116f2021-12-21 10:47:23.450root 11241100x8000000000000000427469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fdc938c371b93802021-12-21 10:47:23.450root 11241100x8000000000000000427470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa2f52e968c8da22021-12-21 10:47:23.450root 11241100x8000000000000000427471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c267fa31bcd95fc12021-12-21 10:47:23.450root 11241100x8000000000000000427472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a9ff3fb9707d142021-12-21 10:47:23.450root 11241100x8000000000000000427473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b826c866a8e08fd62021-12-21 10:47:23.450root 11241100x8000000000000000427474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c1bd2246b1a516d2021-12-21 10:47:23.450root 11241100x8000000000000000427475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.490dd78f8072fd742021-12-21 10:47:23.451root 11241100x8000000000000000427476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b468390ff12a522021-12-21 10:47:23.451root 11241100x8000000000000000427477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ca04de0be701b482021-12-21 10:47:23.451root 11241100x8000000000000000427478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c939d8ef98501d682021-12-21 10:47:23.451root 11241100x8000000000000000427479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d97005e8d313802021-12-21 10:47:23.452root 11241100x8000000000000000427480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a113e7952b8af0942021-12-21 10:47:23.452root 11241100x8000000000000000427481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79dea9bc767cd30c2021-12-21 10:47:23.452root 11241100x8000000000000000427482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0895cdfe109e527a2021-12-21 10:47:23.452root 11241100x8000000000000000427483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7adf1bd315c3402021-12-21 10:47:23.452root 11241100x8000000000000000427484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8671f88be449a92021-12-21 10:47:23.452root 11241100x8000000000000000427485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb296e4f3d677c7f2021-12-21 10:47:23.452root 11241100x8000000000000000427486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c0a1412e5702582021-12-21 10:47:23.452root 11241100x8000000000000000427487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca5466a78fd7feee2021-12-21 10:47:23.452root 11241100x8000000000000000427488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5672293ca95e4d62021-12-21 10:47:23.453root 11241100x8000000000000000427489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dc47cd5c3874edb2021-12-21 10:47:23.943root 11241100x8000000000000000427490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bc7055debf9d9d72021-12-21 10:47:23.943root 11241100x8000000000000000427491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae6d0f101adcde02021-12-21 10:47:23.943root 11241100x8000000000000000427492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a592a1810a69107e2021-12-21 10:47:23.943root 11241100x8000000000000000427493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d99d6de9857d9c2021-12-21 10:47:23.944root 11241100x8000000000000000427494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea7bce4d1017242d2021-12-21 10:47:23.944root 11241100x8000000000000000427495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c087ef665ab46a382021-12-21 10:47:23.944root 11241100x8000000000000000427496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eaec2983376d1b62021-12-21 10:47:23.944root 11241100x8000000000000000427497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf8b7bd30c94d2b2021-12-21 10:47:23.944root 11241100x8000000000000000427498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9897c27f781ef9ab2021-12-21 10:47:23.944root 11241100x8000000000000000427499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458326f33daabc3b2021-12-21 10:47:23.944root 11241100x8000000000000000427500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e618fc421ac4bb02021-12-21 10:47:23.944root 11241100x8000000000000000427501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28ae4df78febc862021-12-21 10:47:23.944root 11241100x8000000000000000427502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f4475771dfe96c22021-12-21 10:47:23.945root 11241100x8000000000000000427503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b1cff22307099862021-12-21 10:47:23.945root 11241100x8000000000000000427504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c246b951ebed65432021-12-21 10:47:23.945root 11241100x8000000000000000427505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a5641d225deacb32021-12-21 10:47:23.945root 11241100x8000000000000000427506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e43c61950aabbfb82021-12-21 10:47:23.945root 11241100x8000000000000000427507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103513ec218540802021-12-21 10:47:23.946root 11241100x8000000000000000427508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48ac3fe260a171732021-12-21 10:47:23.946root 11241100x8000000000000000427509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8823fcee043df3a72021-12-21 10:47:23.946root 11241100x8000000000000000427510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab78e62a40dd6422021-12-21 10:47:23.946root 11241100x8000000000000000427511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33b849f2e45fe0602021-12-21 10:47:23.946root 11241100x8000000000000000427512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c9482220439a972021-12-21 10:47:23.946root 11241100x8000000000000000427513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e29a95668514dd142021-12-21 10:47:23.946root 11241100x8000000000000000427514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c4b5d6d0d8d860d2021-12-21 10:47:23.946root 11241100x8000000000000000427515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41917966da1325ed2021-12-21 10:47:23.946root 11241100x8000000000000000427516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae56079274e04be2021-12-21 10:47:23.946root 11241100x8000000000000000427517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0097a451b71498672021-12-21 10:47:23.946root 11241100x8000000000000000427518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a33a79e74ee951902021-12-21 10:47:23.947root 11241100x8000000000000000427519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c3629ff5464b1a22021-12-21 10:47:23.947root 11241100x8000000000000000427520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e560fe087eec3e42021-12-21 10:47:23.947root 11241100x8000000000000000427521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1a4104c8f04d0ee2021-12-21 10:47:23.947root 11241100x8000000000000000427522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a785eda5e713c03a2021-12-21 10:47:23.947root 11241100x8000000000000000427523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac7b716446a0e5d52021-12-21 10:47:23.947root 11241100x8000000000000000427524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1765815d5918c8ea2021-12-21 10:47:23.947root 11241100x8000000000000000427525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.830766161c49694e2021-12-21 10:47:23.947root 11241100x8000000000000000427526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc3a3728aebb3982021-12-21 10:47:23.947root 11241100x8000000000000000427527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.550a4dde23d93a622021-12-21 10:47:23.947root 11241100x8000000000000000427528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26dfe06355d47de72021-12-21 10:47:23.947root 11241100x8000000000000000427529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74b7495ee866e2182021-12-21 10:47:23.947root 11241100x8000000000000000427530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.152a2e049109ae912021-12-21 10:47:23.948root 11241100x8000000000000000427531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f980bf4efcdab34c2021-12-21 10:47:23.948root 11241100x8000000000000000427532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d394823424f2afd22021-12-21 10:47:23.948root 11241100x8000000000000000427533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0378e43a231a699f2021-12-21 10:47:23.948root 11241100x8000000000000000427534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3437f9ab06304552021-12-21 10:47:23.948root 11241100x8000000000000000427535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c82a862c7517e0352021-12-21 10:47:23.948root 11241100x8000000000000000427536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d018321dc3168d2021-12-21 10:47:23.948root 11241100x8000000000000000427537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07b3b7fe33e834352021-12-21 10:47:23.948root 11241100x8000000000000000427538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b20872f059ac2262021-12-21 10:47:23.948root 11241100x8000000000000000427539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db2d61d08c03b5f2021-12-21 10:47:23.948root 11241100x8000000000000000427540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd0db1120f0c32f2021-12-21 10:47:23.948root 11241100x8000000000000000427541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3267875421b9dc942021-12-21 10:47:23.948root 11241100x8000000000000000427542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f02306de6bb918542021-12-21 10:47:23.948root 11241100x8000000000000000427543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8248a985345f7cda2021-12-21 10:47:23.949root 11241100x8000000000000000427544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c326100b18b9df152021-12-21 10:47:23.949root 11241100x8000000000000000427545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d74c73fbc1d0fee2021-12-21 10:47:23.949root 11241100x8000000000000000427546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6275cf2f367302852021-12-21 10:47:23.949root 11241100x8000000000000000427547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6517e89bce5f7dd72021-12-21 10:47:23.949root 11241100x8000000000000000427548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dff7fddb08884db2021-12-21 10:47:23.949root 11241100x8000000000000000427549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fce3079f425b0452021-12-21 10:47:23.949root 11241100x8000000000000000427550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:23.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de50766b2732ad422021-12-21 10:47:23.949root 11241100x8000000000000000427551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f81816059a4e6e2021-12-21 10:47:24.443root 11241100x8000000000000000427552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cae558a8635e2fe2021-12-21 10:47:24.443root 11241100x8000000000000000427553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d9c840a450029a2021-12-21 10:47:24.444root 11241100x8000000000000000427554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9fe933bf96a5c442021-12-21 10:47:24.444root 11241100x8000000000000000427555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b89e43f77cacbe982021-12-21 10:47:24.444root 11241100x8000000000000000427556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f22cc9d8e8bca842021-12-21 10:47:24.444root 11241100x8000000000000000427557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be295b876e82b8432021-12-21 10:47:24.444root 11241100x8000000000000000427558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ed3c2741e3d07d22021-12-21 10:47:24.444root 11241100x8000000000000000427559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.417a7cf2454c64d12021-12-21 10:47:24.444root 11241100x8000000000000000427560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3620517c9a2fe12021-12-21 10:47:24.444root 11241100x8000000000000000427561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.543a0338ffef53322021-12-21 10:47:24.444root 11241100x8000000000000000427562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335081ff658382702021-12-21 10:47:24.445root 11241100x8000000000000000427563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e93455f62cb9e992021-12-21 10:47:24.445root 11241100x8000000000000000427564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b313c1b81fb30802021-12-21 10:47:24.445root 11241100x8000000000000000427565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bea79c8408a47ee72021-12-21 10:47:24.445root 11241100x8000000000000000427566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed6f2ca525ee2fa2021-12-21 10:47:24.445root 11241100x8000000000000000427567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c394c7824ecb7282021-12-21 10:47:24.445root 11241100x8000000000000000427568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c7c8d4908c14bf52021-12-21 10:47:24.445root 11241100x8000000000000000427569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f4af1ccda0c0472021-12-21 10:47:24.445root 11241100x8000000000000000427570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc8428fd213729ce2021-12-21 10:47:24.446root 11241100x8000000000000000427571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b703ccee5c43b5b2021-12-21 10:47:24.446root 11241100x8000000000000000427572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de25d3b2523e04252021-12-21 10:47:24.446root 11241100x8000000000000000427573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ede29829797658a2021-12-21 10:47:24.446root 11241100x8000000000000000427574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f55ba3ed6f6a1072021-12-21 10:47:24.446root 11241100x8000000000000000427575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a5986e152176542021-12-21 10:47:24.446root 11241100x8000000000000000427576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca51097c50077ac2021-12-21 10:47:24.446root 11241100x8000000000000000427577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e04c70b6882f7bfa2021-12-21 10:47:24.446root 11241100x8000000000000000427578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f02e2c0b120e2b1b2021-12-21 10:47:24.447root 11241100x8000000000000000427579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0369a9d1725fbc02021-12-21 10:47:24.447root 11241100x8000000000000000427580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.716df06d0f6985082021-12-21 10:47:24.447root 11241100x8000000000000000427581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d397c7893a42eff62021-12-21 10:47:24.447root 11241100x8000000000000000427582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2618c56e331df34f2021-12-21 10:47:24.447root 11241100x8000000000000000427583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f068c73c1f41235d2021-12-21 10:47:24.447root 11241100x8000000000000000427584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4354e425bb7e4afb2021-12-21 10:47:24.447root 11241100x8000000000000000427585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.391940e19cadc1242021-12-21 10:47:24.447root 11241100x8000000000000000427586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccb40efead7ddb302021-12-21 10:47:24.447root 11241100x8000000000000000427587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a15bd8cea1c96b4c2021-12-21 10:47:24.447root 11241100x8000000000000000427588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0dbfa177a1e08c82021-12-21 10:47:24.448root 11241100x8000000000000000427589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4829625dea01ee0b2021-12-21 10:47:24.448root 11241100x8000000000000000427590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c10d3f852693942021-12-21 10:47:24.448root 11241100x8000000000000000427591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c09cf428adcef62021-12-21 10:47:24.448root 11241100x8000000000000000427592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed8107f15f5e9f22021-12-21 10:47:24.448root 11241100x8000000000000000427593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e74cf3589a8979b2021-12-21 10:47:24.448root 11241100x8000000000000000427594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2730987c96522532021-12-21 10:47:24.448root 11241100x8000000000000000427595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e28fd414f3ae2172021-12-21 10:47:24.448root 11241100x8000000000000000427596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d27fced62527b58f2021-12-21 10:47:24.448root 11241100x8000000000000000427597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a162e8c2b77ee9212021-12-21 10:47:24.448root 11241100x8000000000000000427598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c43c7388999199e2021-12-21 10:47:24.449root 11241100x8000000000000000427599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76aa67126903f7062021-12-21 10:47:24.449root 11241100x8000000000000000427600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07fa2d7bd831f3722021-12-21 10:47:24.449root 11241100x8000000000000000427601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deafb00224f390be2021-12-21 10:47:24.449root 11241100x8000000000000000427602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98036cc5ef3df7662021-12-21 10:47:24.449root 11241100x8000000000000000427603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e885f45432dc352c2021-12-21 10:47:24.449root 11241100x8000000000000000427604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.950ed085a37ae4fb2021-12-21 10:47:24.449root 11241100x8000000000000000427605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10897f5ff5a0fa752021-12-21 10:47:24.449root 11241100x8000000000000000427606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.624221598347a7582021-12-21 10:47:24.449root 11241100x8000000000000000427607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c73904173fbc2be2021-12-21 10:47:24.449root 11241100x8000000000000000427608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9dc0a1fd94dfc482021-12-21 10:47:24.449root 11241100x8000000000000000427609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de3afba03d0b3f62021-12-21 10:47:24.450root 11241100x8000000000000000427610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a8e10a975e8e36b2021-12-21 10:47:24.450root 11241100x8000000000000000427611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd8c666193efe98d2021-12-21 10:47:24.450root 11241100x8000000000000000427612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f5f28a28fb5a8472021-12-21 10:47:24.450root 11241100x8000000000000000427613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0baaa90f338ff6f42021-12-21 10:47:24.450root 11241100x8000000000000000427614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4152f065d6f353992021-12-21 10:47:24.450root 11241100x8000000000000000427615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc7e152260d3daa82021-12-21 10:47:24.450root 11241100x8000000000000000427616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62efc70747da96312021-12-21 10:47:24.450root 11241100x8000000000000000427617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a36017d3215d657e2021-12-21 10:47:24.450root 11241100x8000000000000000427618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fba1f0dc7631bfe2021-12-21 10:47:24.450root 11241100x8000000000000000427619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b94f718894e4b32021-12-21 10:47:24.450root 11241100x8000000000000000427620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c837c303df3c315d2021-12-21 10:47:24.451root 11241100x8000000000000000427621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e7fee34f0e0e6f2021-12-21 10:47:24.451root 11241100x8000000000000000427622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d59226f88d5f7cce2021-12-21 10:47:24.451root 11241100x8000000000000000427623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47607821d1c235492021-12-21 10:47:24.451root 11241100x8000000000000000427624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d4e270996720a022021-12-21 10:47:24.943root 11241100x8000000000000000427625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3768903115c005242021-12-21 10:47:24.943root 11241100x8000000000000000427626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a850e9b3356cae662021-12-21 10:47:24.943root 11241100x8000000000000000427627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541285713ed2a3bd2021-12-21 10:47:24.943root 11241100x8000000000000000427628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ef9824bbe9b2aba2021-12-21 10:47:24.944root 11241100x8000000000000000427629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651c279ad7a9284e2021-12-21 10:47:24.944root 11241100x8000000000000000427630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a3fe42021e787492021-12-21 10:47:24.944root 11241100x8000000000000000427631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e5ae040abcbb022021-12-21 10:47:24.944root 11241100x8000000000000000427632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dabe50cb9c1b07042021-12-21 10:47:24.944root 11241100x8000000000000000427633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.487ed0c5508dbb6c2021-12-21 10:47:24.944root 11241100x8000000000000000427634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c03f85d18efff8e52021-12-21 10:47:24.944root 11241100x8000000000000000427635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.005a5ed4c90a78e12021-12-21 10:47:24.944root 11241100x8000000000000000427636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b0f060db80e6922021-12-21 10:47:24.945root 11241100x8000000000000000427637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb2775185cffcb192021-12-21 10:47:24.945root 11241100x8000000000000000427638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6154058e1c25d5a12021-12-21 10:47:24.945root 11241100x8000000000000000427639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2feca2dfa67c56582021-12-21 10:47:24.945root 11241100x8000000000000000427640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9ce658af1ecd62f2021-12-21 10:47:24.945root 11241100x8000000000000000427641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965dc4974a83e6ce2021-12-21 10:47:24.945root 11241100x8000000000000000427642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626ba887f4729c722021-12-21 10:47:24.945root 11241100x8000000000000000427643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.574ea17552f7fb4f2021-12-21 10:47:24.945root 11241100x8000000000000000427644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e7ba0d1ca095662021-12-21 10:47:24.945root 11241100x8000000000000000427645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7886c8d49bcb72b2021-12-21 10:47:24.945root 11241100x8000000000000000427646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7359291dc3b118d92021-12-21 10:47:24.945root 11241100x8000000000000000427647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66f3e6c788a9c44b2021-12-21 10:47:24.945root 11241100x8000000000000000427648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de2b9a370ed641712021-12-21 10:47:24.946root 11241100x8000000000000000427649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68de74cc4eadce3a2021-12-21 10:47:24.946root 11241100x8000000000000000427650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f5dabaf9cb305192021-12-21 10:47:24.946root 11241100x8000000000000000427651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96ef073d596558d2021-12-21 10:47:24.946root 11241100x8000000000000000427652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3960f328685891142021-12-21 10:47:24.946root 11241100x8000000000000000427653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8105a7dec9efb3372021-12-21 10:47:24.946root 11241100x8000000000000000427654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da8d7c7c0f95bbf2021-12-21 10:47:24.946root 11241100x8000000000000000427655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b3aa5182b8dbd02021-12-21 10:47:24.946root 11241100x8000000000000000427656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2992d8ebde110a52021-12-21 10:47:24.946root 11241100x8000000000000000427657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2516a4bd623bc1fe2021-12-21 10:47:24.946root 11241100x8000000000000000427658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df21fc70363eb822021-12-21 10:47:24.946root 11241100x8000000000000000427659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.429f9a6c01198a632021-12-21 10:47:24.946root 11241100x8000000000000000427660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13f65f7087fd71c22021-12-21 10:47:24.946root 11241100x8000000000000000427661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7ec5d0a8c0242d12021-12-21 10:47:24.946root 11241100x8000000000000000427662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1dab13da6850f3b2021-12-21 10:47:24.946root 11241100x8000000000000000427663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.414dd4aaa790e5802021-12-21 10:47:24.947root 11241100x8000000000000000427664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bebc2e693d8884302021-12-21 10:47:24.947root 11241100x8000000000000000427665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.045a9e23c277514c2021-12-21 10:47:24.947root 11241100x8000000000000000427666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.596600eb9b1c6a5c2021-12-21 10:47:24.947root 11241100x8000000000000000427667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c790a2485cb548c2021-12-21 10:47:24.947root 11241100x8000000000000000427668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fbe5369e125bb1d2021-12-21 10:47:24.947root 11241100x8000000000000000427669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f1b9ac046205342021-12-21 10:47:24.947root 11241100x8000000000000000427670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec8529570cc799402021-12-21 10:47:24.947root 11241100x8000000000000000427671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8078d14ab76d5e002021-12-21 10:47:24.947root 11241100x8000000000000000427672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd170d42fb60ff9f2021-12-21 10:47:24.947root 11241100x8000000000000000427673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a0d02af3e33c7a12021-12-21 10:47:24.947root 11241100x8000000000000000427674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed070794268fa45f2021-12-21 10:47:24.947root 11241100x8000000000000000427675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c08c49fe1a8f3dd2021-12-21 10:47:24.947root 11241100x8000000000000000427676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c723b998558efdc82021-12-21 10:47:24.947root 11241100x8000000000000000427677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2489c8816955d5fa2021-12-21 10:47:24.947root 11241100x8000000000000000427678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb3263691bc3cfa2021-12-21 10:47:24.948root 11241100x8000000000000000427679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:24.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24cbb27aa7534aff2021-12-21 10:47:24.948root 354300x8000000000000000427680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.236{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-34666-false10.0.1.12-8089- 11241100x8000000000000000427681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f8faf35820377dd2021-12-21 10:47:25.237root 11241100x8000000000000000427682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1265ac92f98aae2021-12-21 10:47:25.237root 11241100x8000000000000000427683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b0e859cb934f73a2021-12-21 10:47:25.237root 11241100x8000000000000000427684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cac7a1cc6394fbe2021-12-21 10:47:25.237root 11241100x8000000000000000427685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cec8f8f5668dc392021-12-21 10:47:25.237root 11241100x8000000000000000427686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.044f41336540492a2021-12-21 10:47:25.237root 11241100x8000000000000000427687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.157112c83ed786162021-12-21 10:47:25.237root 11241100x8000000000000000427688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b571b9083b39af772021-12-21 10:47:25.237root 11241100x8000000000000000427689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b89a7e9654faa832021-12-21 10:47:25.237root 11241100x8000000000000000427690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65592c27572b444b2021-12-21 10:47:25.238root 11241100x8000000000000000427691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5810a8bdf17b64bc2021-12-21 10:47:25.238root 11241100x8000000000000000427692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c0644a065b7d002021-12-21 10:47:25.238root 11241100x8000000000000000427693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d2685d56525bfd2021-12-21 10:47:25.238root 11241100x8000000000000000427694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97c6e86040dd9492021-12-21 10:47:25.238root 11241100x8000000000000000427695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5349604ba1cf0962021-12-21 10:47:25.238root 11241100x8000000000000000427696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f2d15d9acf973b2021-12-21 10:47:25.238root 11241100x8000000000000000427697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e68ea5795debb4902021-12-21 10:47:25.239root 11241100x8000000000000000427698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4c90f223019e792021-12-21 10:47:25.239root 11241100x8000000000000000427699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9877126a70df972c2021-12-21 10:47:25.239root 11241100x8000000000000000427700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4480e113143e1f502021-12-21 10:47:25.239root 11241100x8000000000000000427701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4461aa22926967e72021-12-21 10:47:25.239root 11241100x8000000000000000427702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8373d96480ada272021-12-21 10:47:25.239root 11241100x8000000000000000427703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb986df9f1b7c672021-12-21 10:47:25.240root 11241100x8000000000000000427704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ac549023cd92672021-12-21 10:47:25.240root 11241100x8000000000000000427705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c4640983f8ce892021-12-21 10:47:25.240root 11241100x8000000000000000427706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f488c139f7b8a852021-12-21 10:47:25.240root 11241100x8000000000000000427707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.554d68c144bf40122021-12-21 10:47:25.240root 11241100x8000000000000000427708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64afd816511e8f932021-12-21 10:47:25.240root 11241100x8000000000000000427709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d5b63123c488c3e2021-12-21 10:47:25.241root 11241100x8000000000000000427710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6afa0f9584f19d522021-12-21 10:47:25.241root 11241100x8000000000000000427711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe38ec1032f56a8d2021-12-21 10:47:25.241root 11241100x8000000000000000427712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b7528e5d34abf92021-12-21 10:47:25.241root 11241100x8000000000000000427713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0304673d53276b422021-12-21 10:47:25.241root 11241100x8000000000000000427714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df29cff04852ed5c2021-12-21 10:47:25.241root 11241100x8000000000000000427715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d809dd75e70134d22021-12-21 10:47:25.241root 11241100x8000000000000000427716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f679f0f76cdfeb272021-12-21 10:47:25.241root 11241100x8000000000000000427717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6066b5e5dc3853d62021-12-21 10:47:25.241root 11241100x8000000000000000427718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c6f6d3ce0c6fd32021-12-21 10:47:25.241root 11241100x8000000000000000427719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b274586ec8a481c92021-12-21 10:47:25.241root 11241100x8000000000000000427720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f3e279c8bf8a2c2021-12-21 10:47:25.242root 11241100x8000000000000000427721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a61b6d7b08ca0eed2021-12-21 10:47:25.242root 11241100x8000000000000000427722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10daaeb59b4a58962021-12-21 10:47:25.242root 11241100x8000000000000000427723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3facb9026411f5182021-12-21 10:47:25.242root 11241100x8000000000000000427724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b15631fa32087682021-12-21 10:47:25.242root 11241100x8000000000000000427725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.008a9d4906f65e632021-12-21 10:47:25.242root 11241100x8000000000000000427726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5609083e921ae72021-12-21 10:47:25.242root 11241100x8000000000000000427727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6770d3988d0fd022021-12-21 10:47:25.242root 11241100x8000000000000000427728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad925fd128397a22021-12-21 10:47:25.242root 11241100x8000000000000000427729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea38e001a94d46e72021-12-21 10:47:25.243root 11241100x8000000000000000427730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.213c347b7b86f9a52021-12-21 10:47:25.243root 11241100x8000000000000000427731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.876dd053866c73ec2021-12-21 10:47:25.243root 11241100x8000000000000000427732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d79a13da02499ad2021-12-21 10:47:25.243root 11241100x8000000000000000427733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1c6b82e803d9a4e2021-12-21 10:47:25.243root 11241100x8000000000000000427734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33559a3056fba5372021-12-21 10:47:25.243root 11241100x8000000000000000427735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.552fd86dfa6d45a42021-12-21 10:47:25.243root 11241100x8000000000000000427736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f69f0e9402bae022021-12-21 10:47:25.243root 11241100x8000000000000000427737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.077aa3872be845662021-12-21 10:47:25.244root 11241100x8000000000000000427738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.401e29a7da1acb942021-12-21 10:47:25.244root 11241100x8000000000000000427739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b564f8f83f62b2a92021-12-21 10:47:25.244root 11241100x8000000000000000427740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.700636c35769b22f2021-12-21 10:47:25.244root 11241100x8000000000000000427741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92b8c760bfbf2eb02021-12-21 10:47:25.244root 11241100x8000000000000000427742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c4d79d1c9c61972021-12-21 10:47:25.245root 11241100x8000000000000000427743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a38a17024062812c2021-12-21 10:47:25.245root 11241100x8000000000000000427744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8f22918b431a6d2021-12-21 10:47:25.245root 11241100x8000000000000000427745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca3c002168b394282021-12-21 10:47:25.245root 11241100x8000000000000000427746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab5e5b621691bb7c2021-12-21 10:47:25.245root 11241100x8000000000000000427747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b428bc843b7d022021-12-21 10:47:25.245root 11241100x8000000000000000427748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27603efff295d8d22021-12-21 10:47:25.245root 11241100x8000000000000000427749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398fb1793d9bc3162021-12-21 10:47:25.245root 11241100x8000000000000000427750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b3d816272409c92021-12-21 10:47:25.245root 11241100x8000000000000000427751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f359259378e9f92021-12-21 10:47:25.245root 11241100x8000000000000000427752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2993d39e334c91572021-12-21 10:47:25.246root 11241100x8000000000000000427753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79219f314b54565c2021-12-21 10:47:25.694root 11241100x8000000000000000427754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.746abaf38fce94352021-12-21 10:47:25.695root 11241100x8000000000000000427755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb2edc56d977e4922021-12-21 10:47:25.695root 11241100x8000000000000000427756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f15e4f329019e2f2021-12-21 10:47:25.695root 11241100x8000000000000000427757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6caa1cdea9d407032021-12-21 10:47:25.695root 11241100x8000000000000000427758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.445b66d44126cf242021-12-21 10:47:25.696root 11241100x8000000000000000427759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b0d8619cd1e5db02021-12-21 10:47:25.696root 11241100x8000000000000000427760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57cfe9cca17ee8e42021-12-21 10:47:25.696root 11241100x8000000000000000427761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d22af161ec0df82021-12-21 10:47:25.696root 11241100x8000000000000000427762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef2ef9038ebdcbf2021-12-21 10:47:25.696root 11241100x8000000000000000427763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b81f244ebbd2132021-12-21 10:47:25.697root 11241100x8000000000000000427764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8076b8120e6519ef2021-12-21 10:47:25.697root 11241100x8000000000000000427765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.950213c21728419c2021-12-21 10:47:25.697root 11241100x8000000000000000427766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02cd7074b89f81682021-12-21 10:47:25.697root 11241100x8000000000000000427767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5025caa6842925492021-12-21 10:47:25.697root 11241100x8000000000000000427768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc8659feaa20d7d12021-12-21 10:47:25.698root 11241100x8000000000000000427769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d313a34dc862492021-12-21 10:47:25.698root 11241100x8000000000000000427770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f7d4baf5e9c6922021-12-21 10:47:25.698root 11241100x8000000000000000427771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c9fa10b26ed4bef2021-12-21 10:47:25.699root 11241100x8000000000000000427772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea4a4fc67f3feed72021-12-21 10:47:25.699root 11241100x8000000000000000427773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6246ef08c331e03f2021-12-21 10:47:25.699root 11241100x8000000000000000427774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5aa7956b3831dc82021-12-21 10:47:25.699root 11241100x8000000000000000427775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78375e56c8d93b5c2021-12-21 10:47:25.699root 11241100x8000000000000000427776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c4a3bb4c13ee4c52021-12-21 10:47:25.700root 11241100x8000000000000000427777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cca73b1d162cac32021-12-21 10:47:25.700root 11241100x8000000000000000427778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.359c182d7d9800062021-12-21 10:47:25.700root 11241100x8000000000000000427779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cce65d6a28b38622021-12-21 10:47:25.700root 11241100x8000000000000000427780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.124ae01457fc97512021-12-21 10:47:25.700root 11241100x8000000000000000427781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507799e009ccb7ff2021-12-21 10:47:25.701root 11241100x8000000000000000427782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f7b8d07d5f39bfd2021-12-21 10:47:25.701root 11241100x8000000000000000427783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c648433ebdda32182021-12-21 10:47:25.701root 11241100x8000000000000000427784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ace256ec6de90bb82021-12-21 10:47:25.701root 11241100x8000000000000000427785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca65c51ac9f905b2021-12-21 10:47:25.702root 11241100x8000000000000000427786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.744acb87a500ba522021-12-21 10:47:25.702root 11241100x8000000000000000427787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.027162e18670f0a32021-12-21 10:47:25.702root 11241100x8000000000000000427788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d206fcef0386aa432021-12-21 10:47:25.703root 11241100x8000000000000000427789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad40d5f413b6d5f12021-12-21 10:47:25.703root 11241100x8000000000000000427790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bb6278ba51a966e2021-12-21 10:47:25.703root 11241100x8000000000000000427791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f0f3dfad12f9c52021-12-21 10:47:25.703root 11241100x8000000000000000427792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85da091f56378d722021-12-21 10:47:25.703root 11241100x8000000000000000427793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.397c73ed0a5ba2e42021-12-21 10:47:25.703root 11241100x8000000000000000427794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49d9ee34a1d8731e2021-12-21 10:47:25.703root 11241100x8000000000000000427795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a099494671720082021-12-21 10:47:25.704root 11241100x8000000000000000427796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:25.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c34952efeb9835db2021-12-21 10:47:25.704root 11241100x8000000000000000427797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7015340c29c8aba2021-12-21 10:47:26.194root 11241100x8000000000000000427798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05d36ae1e4a0f75b2021-12-21 10:47:26.194root 11241100x8000000000000000427799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba7a4e7a23850d082021-12-21 10:47:26.195root 11241100x8000000000000000427800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.938edea34669a9d62021-12-21 10:47:26.195root 11241100x8000000000000000427801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff6406dbcbff7592021-12-21 10:47:26.195root 11241100x8000000000000000427802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.918ecd894c13edd52021-12-21 10:47:26.195root 11241100x8000000000000000427803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64afc9cebcd0d29a2021-12-21 10:47:26.196root 11241100x8000000000000000427804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f131f85d48618c2021-12-21 10:47:26.196root 11241100x8000000000000000427805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f11c64bd61cbd3e2021-12-21 10:47:26.196root 11241100x8000000000000000427806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a89ab310a087db0a2021-12-21 10:47:26.197root 11241100x8000000000000000427807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c24edacb3b21b32021-12-21 10:47:26.197root 11241100x8000000000000000427808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8d44a6a04b910e72021-12-21 10:47:26.197root 11241100x8000000000000000427809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b2f4ee5f1c729782021-12-21 10:47:26.199root 11241100x8000000000000000427810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c70fee4ccc67d2c2021-12-21 10:47:26.200root 11241100x8000000000000000427811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8614a865895f73342021-12-21 10:47:26.200root 11241100x8000000000000000427812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be48021b28b198962021-12-21 10:47:26.201root 11241100x8000000000000000427813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a44d3b13e4ca2252021-12-21 10:47:26.201root 11241100x8000000000000000427814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a351bbdf1a281b482021-12-21 10:47:26.201root 11241100x8000000000000000427815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4c25311c7836c62021-12-21 10:47:26.201root 11241100x8000000000000000427816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.942aeb5a119f80462021-12-21 10:47:26.201root 11241100x8000000000000000427817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c08ef34e185689672021-12-21 10:47:26.201root 11241100x8000000000000000427818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e0d5a9fa46d53c2021-12-21 10:47:26.202root 11241100x8000000000000000427819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489e7103ab0afac62021-12-21 10:47:26.202root 11241100x8000000000000000427820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c8224afb1460fa72021-12-21 10:47:26.202root 11241100x8000000000000000427821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c658196383b3ed72021-12-21 10:47:26.202root 11241100x8000000000000000427822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44e55b7e05ac52402021-12-21 10:47:26.202root 11241100x8000000000000000427823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc44d5876f7e7bb2021-12-21 10:47:26.202root 11241100x8000000000000000427824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99c358fc20149bf22021-12-21 10:47:26.202root 11241100x8000000000000000427825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1197ae886a1eef672021-12-21 10:47:26.202root 11241100x8000000000000000427826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b542c668344632962021-12-21 10:47:26.202root 11241100x8000000000000000427827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9457d5fc256aa9c72021-12-21 10:47:26.203root 11241100x8000000000000000427828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d5bfe1b5257112d2021-12-21 10:47:26.203root 11241100x8000000000000000427829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecc24feaf9fa0c042021-12-21 10:47:26.204root 11241100x8000000000000000427830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.530029c7f5bbc5592021-12-21 10:47:26.204root 11241100x8000000000000000427831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb606ebdb5f36fdc2021-12-21 10:47:26.208root 11241100x8000000000000000427832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46081d9719a9ba22021-12-21 10:47:26.208root 11241100x8000000000000000427833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b9b699082efefd22021-12-21 10:47:26.208root 11241100x8000000000000000427834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c76fc8b21688d22021-12-21 10:47:26.208root 11241100x8000000000000000427835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c4a5bea79f9e322021-12-21 10:47:26.208root 11241100x8000000000000000427836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc7572bcbe4ca7b72021-12-21 10:47:26.208root 11241100x8000000000000000427837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9663630def04e3b62021-12-21 10:47:26.208root 11241100x8000000000000000427838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b56e39f6370251992021-12-21 10:47:26.208root 11241100x8000000000000000427839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dae0a901282daf42021-12-21 10:47:26.209root 11241100x8000000000000000427840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a2af34a9f4af7242021-12-21 10:47:26.209root 11241100x8000000000000000427841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f758d41738e9442021-12-21 10:47:26.694root 11241100x8000000000000000427842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f86a742b701e3642021-12-21 10:47:26.694root 11241100x8000000000000000427843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbeeaabf30e9d78d2021-12-21 10:47:26.694root 11241100x8000000000000000427844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e534f39016b76c5d2021-12-21 10:47:26.694root 11241100x8000000000000000427845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1034eadd18f2a5542021-12-21 10:47:26.695root 11241100x8000000000000000427846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d7498da3382a7b2021-12-21 10:47:26.695root 11241100x8000000000000000427847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0b1391112995e902021-12-21 10:47:26.695root 11241100x8000000000000000427848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65113d82cb785ac22021-12-21 10:47:26.695root 11241100x8000000000000000427849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22085e8ad9432b032021-12-21 10:47:26.695root 11241100x8000000000000000427850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b34158a3f9249202021-12-21 10:47:26.695root 11241100x8000000000000000427851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c3edaee293a4e862021-12-21 10:47:26.695root 11241100x8000000000000000427852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57aa7b43ba34b3e32021-12-21 10:47:26.695root 11241100x8000000000000000427853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fc56718893214ab2021-12-21 10:47:26.696root 11241100x8000000000000000427854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.993581801ff09b182021-12-21 10:47:26.696root 11241100x8000000000000000427855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff3944e205573442021-12-21 10:47:26.696root 11241100x8000000000000000427856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e02276570f33ac2021-12-21 10:47:26.696root 11241100x8000000000000000427857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0919326ccc50a3f82021-12-21 10:47:26.696root 11241100x8000000000000000427858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eba41806c0ba23172021-12-21 10:47:26.696root 11241100x8000000000000000427859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9eebc4d03efb4e72021-12-21 10:47:26.696root 11241100x8000000000000000427860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b163bd8669a3396a2021-12-21 10:47:26.696root 11241100x8000000000000000427861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3bd87a0adc9fcdd2021-12-21 10:47:26.697root 11241100x8000000000000000427862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a6d4eaba49dcca2021-12-21 10:47:26.697root 11241100x8000000000000000427863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12274d55a268ea52021-12-21 10:47:26.697root 11241100x8000000000000000427864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.547d6883453e97ee2021-12-21 10:47:26.697root 11241100x8000000000000000427865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e4573977ac941442021-12-21 10:47:26.697root 11241100x8000000000000000427866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf332e4e8e1b7dd2021-12-21 10:47:26.697root 11241100x8000000000000000427867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e28058e3c6514f2021-12-21 10:47:26.697root 11241100x8000000000000000427868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52f1b8cf98b8cfe82021-12-21 10:47:26.697root 11241100x8000000000000000427869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce2913aac28d63f2021-12-21 10:47:26.697root 11241100x8000000000000000427870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a8db1d7726a818e2021-12-21 10:47:26.698root 11241100x8000000000000000427871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0729170c2b1446522021-12-21 10:47:26.698root 11241100x8000000000000000427872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e78919dd90201a2021-12-21 10:47:26.698root 11241100x8000000000000000427873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcd8a461c849c2582021-12-21 10:47:26.698root 11241100x8000000000000000427874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd0c489312f756e2021-12-21 10:47:26.698root 11241100x8000000000000000427875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d983f9946bb286f2021-12-21 10:47:26.698root 11241100x8000000000000000427876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f8c591f646312a2021-12-21 10:47:26.699root 11241100x8000000000000000427877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53a33b4c1e6f28d62021-12-21 10:47:26.699root 11241100x8000000000000000427878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d63ca2ed8d38a292021-12-21 10:47:26.699root 11241100x8000000000000000427879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.280f55f7ff004a832021-12-21 10:47:26.699root 11241100x8000000000000000427880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f43c8f51ee1dd32021-12-21 10:47:26.699root 11241100x8000000000000000427881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f763142cd39a7932021-12-21 10:47:26.700root 11241100x8000000000000000427882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99bfcd772564363a2021-12-21 10:47:26.700root 11241100x8000000000000000427883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb699bb019066ab2021-12-21 10:47:26.700root 11241100x8000000000000000427884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:26.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5eaf56e1517efdd2021-12-21 10:47:26.701root 354300x8000000000000000427885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.026{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47604-false10.0.1.12-8000- 11241100x8000000000000000427886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.027{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626eeffdf34002b32021-12-21 10:47:27.027root 11241100x8000000000000000427887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.027{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd21c53cceefef72021-12-21 10:47:27.027root 11241100x8000000000000000427888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.027{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c210e37bea13c9b2021-12-21 10:47:27.027root 11241100x8000000000000000427889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.027{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd192ef6ae929ece2021-12-21 10:47:27.027root 11241100x8000000000000000427890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.027{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.009e8d416250c35b2021-12-21 10:47:27.027root 11241100x8000000000000000427891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.027{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f9de9dcd0714f72021-12-21 10:47:27.027root 11241100x8000000000000000427892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.028{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.340f890d5227bb052021-12-21 10:47:27.028root 11241100x8000000000000000427893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.028{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be58435f24c343a62021-12-21 10:47:27.028root 11241100x8000000000000000427894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.028{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.549b881bb245ee822021-12-21 10:47:27.028root 11241100x8000000000000000427895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.028{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b4c9718f5e186e2021-12-21 10:47:27.028root 11241100x8000000000000000427896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.028{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e839ce513472bf7e2021-12-21 10:47:27.028root 11241100x8000000000000000427897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.029{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3224fdf68da79bb02021-12-21 10:47:27.029root 11241100x8000000000000000427898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.029{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c984cd7992a2122021-12-21 10:47:27.029root 11241100x8000000000000000427899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.029{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.966e915795d8c2b92021-12-21 10:47:27.029root 11241100x8000000000000000427900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.029{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.511262db2cf9b6412021-12-21 10:47:27.029root 11241100x8000000000000000427901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.029{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.179b27dd291e52022021-12-21 10:47:27.029root 11241100x8000000000000000427902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.029{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10200e46b35a11952021-12-21 10:47:27.029root 11241100x8000000000000000427903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.029{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2183b93d69db98542021-12-21 10:47:27.029root 11241100x8000000000000000427904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.030{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.906bb393b7c94bb72021-12-21 10:47:27.030root 11241100x8000000000000000427905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.030{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7ceb66af24ae7472021-12-21 10:47:27.030root 11241100x8000000000000000427906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.030{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1007e30ac63cd8772021-12-21 10:47:27.030root 11241100x8000000000000000427907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.030{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbf7acd547c8a8f32021-12-21 10:47:27.030root 11241100x8000000000000000427908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.030{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2632d34556f52462021-12-21 10:47:27.030root 11241100x8000000000000000427909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.031{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d990a941a251f602021-12-21 10:47:27.031root 11241100x8000000000000000427910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.031{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87cbcc4a153054af2021-12-21 10:47:27.031root 11241100x8000000000000000427911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.031{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44412eb5884cbae52021-12-21 10:47:27.031root 11241100x8000000000000000427912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.031{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddfeee7d625b64312021-12-21 10:47:27.031root 11241100x8000000000000000427913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.031{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ea2c0340dae1882021-12-21 10:47:27.031root 11241100x8000000000000000427914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.032{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8b572826bcbfe432021-12-21 10:47:27.032root 11241100x8000000000000000427915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.032{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9752bbff3de20612021-12-21 10:47:27.032root 11241100x8000000000000000427916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.032{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2922ada271d4c422021-12-21 10:47:27.032root 11241100x8000000000000000427917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.032{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9884d2bbabcfbb0d2021-12-21 10:47:27.032root 11241100x8000000000000000427918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.032{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb912726020ebfe42021-12-21 10:47:27.032root 11241100x8000000000000000427919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.032{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31f190b585b91a882021-12-21 10:47:27.032root 11241100x8000000000000000427920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.032{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63e124e6b284f6432021-12-21 10:47:27.032root 11241100x8000000000000000427921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.032{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.671bb7ff08708e9f2021-12-21 10:47:27.032root 11241100x8000000000000000427922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.032{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.957d0da39824b1532021-12-21 10:47:27.032root 11241100x8000000000000000427923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.032{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eadabb75c59cee92021-12-21 10:47:27.032root 11241100x8000000000000000427924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.033{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be583b5b87d05ef2021-12-21 10:47:27.033root 11241100x8000000000000000427925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.033{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b622159ee92cc0362021-12-21 10:47:27.033root 11241100x8000000000000000427926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.033{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0125a8c1bedd3612021-12-21 10:47:27.033root 11241100x8000000000000000427927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.033{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ffff86e7378d85e2021-12-21 10:47:27.033root 11241100x8000000000000000427928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.033{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f3963bb553458852021-12-21 10:47:27.033root 11241100x8000000000000000427929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.033{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d4a314645bd0b662021-12-21 10:47:27.033root 11241100x8000000000000000427930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.033{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db36c81390858272021-12-21 10:47:27.033root 11241100x8000000000000000427931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.033{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ea4f369704c89c2021-12-21 10:47:27.033root 11241100x8000000000000000427932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.033{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d0c0e226186ef32021-12-21 10:47:27.033root 11241100x8000000000000000427933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.033{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bf1035c7004a9112021-12-21 10:47:27.033root 11241100x8000000000000000427934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.033{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c39f88e79bbad4b2021-12-21 10:47:27.033root 11241100x8000000000000000427935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.034{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f624bdf34b39effb2021-12-21 10:47:27.034root 11241100x8000000000000000427936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.034{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d7d422f35db710e2021-12-21 10:47:27.034root 11241100x8000000000000000427937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.034{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267b259b2e260f2e2021-12-21 10:47:27.034root 11241100x8000000000000000427938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.034{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8515036162d5a2ad2021-12-21 10:47:27.034root 11241100x8000000000000000427939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.034{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc42f5ac451150c2021-12-21 10:47:27.034root 11241100x8000000000000000427940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.034{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d6815b8082ac8442021-12-21 10:47:27.034root 11241100x8000000000000000427941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.034{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b157caeb589b342021-12-21 10:47:27.034root 11241100x8000000000000000427942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.034{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f9d6a33c6f4b262021-12-21 10:47:27.034root 11241100x8000000000000000427943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.034{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc93ce701bcb8fae2021-12-21 10:47:27.034root 11241100x8000000000000000427944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.034{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f273b853bdb47f2021-12-21 10:47:27.034root 11241100x8000000000000000427945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.034{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff92a7818a8f65752021-12-21 10:47:27.034root 11241100x8000000000000000427946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.035{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38e84404343390882021-12-21 10:47:27.035root 11241100x8000000000000000427947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.035{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8753ac6ff13a0d12021-12-21 10:47:27.035root 11241100x8000000000000000427948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.035{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e75ed60a57dc3c22021-12-21 10:47:27.035root 11241100x8000000000000000427949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.035{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51533a0af8e1c8d82021-12-21 10:47:27.035root 11241100x8000000000000000427950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.035{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a81968cae29f192021-12-21 10:47:27.035root 11241100x8000000000000000427951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.036{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bce18dfe3f8d9322021-12-21 10:47:27.036root 11241100x8000000000000000427952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.036{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.878b089dbfac9df12021-12-21 10:47:27.036root 11241100x8000000000000000427953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.036{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac54c110b1248cf82021-12-21 10:47:27.036root 11241100x8000000000000000427954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.036{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe81236ab2253b12021-12-21 10:47:27.036root 11241100x8000000000000000427955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.036{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f02c6fd44eb1dc572021-12-21 10:47:27.036root 11241100x8000000000000000427956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.036{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5753feb01b7d2042021-12-21 10:47:27.036root 11241100x8000000000000000427957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.037{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e42167d17463d862021-12-21 10:47:27.037root 11241100x8000000000000000427958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.037{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9b6c9b999e062802021-12-21 10:47:27.037root 11241100x8000000000000000427959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.037{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9869b8f11fd007782021-12-21 10:47:27.037root 11241100x8000000000000000427960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.037{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ed0f7d97d82b3082021-12-21 10:47:27.037root 11241100x8000000000000000427961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.037{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e406ae4e2ff0b242021-12-21 10:47:27.037root 11241100x8000000000000000427962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.037{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a61dd9fe74a22f4f2021-12-21 10:47:27.037root 11241100x8000000000000000427963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.037{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c7d817d62297542021-12-21 10:47:27.037root 11241100x8000000000000000427964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.037{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6724d9f5a55bf37c2021-12-21 10:47:27.037root 11241100x8000000000000000427965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.037{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25bb65f0f5da6f22021-12-21 10:47:27.037root 11241100x8000000000000000427966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.037{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.babc0efef0ab3b9d2021-12-21 10:47:27.037root 11241100x8000000000000000427967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.038{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43722941331ed4282021-12-21 10:47:27.038root 11241100x8000000000000000427968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.038{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae56138dce291cf62021-12-21 10:47:27.038root 11241100x8000000000000000427969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871421b999124de32021-12-21 10:47:27.443root 11241100x8000000000000000427970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd14513f7b61a1ce2021-12-21 10:47:27.443root 11241100x8000000000000000427971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3703db9de3a1b542021-12-21 10:47:27.444root 11241100x8000000000000000427972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98549817c7def3132021-12-21 10:47:27.444root 11241100x8000000000000000427973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d159bdb74d0e97d92021-12-21 10:47:27.444root 11241100x8000000000000000427974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a48ab80301f80f2021-12-21 10:47:27.444root 11241100x8000000000000000427975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bc7d0504a73bc832021-12-21 10:47:27.444root 11241100x8000000000000000427976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4f2eecdb40ccd212021-12-21 10:47:27.444root 11241100x8000000000000000427977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.904ac9d76d8317c92021-12-21 10:47:27.444root 11241100x8000000000000000427978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c7c57b4afe1258c2021-12-21 10:47:27.444root 11241100x8000000000000000427979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73576e28a23ed8752021-12-21 10:47:27.444root 11241100x8000000000000000427980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ccb0fc5d699b8db2021-12-21 10:47:27.444root 11241100x8000000000000000427981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d54d3b056cc335482021-12-21 10:47:27.444root 11241100x8000000000000000427982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f489cb8b848b0922021-12-21 10:47:27.445root 11241100x8000000000000000427983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4181eb3c6bf03db22021-12-21 10:47:27.445root 11241100x8000000000000000427984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f1152aa0dbb4b082021-12-21 10:47:27.445root 11241100x8000000000000000427985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29ce2857d4b0b50c2021-12-21 10:47:27.445root 11241100x8000000000000000427986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45bcdec4c7dacc332021-12-21 10:47:27.445root 11241100x8000000000000000427987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73eb2ce886a5a5182021-12-21 10:47:27.445root 11241100x8000000000000000427988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.208e0214b7452ce12021-12-21 10:47:27.445root 11241100x8000000000000000427989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ed2920ca0b392d2021-12-21 10:47:27.445root 11241100x8000000000000000427990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65ddb3a8fd46b4932021-12-21 10:47:27.446root 11241100x8000000000000000427991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be5089ea0f1eb34f2021-12-21 10:47:27.446root 11241100x8000000000000000427992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0c8f924dc4a3df72021-12-21 10:47:27.446root 11241100x8000000000000000427993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c3e2e054e0e86dd2021-12-21 10:47:27.446root 11241100x8000000000000000427994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.652d8b5d42eba37a2021-12-21 10:47:27.446root 11241100x8000000000000000427995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5308c0b06843cf432021-12-21 10:47:27.446root 11241100x8000000000000000427996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181aa9d9d2ccd4ab2021-12-21 10:47:27.447root 11241100x8000000000000000427997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6fe67b028fe7a592021-12-21 10:47:27.447root 11241100x8000000000000000427998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e05804e20c946762021-12-21 10:47:27.447root 11241100x8000000000000000427999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.175805f994cb94ed2021-12-21 10:47:27.447root 11241100x8000000000000000428000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b0d8de981bcb122021-12-21 10:47:27.447root 11241100x8000000000000000428001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce01b0bb6607f36a2021-12-21 10:47:27.447root 11241100x8000000000000000428002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37276ff8d1de77df2021-12-21 10:47:27.447root 11241100x8000000000000000428003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2a5a55ae4d34d02021-12-21 10:47:27.447root 11241100x8000000000000000428004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0431fe769a65922021-12-21 10:47:27.448root 11241100x8000000000000000428005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.340b0489ba1ffb7b2021-12-21 10:47:27.448root 11241100x8000000000000000428006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.531f9a774aba76db2021-12-21 10:47:27.448root 11241100x8000000000000000428007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e83a180344e487ca2021-12-21 10:47:27.448root 11241100x8000000000000000428008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9405660300454c502021-12-21 10:47:27.448root 11241100x8000000000000000428009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833fe9a4118531fb2021-12-21 10:47:27.449root 11241100x8000000000000000428010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1007c8287a9f3cc92021-12-21 10:47:27.449root 11241100x8000000000000000428011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1efbdb322bfe1ec82021-12-21 10:47:27.449root 11241100x8000000000000000428012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1517291ba298012021-12-21 10:47:27.449root 11241100x8000000000000000428013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57348bd146b8ea152021-12-21 10:47:27.450root 11241100x8000000000000000428014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf37a41d52acd292021-12-21 10:47:27.450root 11241100x8000000000000000428015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc9ad19b67392cc2021-12-21 10:47:27.450root 11241100x8000000000000000428016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.864a807527a77d712021-12-21 10:47:27.450root 11241100x8000000000000000428017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dedd6632c4c9f2b22021-12-21 10:47:27.451root 11241100x8000000000000000428018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7e4f51be55870d52021-12-21 10:47:27.451root 11241100x8000000000000000428019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.492cbd62b96782462021-12-21 10:47:27.451root 11241100x8000000000000000428020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3477d8ae076aed012021-12-21 10:47:27.451root 11241100x8000000000000000428021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff641474b504589d2021-12-21 10:47:27.451root 11241100x8000000000000000428022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2256b5f8e41d7a9d2021-12-21 10:47:27.452root 11241100x8000000000000000428023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f0b60aec4cebd922021-12-21 10:47:27.452root 11241100x8000000000000000428024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.307e1ab2c1d66e912021-12-21 10:47:27.452root 11241100x8000000000000000428025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.795db0cc33365e092021-12-21 10:47:27.452root 11241100x8000000000000000428026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b2e6a128d902dd92021-12-21 10:47:27.452root 11241100x8000000000000000428027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b8ebb1330b506d92021-12-21 10:47:27.452root 11241100x8000000000000000428028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c7213ce8a96c1b2021-12-21 10:47:27.453root 11241100x8000000000000000428029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0968456aa584d532021-12-21 10:47:27.454root 11241100x8000000000000000428030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36be576054f4395f2021-12-21 10:47:27.454root 11241100x8000000000000000428031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdbdcb00257a151c2021-12-21 10:47:27.454root 11241100x8000000000000000428032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5999e37d9c6e33e2021-12-21 10:47:27.455root 11241100x8000000000000000428033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ca8809a3b2b48a2021-12-21 10:47:27.943root 11241100x8000000000000000428034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85956081e8e360ee2021-12-21 10:47:27.943root 11241100x8000000000000000428035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10e6f18909aeeab32021-12-21 10:47:27.944root 11241100x8000000000000000428036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa9e44dcb61456312021-12-21 10:47:27.944root 11241100x8000000000000000428037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f362a4e5552b74f02021-12-21 10:47:27.944root 11241100x8000000000000000428038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.584938a8cc4792c42021-12-21 10:47:27.944root 11241100x8000000000000000428039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de0a5e4e4cac3d872021-12-21 10:47:27.944root 11241100x8000000000000000428040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6821bd6cbd6d8972021-12-21 10:47:27.944root 11241100x8000000000000000428041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca403705b40afdf2021-12-21 10:47:27.945root 11241100x8000000000000000428042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe544cc675035ab2021-12-21 10:47:27.945root 11241100x8000000000000000428043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52c7529f382299c52021-12-21 10:47:27.945root 11241100x8000000000000000428044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca90922c8cb013c2021-12-21 10:47:27.945root 11241100x8000000000000000428045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.956f0091ea8d89902021-12-21 10:47:27.945root 11241100x8000000000000000428046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.297764635ad1e28d2021-12-21 10:47:27.945root 11241100x8000000000000000428047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86aba635f300dbc62021-12-21 10:47:27.946root 11241100x8000000000000000428048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb97f3e805c9b75c2021-12-21 10:47:27.946root 11241100x8000000000000000428049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e6ed02668cd2bbe2021-12-21 10:47:27.946root 11241100x8000000000000000428050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.780a6d2d50c181542021-12-21 10:47:27.946root 11241100x8000000000000000428051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce1fec26c3b2c2e2021-12-21 10:47:27.946root 11241100x8000000000000000428052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc52bb36fa86b54c2021-12-21 10:47:27.946root 11241100x8000000000000000428053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d77ac94945c61ba32021-12-21 10:47:27.946root 11241100x8000000000000000428054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128da71f869dabc12021-12-21 10:47:27.946root 11241100x8000000000000000428055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a4b18e014fff03d2021-12-21 10:47:27.946root 11241100x8000000000000000428056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a77c17a56505ea232021-12-21 10:47:27.946root 11241100x8000000000000000428057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.959a59964e6623912021-12-21 10:47:27.947root 11241100x8000000000000000428058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c55e965fd01cd82021-12-21 10:47:27.947root 11241100x8000000000000000428059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f160792a356c9ec12021-12-21 10:47:27.947root 11241100x8000000000000000428060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a4188b97e6e6f4d2021-12-21 10:47:27.947root 11241100x8000000000000000428061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a01747ad748b8dd2021-12-21 10:47:27.947root 11241100x8000000000000000428062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dbd69cd4bfc70262021-12-21 10:47:27.947root 11241100x8000000000000000428063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de4328c8adea29fd2021-12-21 10:47:27.947root 11241100x8000000000000000428064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ba6182637613712021-12-21 10:47:27.947root 11241100x8000000000000000428065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c67f6eb0e655f19b2021-12-21 10:47:27.947root 11241100x8000000000000000428066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef26c456e00bec132021-12-21 10:47:27.947root 11241100x8000000000000000428067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38ad7f527a2a38ac2021-12-21 10:47:27.947root 11241100x8000000000000000428068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d71179cf39914cd92021-12-21 10:47:27.949root 11241100x8000000000000000428069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.574accec5ac9a33e2021-12-21 10:47:27.949root 11241100x8000000000000000428070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76a5bb70ae60cfd32021-12-21 10:47:27.949root 11241100x8000000000000000428071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f4f1f07dda85272021-12-21 10:47:27.949root 11241100x8000000000000000428072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4143e226c693b782021-12-21 10:47:27.949root 11241100x8000000000000000428073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4843c0369224da2021-12-21 10:47:27.949root 11241100x8000000000000000428074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea161491308772d2021-12-21 10:47:27.949root 11241100x8000000000000000428075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a38eafe5ea65762021-12-21 10:47:27.950root 11241100x8000000000000000428076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1152aa5533d7ec962021-12-21 10:47:27.950root 11241100x8000000000000000428077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ddc8012902b0d82021-12-21 10:47:27.950root 11241100x8000000000000000428078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ba4578c4dcee672021-12-21 10:47:27.950root 11241100x8000000000000000428079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10d3811205f69b32021-12-21 10:47:27.950root 11241100x8000000000000000428080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4663868ddb54226e2021-12-21 10:47:27.950root 11241100x8000000000000000428081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eae3d687d0732752021-12-21 10:47:27.950root 11241100x8000000000000000428082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46c3659bfd68d2322021-12-21 10:47:27.951root 11241100x8000000000000000428083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad1c4f3cd4d7255c2021-12-21 10:47:27.951root 11241100x8000000000000000428084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b13fb6066f6bff2021-12-21 10:47:27.951root 11241100x8000000000000000428085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83c491c5cfb783492021-12-21 10:47:27.951root 11241100x8000000000000000428086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0b20c98d61462352021-12-21 10:47:27.951root 11241100x8000000000000000428087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8f2614266fc93ea2021-12-21 10:47:27.951root 11241100x8000000000000000428088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:27.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b62d5fe565cc042021-12-21 10:47:27.952root 11241100x8000000000000000428089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.427262eb3e89ecc82021-12-21 10:47:28.443root 11241100x8000000000000000428090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.262e1d1fd14fac932021-12-21 10:47:28.444root 11241100x8000000000000000428091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f05e6724dfde64362021-12-21 10:47:28.444root 11241100x8000000000000000428092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f56c931d6a10bec42021-12-21 10:47:28.444root 11241100x8000000000000000428093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0426db6f00f9de22021-12-21 10:47:28.444root 11241100x8000000000000000428094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c9a39a0660e415b2021-12-21 10:47:28.444root 11241100x8000000000000000428095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8368287daef7f80f2021-12-21 10:47:28.444root 11241100x8000000000000000428096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7b2be9b312058b2021-12-21 10:47:28.445root 11241100x8000000000000000428097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22051464644bc1922021-12-21 10:47:28.445root 11241100x8000000000000000428098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91384c00a805e9842021-12-21 10:47:28.445root 11241100x8000000000000000428099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac544c0c99355a52021-12-21 10:47:28.445root 11241100x8000000000000000428100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.853464510fa0fd722021-12-21 10:47:28.445root 11241100x8000000000000000428101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68cd2b656a16a2e92021-12-21 10:47:28.445root 11241100x8000000000000000428102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c92c6e89a9f930582021-12-21 10:47:28.445root 11241100x8000000000000000428103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c1c65aa1fb3e5f2021-12-21 10:47:28.445root 11241100x8000000000000000428104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b57eb1f2973e66f2021-12-21 10:47:28.445root 11241100x8000000000000000428105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.766f4124a50918252021-12-21 10:47:28.446root 11241100x8000000000000000428106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba849dff392a15642021-12-21 10:47:28.446root 11241100x8000000000000000428107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6dfe9ff2b9b93212021-12-21 10:47:28.446root 11241100x8000000000000000428108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467c43aa8c932c3a2021-12-21 10:47:28.446root 11241100x8000000000000000428109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee015eb1c1ab05872021-12-21 10:47:28.446root 11241100x8000000000000000428110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115edf320249e3842021-12-21 10:47:28.446root 11241100x8000000000000000428111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b17acf7dd0f91d2021-12-21 10:47:28.446root 11241100x8000000000000000428112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af4b87d16d77c572021-12-21 10:47:28.446root 11241100x8000000000000000428113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f82322e37c22b22021-12-21 10:47:28.447root 11241100x8000000000000000428114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd8a936a454a0d62021-12-21 10:47:28.447root 11241100x8000000000000000428115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec6b41a5ec499dc2021-12-21 10:47:28.447root 11241100x8000000000000000428116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.207a2005285504152021-12-21 10:47:28.447root 11241100x8000000000000000428117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290ddf29187f74f62021-12-21 10:47:28.447root 11241100x8000000000000000428118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa87b2aba2a7c68e2021-12-21 10:47:28.447root 11241100x8000000000000000428119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f76afc26fddb6012021-12-21 10:47:28.447root 11241100x8000000000000000428120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92175b6166e02a992021-12-21 10:47:28.447root 11241100x8000000000000000428121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c27eb892b8e708302021-12-21 10:47:28.447root 11241100x8000000000000000428122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa92bf6d6a2fd4a2021-12-21 10:47:28.448root 11241100x8000000000000000428123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24f57c3a6af8eac42021-12-21 10:47:28.448root 11241100x8000000000000000428124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b91d40d92eeb2fe92021-12-21 10:47:28.448root 11241100x8000000000000000428125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.967ca4ed0e8bc7472021-12-21 10:47:28.448root 11241100x8000000000000000428126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e63ee99fd3d8d51a2021-12-21 10:47:28.448root 11241100x8000000000000000428127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.846f42c10cbd8dc02021-12-21 10:47:28.448root 11241100x8000000000000000428128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59026a07425c63082021-12-21 10:47:28.448root 11241100x8000000000000000428129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8efc66c4028c9902021-12-21 10:47:28.448root 11241100x8000000000000000428130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88150a2aac7a4a4a2021-12-21 10:47:28.448root 11241100x8000000000000000428131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9a95a62d728deda2021-12-21 10:47:28.448root 11241100x8000000000000000428132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb12452f3cb9c1c2021-12-21 10:47:28.448root 11241100x8000000000000000428133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c07fe3813c0aca72021-12-21 10:47:28.448root 11241100x8000000000000000428134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3eee3ab1f3a67532021-12-21 10:47:28.448root 11241100x8000000000000000428135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dca6f8fa8c693c582021-12-21 10:47:28.448root 11241100x8000000000000000428136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92fec2f9b8baa0a82021-12-21 10:47:28.449root 11241100x8000000000000000428137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea0ab8171d9d35c82021-12-21 10:47:28.449root 11241100x8000000000000000428138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c65e9a4d3ac27f2021-12-21 10:47:28.449root 11241100x8000000000000000428139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29012151d65664ab2021-12-21 10:47:28.449root 11241100x8000000000000000428140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ec2e8a7f4eefe3b2021-12-21 10:47:28.449root 11241100x8000000000000000428141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.315452c1a4438d812021-12-21 10:47:28.449root 11241100x8000000000000000428142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.509f67512ff110be2021-12-21 10:47:28.449root 11241100x8000000000000000428143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb7172608e435fe52021-12-21 10:47:28.449root 11241100x8000000000000000428144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f6c32f385686a592021-12-21 10:47:28.449root 11241100x8000000000000000428145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b491b92e9dc147a72021-12-21 10:47:28.449root 11241100x8000000000000000428146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de4b8ab1d7accb42021-12-21 10:47:28.449root 11241100x8000000000000000428147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5aa54407715593d2021-12-21 10:47:28.449root 11241100x8000000000000000428148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e982df6c36e3ae62021-12-21 10:47:28.449root 11241100x8000000000000000428149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d87aadfe83eeba072021-12-21 10:47:28.449root 11241100x8000000000000000428150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab0ca98d365c1d32021-12-21 10:47:28.450root 11241100x8000000000000000428151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39f167d4987a58152021-12-21 10:47:28.450root 11241100x8000000000000000428152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c709945409288232021-12-21 10:47:28.450root 11241100x8000000000000000428153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50529529f700ef7a2021-12-21 10:47:28.450root 11241100x8000000000000000428154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a1f5b3635ea30eb2021-12-21 10:47:28.450root 11241100x8000000000000000428155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628fa34b1968e8ec2021-12-21 10:47:28.451root 11241100x8000000000000000428156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.383d9e9b808ee9962021-12-21 10:47:28.451root 11241100x8000000000000000428157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80715076838b983e2021-12-21 10:47:28.451root 11241100x8000000000000000428158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2251277e30ec6e9c2021-12-21 10:47:28.451root 11241100x8000000000000000428159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e1b9a0edb6735c2021-12-21 10:47:28.451root 11241100x8000000000000000428160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d7a93afcf2038c2021-12-21 10:47:28.451root 11241100x8000000000000000428161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4b63a94609727d2021-12-21 10:47:28.451root 11241100x8000000000000000428162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d8ad04c00446a02021-12-21 10:47:28.452root 154100x8000000000000000428163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.924{ec2b6afe-b0c0-61c1-08be-f7a0e7550000}9789/usr/bin/sudo-----sudo ./run_mod.sh/home/ubuntuubuntu{ec2b6afe-aacb-61c1-e803-000000000000}10006no level-{ec2b6afe-aacb-61c1-0834-fdd63c560000}5677/bin/bash-bashubuntu 11241100x8000000000000000428164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.925{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65e30f0173c726a92021-12-21 10:47:28.925root 11241100x8000000000000000428165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.925{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d3c2f670bb08282021-12-21 10:47:28.925root 11241100x8000000000000000428166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.926{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33b9484bd3f2daa42021-12-21 10:47:28.926root 11241100x8000000000000000428167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.926{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e93872bf87af301b2021-12-21 10:47:28.926root 11241100x8000000000000000428168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.926{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.045b878f5a38fd1d2021-12-21 10:47:28.926root 11241100x8000000000000000428169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.926{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd34b280c770a452021-12-21 10:47:28.926root 11241100x8000000000000000428170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.926{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.516192404aa2eb0a2021-12-21 10:47:28.926root 11241100x8000000000000000428171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.926{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.669dd7d9c6b3b6412021-12-21 10:47:28.926root 11241100x8000000000000000428172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.927{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d16ebff8d97304322021-12-21 10:47:28.927root 11241100x8000000000000000428173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:28.927{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7eee7da5a671e8b2021-12-21 10:47:28.927root 11241100x8000000000000000428255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:36.341{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 10:47:36.341root 154100x8000000000000000428256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:36.355{ec2b6afe-b0c8-61c1-6834-23fb15560000}9797/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 534500x8000000000000000428257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:36.365{ec2b6afe-b0c8-61c1-6834-23fb15560000}9797/bin/psroot 11241100x8000000000000000428258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:36.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e1ee3aa05b7e942021-12-21 10:47:36.692root 11241100x8000000000000000428259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac360be2aae2c6802021-12-21 10:47:36.693root 11241100x8000000000000000428260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99ff9be09daeb652021-12-21 10:47:36.693root 11241100x8000000000000000428261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:37.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfa3de99f48bb02e2021-12-21 10:47:37.192root 11241100x8000000000000000428262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d08ab978958d18a82021-12-21 10:47:37.193root 11241100x8000000000000000428263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85bb619e7b71233d2021-12-21 10:47:37.193root 354300x8000000000000000428264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:37.252{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47608-false10.0.1.12-8000- 11241100x8000000000000000428265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:37.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d65a448204d8f7092021-12-21 10:47:37.692root 11241100x8000000000000000428266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da463f6c2b3fe6252021-12-21 10:47:37.693root 11241100x8000000000000000428267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50acba438b2a2dc82021-12-21 10:47:37.693root 11241100x8000000000000000428268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcda99cb5e2899542021-12-21 10:47:37.693root 11241100x8000000000000000428269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:38.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb224c3700d580812021-12-21 10:47:38.192root 11241100x8000000000000000428270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da3326212ac1d0a2021-12-21 10:47:38.193root 11241100x8000000000000000428271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d07caad8fca05912021-12-21 10:47:38.193root 11241100x8000000000000000428272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f42712a07d63ac12021-12-21 10:47:38.193root 11241100x8000000000000000428273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81bcd5c02faccaf22021-12-21 10:47:38.693root 11241100x8000000000000000428274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee915a928edd6ec92021-12-21 10:47:38.693root 11241100x8000000000000000428275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c1513cd40068b7a2021-12-21 10:47:38.693root 11241100x8000000000000000428276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d29685c1da5ec7aa2021-12-21 10:47:38.693root 11241100x8000000000000000428277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:39.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9e5ab51ad44cb3a2021-12-21 10:47:39.192root 11241100x8000000000000000428278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5dc0b7c83dbfa712021-12-21 10:47:39.193root 11241100x8000000000000000428279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a40f699e6116d5f2021-12-21 10:47:39.193root 11241100x8000000000000000428280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b31fa1c69c2c608c2021-12-21 10:47:39.193root 23542300x8000000000000000428281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:39.344{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000428282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac8dbbb1d853de62021-12-21 10:47:39.693root 11241100x8000000000000000428283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2596ca84777a80772021-12-21 10:47:39.693root 11241100x8000000000000000428284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.964c0f5bb2fc9a0c2021-12-21 10:47:39.693root 11241100x8000000000000000428285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8950fdc414d1ab372021-12-21 10:47:39.693root 11241100x8000000000000000428286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69a7e08cdb3aa0602021-12-21 10:47:39.693root 11241100x8000000000000000428287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e1d827dc1e56652021-12-21 10:47:40.193root 11241100x8000000000000000428288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9f2ebe78fb0cf82021-12-21 10:47:40.194root 11241100x8000000000000000428289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0fad3904e7dd552021-12-21 10:47:40.194root 11241100x8000000000000000428290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f57f04773dcfd782021-12-21 10:47:40.194root 11241100x8000000000000000428291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a90e64b3b6a5f3002021-12-21 10:47:40.194root 11241100x8000000000000000428292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c6cd6f73e4398a32021-12-21 10:47:40.693root 11241100x8000000000000000428293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931cee60e3bcf3bb2021-12-21 10:47:40.693root 11241100x8000000000000000428294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a780d5a2e71ff62021-12-21 10:47:40.693root 11241100x8000000000000000428295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d12c30c625b2bf2021-12-21 10:47:40.693root 11241100x8000000000000000428296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.366eef705048ca272021-12-21 10:47:40.693root 11241100x8000000000000000428297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.513d0beeb321cb012021-12-21 10:47:41.193root 11241100x8000000000000000428298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6bce55c624a27a2021-12-21 10:47:41.193root 11241100x8000000000000000428299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a82c0c22a75add42021-12-21 10:47:41.193root 11241100x8000000000000000428300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6841b5301298afb42021-12-21 10:47:41.193root 11241100x8000000000000000428301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5f35a4844fc1552021-12-21 10:47:41.193root 11241100x8000000000000000428302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdfe85bd5e5fccb32021-12-21 10:47:41.693root 11241100x8000000000000000428303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b92fd102c988772b2021-12-21 10:47:41.693root 11241100x8000000000000000428304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0a659efd9ec33fa2021-12-21 10:47:41.693root 11241100x8000000000000000428305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d5f2375e375fa52021-12-21 10:47:41.693root 11241100x8000000000000000428306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a1b465bfdbdf7222021-12-21 10:47:41.693root 11241100x8000000000000000428307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.456e92f1dd212f7c2021-12-21 10:47:42.193root 11241100x8000000000000000428308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108cd93728f0c3642021-12-21 10:47:42.193root 11241100x8000000000000000428309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e416f6e46233082021-12-21 10:47:42.193root 11241100x8000000000000000428310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f0b0b0d7d0def402021-12-21 10:47:42.193root 11241100x8000000000000000428311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a059f933ee02262021-12-21 10:47:42.193root 11241100x8000000000000000428312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af23a5d8550c3b482021-12-21 10:47:42.693root 11241100x8000000000000000428313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c5a7f69cb5dcdd2021-12-21 10:47:42.693root 11241100x8000000000000000428314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c58464f15ffcd342021-12-21 10:47:42.693root 11241100x8000000000000000428315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3642a1fe6fd42ae92021-12-21 10:47:42.693root 11241100x8000000000000000428316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0148362a44f230c72021-12-21 10:47:42.693root 354300x8000000000000000428317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:43.023{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47610-false10.0.1.12-8000- 11241100x8000000000000000428318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:43.023{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa436e2f3d67f772021-12-21 10:47:43.023root 11241100x8000000000000000428319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:43.024{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5854882206e6e8972021-12-21 10:47:43.024root 11241100x8000000000000000428320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:43.024{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cca0a95ab92e20f2021-12-21 10:47:43.024root 11241100x8000000000000000428321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:43.024{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddc3aaf479b5b8af2021-12-21 10:47:43.024root 11241100x8000000000000000428322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:43.024{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d666eff2c6bc746c2021-12-21 10:47:43.024root 11241100x8000000000000000428323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:43.024{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d68866bfbde49f92021-12-21 10:47:43.024root 11241100x8000000000000000428324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a830aa8a718dd532021-12-21 10:47:43.443root 11241100x8000000000000000428325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.141c309b4b4618542021-12-21 10:47:43.443root 11241100x8000000000000000428326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28bc261e8f3a0b972021-12-21 10:47:43.443root 11241100x8000000000000000428327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a02fc982ca3d325b2021-12-21 10:47:43.443root 11241100x8000000000000000428328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a8502b8730b90a2021-12-21 10:47:43.443root 11241100x8000000000000000428329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f7bef84d1ee7382021-12-21 10:47:43.443root 11241100x8000000000000000428330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d0b57e8751de1532021-12-21 10:47:43.943root 11241100x8000000000000000428331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eca06cea2af7dd82021-12-21 10:47:43.943root 11241100x8000000000000000428332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e09153c99da27a82021-12-21 10:47:43.943root 11241100x8000000000000000428333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.291d511546d754fd2021-12-21 10:47:43.943root 11241100x8000000000000000428334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba9d2e5262f006f2021-12-21 10:47:43.943root 11241100x8000000000000000428335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7844d3453fb7732021-12-21 10:47:43.943root 11241100x8000000000000000428336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68472c9d83d71f9e2021-12-21 10:47:44.443root 11241100x8000000000000000428337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5c5b71f15dfe2f12021-12-21 10:47:44.443root 11241100x8000000000000000428338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b870291cb0042a792021-12-21 10:47:44.443root 11241100x8000000000000000428339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18923889955b84d92021-12-21 10:47:44.443root 11241100x8000000000000000428340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90af770d56fe17842021-12-21 10:47:44.443root 11241100x8000000000000000428341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1aa95325e570bd2021-12-21 10:47:44.443root 11241100x8000000000000000428342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f8e8fa375fbb42e2021-12-21 10:47:44.943root 11241100x8000000000000000428343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e2743559edcf032021-12-21 10:47:44.943root 11241100x8000000000000000428344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e4d4b98adc0f152021-12-21 10:47:44.943root 11241100x8000000000000000428345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d55cc86498b6c9e2021-12-21 10:47:44.943root 11241100x8000000000000000428346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19bf0ad22a0d2ac42021-12-21 10:47:44.943root 11241100x8000000000000000428347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3823efb0a67986012021-12-21 10:47:44.943root 11241100x8000000000000000428348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebcc355614258b452021-12-21 10:47:45.443root 11241100x8000000000000000428349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9a1bfd5576a417f2021-12-21 10:47:45.443root 11241100x8000000000000000428350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a955128781cd31c2021-12-21 10:47:45.443root 11241100x8000000000000000428351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.256128131e6098842021-12-21 10:47:45.443root 11241100x8000000000000000428352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b649a8d373947d3e2021-12-21 10:47:45.443root 11241100x8000000000000000428353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9277850cef99fe2021-12-21 10:47:45.443root 11241100x8000000000000000428354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d696c974e33e62d2021-12-21 10:47:45.943root 11241100x8000000000000000428355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2fbe2bccdb5cb5d2021-12-21 10:47:45.943root 11241100x8000000000000000428356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a42de527bbc5e93a2021-12-21 10:47:45.943root 11241100x8000000000000000428357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a510dfb21614572021-12-21 10:47:45.943root 11241100x8000000000000000428358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebceda71f8bac31a2021-12-21 10:47:45.943root 11241100x8000000000000000428359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.986796f4632675812021-12-21 10:47:45.943root 11241100x8000000000000000428360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8374f81c3007bbc82021-12-21 10:47:46.443root 11241100x8000000000000000428361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9437ed3e6a661e02021-12-21 10:47:46.443root 11241100x8000000000000000428362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44d621c8a1902bff2021-12-21 10:47:46.443root 11241100x8000000000000000428363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39516c4ac05a9d5b2021-12-21 10:47:46.443root 11241100x8000000000000000428364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.235adee401efd8722021-12-21 10:47:46.443root 11241100x8000000000000000428365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45fc2113bbf9b9ce2021-12-21 10:47:46.443root 11241100x8000000000000000428366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb4638bae28e3ee2021-12-21 10:47:46.943root 11241100x8000000000000000428367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a21b6dedc3fbfc2021-12-21 10:47:46.943root 11241100x8000000000000000428368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d76aef881865f8f72021-12-21 10:47:46.943root 11241100x8000000000000000428369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.324e74267cbfe3162021-12-21 10:47:46.943root 11241100x8000000000000000428370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7620da5b307a2a72021-12-21 10:47:46.943root 11241100x8000000000000000428371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d11d6fd3d41a2cc12021-12-21 10:47:46.943root 11241100x8000000000000000428372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.638d6a3562941b1e2021-12-21 10:47:47.443root 11241100x8000000000000000428373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a079a73fca35862021-12-21 10:47:47.443root 11241100x8000000000000000428374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa759f4457acec12021-12-21 10:47:47.444root 11241100x8000000000000000428375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0102ceb849cabced2021-12-21 10:47:47.445root 11241100x8000000000000000428376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e57b72384b0f53d2021-12-21 10:47:47.445root 11241100x8000000000000000428377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dcdfeaa8f22ef592021-12-21 10:47:47.445root 11241100x8000000000000000428378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7658c7040cb64f982021-12-21 10:47:47.943root 11241100x8000000000000000428379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49e35407a511426f2021-12-21 10:47:47.943root 11241100x8000000000000000428380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64bc4075709b92242021-12-21 10:47:47.943root 11241100x8000000000000000428381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.733353f1cc23d5192021-12-21 10:47:47.943root 11241100x8000000000000000428382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a2d48614233f722021-12-21 10:47:47.943root 11241100x8000000000000000428383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde2de853f00c3ca2021-12-21 10:47:47.943root 354300x8000000000000000428384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:48.104{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47612-false10.0.1.12-8000- 11241100x8000000000000000428385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f55302200f6dfc2b2021-12-21 10:47:48.443root 11241100x8000000000000000428386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc43c999b5c7c5d2021-12-21 10:47:48.443root 11241100x8000000000000000428387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.496975e676ec38792021-12-21 10:47:48.443root 11241100x8000000000000000428388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb016f685978ff952021-12-21 10:47:48.443root 11241100x8000000000000000428389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e55db2578288eed32021-12-21 10:47:48.443root 11241100x8000000000000000428390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be5ead1adedfd842021-12-21 10:47:48.443root 11241100x8000000000000000428391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60c7e95038eb5d862021-12-21 10:47:48.443root 11241100x8000000000000000428392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f8c5527bac08b9f2021-12-21 10:47:48.943root 11241100x8000000000000000428393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c49e13ae3fe4dd62021-12-21 10:47:48.943root 11241100x8000000000000000428394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.872f525386e0a5ad2021-12-21 10:47:48.943root 11241100x8000000000000000428395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.030c4c5f8d0e5abb2021-12-21 10:47:48.943root 11241100x8000000000000000428396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd457e9fe562e402021-12-21 10:47:48.943root 11241100x8000000000000000428397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f40207a47efca2f2021-12-21 10:47:48.943root 11241100x8000000000000000428398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3254bd4f217a61e42021-12-21 10:47:48.943root 11241100x8000000000000000428399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b0ceef37de9f892021-12-21 10:47:49.443root 11241100x8000000000000000428400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8396303686e7f8862021-12-21 10:47:49.443root 11241100x8000000000000000428401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c96b8685391e6cc2021-12-21 10:47:49.443root 11241100x8000000000000000428402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c0f714af0e35932021-12-21 10:47:49.443root 11241100x8000000000000000428403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc11628715272c782021-12-21 10:47:49.444root 11241100x8000000000000000428404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa907c19bd70b702021-12-21 10:47:49.444root 11241100x8000000000000000428405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec025da687f09a432021-12-21 10:47:49.444root 11241100x8000000000000000428406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2964f3e1c00e7082021-12-21 10:47:49.943root 11241100x8000000000000000428407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28efd1acd581b392021-12-21 10:47:49.943root 11241100x8000000000000000428408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1684adc24d68eff2021-12-21 10:47:49.943root 11241100x8000000000000000428409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca8a604482d0838f2021-12-21 10:47:49.943root 11241100x8000000000000000428410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d8b95807defcc562021-12-21 10:47:49.943root 11241100x8000000000000000428411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92796e04ec59e71b2021-12-21 10:47:49.943root 11241100x8000000000000000428412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.116a1ecf672ece1d2021-12-21 10:47:49.943root 11241100x8000000000000000428413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c32ce2a324ab1ddd2021-12-21 10:47:50.443root 11241100x8000000000000000428414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.052829658790bc872021-12-21 10:47:50.443root 11241100x8000000000000000428415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a3051220673b962021-12-21 10:47:50.443root 11241100x8000000000000000428416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335f98aeecef17222021-12-21 10:47:50.443root 11241100x8000000000000000428417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f32938354c275f2021-12-21 10:47:50.443root 11241100x8000000000000000428418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d362e92746f8cae2021-12-21 10:47:50.443root 11241100x8000000000000000428419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8456b50e43026d7f2021-12-21 10:47:50.443root 11241100x8000000000000000428420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2242882b61e164f2021-12-21 10:47:50.943root 11241100x8000000000000000428421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da6cb5b6fbedad22021-12-21 10:47:50.943root 11241100x8000000000000000428422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.454c7c9c8447b6b02021-12-21 10:47:50.943root 11241100x8000000000000000428423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab6c11fbacb6ef22021-12-21 10:47:50.943root 11241100x8000000000000000428424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0998aabd1404d1b2021-12-21 10:47:50.943root 11241100x8000000000000000428425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef1a5eb150148ce2021-12-21 10:47:50.943root 11241100x8000000000000000428426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8d43fd9c8359412021-12-21 10:47:50.943root 11241100x8000000000000000428427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c00d1165b22c8a6c2021-12-21 10:47:51.443root 11241100x8000000000000000428428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3dda4d9601754a22021-12-21 10:47:51.443root 11241100x8000000000000000428429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba3a1d5caed71772021-12-21 10:47:51.443root 11241100x8000000000000000428430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e2f965b5ca5d3c2021-12-21 10:47:51.443root 11241100x8000000000000000428431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e4dc5371748a83a2021-12-21 10:47:51.443root 11241100x8000000000000000428432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a214c888acee31442021-12-21 10:47:51.443root 11241100x8000000000000000428433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.146defbeb358e5562021-12-21 10:47:51.443root 11241100x8000000000000000428434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e7e76eeb771134e2021-12-21 10:47:51.943root 11241100x8000000000000000428435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed53a25f805308972021-12-21 10:47:51.943root 11241100x8000000000000000428436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.994dc7d70e897cbc2021-12-21 10:47:51.943root 11241100x8000000000000000428437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1470f5021e79c6b52021-12-21 10:47:51.943root 11241100x8000000000000000428438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3215a6b53b01ddf02021-12-21 10:47:51.943root 11241100x8000000000000000428439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7178a5bc163707c2021-12-21 10:47:51.943root 11241100x8000000000000000428440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb8eb934ef21c472021-12-21 10:47:51.943root 11241100x8000000000000000428441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ba5e3d84bdb9a32021-12-21 10:47:52.443root 11241100x8000000000000000428442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edbed8b1253f3c412021-12-21 10:47:52.443root 11241100x8000000000000000428443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.280861e9a117c7ee2021-12-21 10:47:52.443root 11241100x8000000000000000428444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58580c0d13e1b0162021-12-21 10:47:52.443root 11241100x8000000000000000428445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f9b4a17f456dff2021-12-21 10:47:52.443root 11241100x8000000000000000428446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c1c4769d82f6232021-12-21 10:47:52.444root 11241100x8000000000000000428447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc5263bd258320642021-12-21 10:47:52.444root 11241100x8000000000000000428448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7858485264e13fcc2021-12-21 10:47:52.943root 11241100x8000000000000000428449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d4b6f37ef740c4d2021-12-21 10:47:52.943root 11241100x8000000000000000428450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c19de4b37b1ae2d42021-12-21 10:47:52.943root 11241100x8000000000000000428451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725c397db65feaae2021-12-21 10:47:52.943root 11241100x8000000000000000428452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f64614e16df1867b2021-12-21 10:47:52.943root 11241100x8000000000000000428453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d99fcf9e2f35f2f12021-12-21 10:47:52.943root 11241100x8000000000000000428454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68209b016e31f68d2021-12-21 10:47:52.943root 11241100x8000000000000000428455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5985a5582f34fa82021-12-21 10:47:53.443root 11241100x8000000000000000428456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5dd2ae7feed8c672021-12-21 10:47:53.443root 11241100x8000000000000000428457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b122b799538d51d62021-12-21 10:47:53.443root 11241100x8000000000000000428458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b9f7638577b0f32021-12-21 10:47:53.443root 11241100x8000000000000000428459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6f47906b0a80b212021-12-21 10:47:53.443root 11241100x8000000000000000428460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a123293c61431cb2021-12-21 10:47:53.443root 11241100x8000000000000000428461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0a8bec53116a04e2021-12-21 10:47:53.444root 11241100x8000000000000000428462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa80aed3883845b2021-12-21 10:47:53.943root 11241100x8000000000000000428463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfde050726f7b5162021-12-21 10:47:53.943root 11241100x8000000000000000428464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35dc5209cda901152021-12-21 10:47:53.943root 11241100x8000000000000000428465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e8ea5e8915915e72021-12-21 10:47:53.943root 11241100x8000000000000000428466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296a25b2b6b767322021-12-21 10:47:53.943root 11241100x8000000000000000428467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a4141fdfd28cb9c2021-12-21 10:47:53.943root 11241100x8000000000000000428468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5902cb9060b666e02021-12-21 10:47:53.943root 354300x8000000000000000428469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:54.065{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47614-false10.0.1.12-8000- 11241100x8000000000000000428470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ee34f3019c502692021-12-21 10:47:54.443root 11241100x8000000000000000428471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c384f7f7a9a43a02021-12-21 10:47:54.443root 11241100x8000000000000000428472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.982ec714ce4a297f2021-12-21 10:47:54.443root 11241100x8000000000000000428473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee95d9f9b54a56b82021-12-21 10:47:54.443root 11241100x8000000000000000428474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.894590679b90a02b2021-12-21 10:47:54.443root 11241100x8000000000000000428475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b126755f80eb4782021-12-21 10:47:54.443root 11241100x8000000000000000428476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf6dbb72405feafe2021-12-21 10:47:54.443root 11241100x8000000000000000428477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e1c1ec0c6f33bc92021-12-21 10:47:54.443root 11241100x8000000000000000428478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ee76ae977b055e42021-12-21 10:47:54.943root 11241100x8000000000000000428479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a73db4a3f2de86842021-12-21 10:47:54.943root 11241100x8000000000000000428480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a513d87c52167a3f2021-12-21 10:47:54.943root 11241100x8000000000000000428481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f02ab58671d5b102021-12-21 10:47:54.943root 11241100x8000000000000000428482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf0e8bfb74e048752021-12-21 10:47:54.943root 11241100x8000000000000000428483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4defc33235aa0732021-12-21 10:47:54.943root 11241100x8000000000000000428484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.708e316e9365463b2021-12-21 10:47:54.943root 11241100x8000000000000000428485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1b37c38fa03c2ae2021-12-21 10:47:54.943root 11241100x8000000000000000428486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.123a49701dc32a3f2021-12-21 10:47:55.443root 11241100x8000000000000000428487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7da8ce8cf87fa8f2021-12-21 10:47:55.443root 11241100x8000000000000000428488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa15e9faaeaa50da2021-12-21 10:47:55.443root 11241100x8000000000000000428489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caaab3c17adacf432021-12-21 10:47:55.443root 11241100x8000000000000000428490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce4358794a60e812021-12-21 10:47:55.443root 11241100x8000000000000000428491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db7c6fb1d819a75a2021-12-21 10:47:55.443root 11241100x8000000000000000428492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b90474338117b9dd2021-12-21 10:47:55.443root 11241100x8000000000000000428493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a43ca3c6b7e97ee2021-12-21 10:47:55.443root 11241100x8000000000000000428494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c0f9bef438147022021-12-21 10:47:55.943root 11241100x8000000000000000428495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.471c9de0186c48502021-12-21 10:47:55.943root 11241100x8000000000000000428496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff62835aa5513c82021-12-21 10:47:55.943root 11241100x8000000000000000428497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbdc2741fc2ba4f92021-12-21 10:47:55.943root 11241100x8000000000000000428498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffcfb9e92fb13ea52021-12-21 10:47:55.943root 11241100x8000000000000000428499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28eca444730c68142021-12-21 10:47:55.943root 11241100x8000000000000000428500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.810fec6df676972a2021-12-21 10:47:55.943root 11241100x8000000000000000428501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6bcb4211ad63e082021-12-21 10:47:55.943root 11241100x8000000000000000428502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d596d4636e601c62021-12-21 10:47:56.443root 11241100x8000000000000000428503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d3e954faaada3562021-12-21 10:47:56.443root 11241100x8000000000000000428504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c346a21fd458f0f12021-12-21 10:47:56.443root 11241100x8000000000000000428505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9663585be46dbd072021-12-21 10:47:56.443root 11241100x8000000000000000428506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e23a7b271bcf1252021-12-21 10:47:56.443root 11241100x8000000000000000428507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.782df581d3d875b72021-12-21 10:47:56.443root 11241100x8000000000000000428508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.832d86cda84011212021-12-21 10:47:56.443root 11241100x8000000000000000428509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d54776fdc73cabe12021-12-21 10:47:56.443root 11241100x8000000000000000428510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ad9e0edafe74672021-12-21 10:47:56.943root 11241100x8000000000000000428511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c99da90a181f6d42021-12-21 10:47:56.943root 11241100x8000000000000000428512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1384be74d53deccb2021-12-21 10:47:56.943root 11241100x8000000000000000428513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc0d59c61a6c8d02021-12-21 10:47:56.943root 11241100x8000000000000000428514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60639cde461ab46b2021-12-21 10:47:56.943root 11241100x8000000000000000428515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4226896cb12d79e2021-12-21 10:47:56.943root 11241100x8000000000000000428516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c00dd920a3869e52021-12-21 10:47:56.943root 11241100x8000000000000000428517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27eb19cf4a7372782021-12-21 10:47:56.943root 11241100x8000000000000000428518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de22d2494ac8f702021-12-21 10:47:57.443root 11241100x8000000000000000428519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31220cef29e0e0e42021-12-21 10:47:57.443root 11241100x8000000000000000428520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67cd2ec4f263a6bc2021-12-21 10:47:57.443root 11241100x8000000000000000428521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff36f5bc13fa1c92021-12-21 10:47:57.443root 11241100x8000000000000000428522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732f8bfa73905e852021-12-21 10:47:57.443root 11241100x8000000000000000428523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.763c6890385b01ee2021-12-21 10:47:57.443root 11241100x8000000000000000428524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0f16119fa32f982021-12-21 10:47:57.443root 11241100x8000000000000000428525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.668db70bc3d13adf2021-12-21 10:47:57.443root 11241100x8000000000000000428526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.258c603687b3b72a2021-12-21 10:47:57.943root 11241100x8000000000000000428527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.274342b212122cbd2021-12-21 10:47:57.943root 11241100x8000000000000000428528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcfabfae4a975f152021-12-21 10:47:57.943root 11241100x8000000000000000428529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4dd947cad46ac9f2021-12-21 10:47:57.943root 11241100x8000000000000000428530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6761a0eb15f1da32021-12-21 10:47:57.943root 11241100x8000000000000000428531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea8fe2339861248d2021-12-21 10:47:57.943root 11241100x8000000000000000428532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c54ea6e736597382021-12-21 10:47:57.943root 11241100x8000000000000000428533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653f6ea7e8a793352021-12-21 10:47:57.943root 11241100x8000000000000000428534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7f2d04dda127322021-12-21 10:47:58.443root 11241100x8000000000000000428535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a47030fc074be3f2021-12-21 10:47:58.443root 11241100x8000000000000000428536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff3050301a313c262021-12-21 10:47:58.443root 11241100x8000000000000000428537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63364d9503e7b9352021-12-21 10:47:58.443root 11241100x8000000000000000428538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd5e59174fc70ba2021-12-21 10:47:58.443root 11241100x8000000000000000428539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.007b790b5b544c852021-12-21 10:47:58.443root 11241100x8000000000000000428540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e511e8b3ae7e172021-12-21 10:47:58.443root 11241100x8000000000000000428541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.014982393496bed92021-12-21 10:47:58.443root 11241100x8000000000000000428542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab73250b95dfeb192021-12-21 10:47:58.943root 11241100x8000000000000000428543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f63ca58ebea4a9f2021-12-21 10:47:58.943root 11241100x8000000000000000428544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b5b144b235b7a6c2021-12-21 10:47:58.943root 11241100x8000000000000000428545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d6a9f6014b02b562021-12-21 10:47:58.943root 11241100x8000000000000000428546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9705bd5b3e04f6a12021-12-21 10:47:58.943root 11241100x8000000000000000428547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f0679a1553a2c282021-12-21 10:47:58.943root 11241100x8000000000000000428548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b87fce5054a9b50d2021-12-21 10:47:58.943root 11241100x8000000000000000428549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1263c713e7457d42021-12-21 10:47:58.943root 354300x8000000000000000428550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:59.198{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47616-false10.0.1.12-8000- 11241100x8000000000000000428551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:59.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ccd2ee38aaa39a02021-12-21 10:47:59.199root 11241100x8000000000000000428552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:59.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cfd608b40b236052021-12-21 10:47:59.199root 11241100x8000000000000000428553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:59.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29df4f2356d4c3ef2021-12-21 10:47:59.199root 11241100x8000000000000000428554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:59.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8445ef492b38e7a2021-12-21 10:47:59.199root 11241100x8000000000000000428555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:59.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa885be2a26bc2432021-12-21 10:47:59.199root 11241100x8000000000000000428556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:59.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afad13e9c58b632d2021-12-21 10:47:59.200root 11241100x8000000000000000428557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:59.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaf89cffac42c7d02021-12-21 10:47:59.200root 11241100x8000000000000000428558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:59.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df7cf5fc774d155b2021-12-21 10:47:59.200root 11241100x8000000000000000428559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:59.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee07bf23946f77e12021-12-21 10:47:59.200root 11241100x8000000000000000428560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2dc2bf396ea5ab12021-12-21 10:47:59.693root 11241100x8000000000000000428561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7544eca721d62432021-12-21 10:47:59.693root 11241100x8000000000000000428562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15672b0a57d56d992021-12-21 10:47:59.693root 11241100x8000000000000000428563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05d483f4b9029fbb2021-12-21 10:47:59.693root 11241100x8000000000000000428564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d3cb8228287e88a2021-12-21 10:47:59.693root 11241100x8000000000000000428565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee2edfdb6a8dc0b2021-12-21 10:47:59.693root 11241100x8000000000000000428566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37cd9278cf5cb2b22021-12-21 10:47:59.693root 11241100x8000000000000000428567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac109ec318082912021-12-21 10:47:59.693root 11241100x8000000000000000428568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:47:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.206121e3c07c98462021-12-21 10:47:59.693root 11241100x8000000000000000428569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de9a4b5ee0f14422021-12-21 10:48:00.193root 11241100x8000000000000000428570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd6c98d82538a4082021-12-21 10:48:00.193root 11241100x8000000000000000428571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fdef9c2292c99942021-12-21 10:48:00.193root 11241100x8000000000000000428572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e10f3f8c39109012021-12-21 10:48:00.193root 11241100x8000000000000000428573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.310121583486a30e2021-12-21 10:48:00.193root 11241100x8000000000000000428574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c88b796dafa579b2021-12-21 10:48:00.193root 11241100x8000000000000000428575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.234286d0d1bd0eff2021-12-21 10:48:00.193root 11241100x8000000000000000428576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e164b5be85ed4b572021-12-21 10:48:00.193root 11241100x8000000000000000428577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.286de6025a1fe53c2021-12-21 10:48:00.193root 11241100x8000000000000000428578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f794581aecf216b22021-12-21 10:48:00.693root 11241100x8000000000000000428579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a878cef131931802021-12-21 10:48:00.693root 11241100x8000000000000000428580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fc6238fbc340a0d2021-12-21 10:48:00.693root 11241100x8000000000000000428581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf12583c2b0221282021-12-21 10:48:00.693root 11241100x8000000000000000428582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628d27642119c4542021-12-21 10:48:00.693root 11241100x8000000000000000428583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c482c3cb5dd94ca2021-12-21 10:48:00.693root 11241100x8000000000000000428584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e079a7bdf23176332021-12-21 10:48:00.693root 11241100x8000000000000000428585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fa76c2e717f528a2021-12-21 10:48:00.693root 11241100x8000000000000000428586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a6bd332d8d40dfa2021-12-21 10:48:00.693root 11241100x8000000000000000428587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36dc6644b1ac075c2021-12-21 10:48:01.193root 11241100x8000000000000000428588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf0d973a32d8cca02021-12-21 10:48:01.193root 11241100x8000000000000000428589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bedb82f38dcf0a72021-12-21 10:48:01.193root 11241100x8000000000000000428590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.620cf20132ed8a112021-12-21 10:48:01.193root 11241100x8000000000000000428591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0137c15f4c04ebe2021-12-21 10:48:01.193root 11241100x8000000000000000428592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82d46485b7488db2021-12-21 10:48:01.193root 11241100x8000000000000000428593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6638416a6e2f5c32021-12-21 10:48:01.193root 11241100x8000000000000000428594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b1fd8b909d4549f2021-12-21 10:48:01.193root 11241100x8000000000000000428595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc8ba2a94b5ff4692021-12-21 10:48:01.194root 11241100x8000000000000000428596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e426127b8727ec372021-12-21 10:48:01.693root 11241100x8000000000000000428597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.005e1b15cccb01022021-12-21 10:48:01.693root 11241100x8000000000000000428598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6939b08909ba9aa62021-12-21 10:48:01.693root 11241100x8000000000000000428599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec23166785102532021-12-21 10:48:01.693root 11241100x8000000000000000428600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.199278c7a376e0692021-12-21 10:48:01.694root 11241100x8000000000000000428601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ff090b6bc96d5292021-12-21 10:48:01.694root 11241100x8000000000000000428602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.060e4cf48a6b97852021-12-21 10:48:01.694root 11241100x8000000000000000428603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.114588908e1483282021-12-21 10:48:01.695root 11241100x8000000000000000428604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c05188906a6a6b2021-12-21 10:48:01.695root 11241100x8000000000000000428605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f939657fe243232021-12-21 10:48:02.193root 11241100x8000000000000000428606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc13d8f9f650365d2021-12-21 10:48:02.193root 11241100x8000000000000000428607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb51e6d076edc9ba2021-12-21 10:48:02.193root 11241100x8000000000000000428608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5de8561588d5a0f2021-12-21 10:48:02.193root 11241100x8000000000000000428609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27604de370adac662021-12-21 10:48:02.194root 11241100x8000000000000000428610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d2c2a75aac5e1b2021-12-21 10:48:02.194root 11241100x8000000000000000428611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c1a122e1c90ea02021-12-21 10:48:02.194root 11241100x8000000000000000428612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db9b516a5547c6442021-12-21 10:48:02.194root 11241100x8000000000000000428613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fad8e2ea8710bb22021-12-21 10:48:02.194root 11241100x8000000000000000428614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46ad0d71ee5156692021-12-21 10:48:02.693root 11241100x8000000000000000428615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb2a3a8ed6c7c7c2021-12-21 10:48:02.693root 11241100x8000000000000000428616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc456623418e37552021-12-21 10:48:02.693root 11241100x8000000000000000428617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0220127cdfeacadf2021-12-21 10:48:02.693root 11241100x8000000000000000428618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.731ec403f43194a32021-12-21 10:48:02.693root 11241100x8000000000000000428619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c7fbf040eb804b2021-12-21 10:48:02.693root 11241100x8000000000000000428620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b654cb994c19fb482021-12-21 10:48:02.693root 11241100x8000000000000000428621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0a0605d8cf3f9af2021-12-21 10:48:02.693root 11241100x8000000000000000428622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee96f4cff1f041342021-12-21 10:48:02.693root 354300x8000000000000000428623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:03.050{ec2b6afe-923b-61c1-e0f7-1f3839560000}1173/usr/sbin/sshdroottcpfalsefalse193.3.19.84-61000-false10.0.1.25-22- 11241100x8000000000000000428624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:03.050{ec2b6afe-b0e3-61c1-0000-000000000000}9798/usr/sbin/sshd/proc/9798/oom_score_adj2021-12-21 10:48:03.050root 154100x8000000000000000428625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:03.050{ec2b6afe-b0e3-61c1-e057-3430ab550000}9798/usr/sbin/sshd-----/usr/sbin/sshd -D -R/root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}1173--- 11241100x8000000000000000428626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:03.051{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b58fedb59eeb4ac2021-12-21 10:48:03.051root 11241100x8000000000000000428627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:03.051{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8382f13d35c074482021-12-21 10:48:03.051root 11241100x8000000000000000428628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:03.051{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab0910b96b3927d2021-12-21 10:48:03.051root 11241100x8000000000000000428629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:03.051{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.332bc8b63e1e12392021-12-21 10:48:03.051root 11241100x8000000000000000428630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:03.051{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b0bc59eb0ddee62021-12-21 10:48:03.051root 11241100x8000000000000000428631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:03.052{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd39f8690be211e72021-12-21 10:48:03.052root 11241100x8000000000000000428632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:03.052{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128b053e53595f6f2021-12-21 10:48:03.052root 11241100x8000000000000000428633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:03.052{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5c854165c4ec302021-12-21 10:48:03.052root 11241100x8000000000000000428634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:03.052{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f3784021f649232021-12-21 10:48:03.052root 11241100x8000000000000000428635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:03.052{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431673716a7003d82021-12-21 10:48:03.052root 11241100x8000000000000000428636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:03.052{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd3a7bb02f601722021-12-21 10:48:03.052root 11241100x8000000000000000428637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:03.052{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b05fb12db4ca3b542021-12-21 10:48:03.052root 534500x8000000000000000428638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:03.100{ec2b6afe-b0e3-61c1-e057-3430ab550000}9798/usr/sbin/sshdroot 11241100x8000000000000000428639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d295392d763ff5522021-12-21 10:48:03.443root 11241100x8000000000000000428640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d628e0c1da6fcb12021-12-21 10:48:03.443root 11241100x8000000000000000428641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6b3cd384cd27a702021-12-21 10:48:03.443root 11241100x8000000000000000428642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd36c53335150cd2021-12-21 10:48:03.443root 11241100x8000000000000000428643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3597883e19ab5cef2021-12-21 10:48:03.444root 11241100x8000000000000000428644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28041a69055e820b2021-12-21 10:48:03.444root 11241100x8000000000000000428645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.379d0220f4eac5bd2021-12-21 10:48:03.444root 11241100x8000000000000000428646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.617af1e54d346dfe2021-12-21 10:48:03.444root 11241100x8000000000000000428647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b44aa86f856cfa2021-12-21 10:48:03.444root 11241100x8000000000000000428648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d6b156444b769752021-12-21 10:48:03.444root 11241100x8000000000000000428649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074ebc15f4c1a8e12021-12-21 10:48:03.444root 11241100x8000000000000000428650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61804eaee8946d192021-12-21 10:48:03.444root 11241100x8000000000000000428651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4acca8d911ca7de32021-12-21 10:48:03.444root 11241100x8000000000000000428652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad977cef4480ed6a2021-12-21 10:48:03.943root 11241100x8000000000000000428653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5362e4d2d2e668322021-12-21 10:48:03.943root 11241100x8000000000000000428654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.399284f61751a8602021-12-21 10:48:03.943root 11241100x8000000000000000428655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff73ba68fe9e8f4c2021-12-21 10:48:03.944root 11241100x8000000000000000428656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ce83f8754741f92021-12-21 10:48:03.944root 11241100x8000000000000000428657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3009ce18437fe3e72021-12-21 10:48:03.944root 11241100x8000000000000000428658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b14b71c50ee3652021-12-21 10:48:03.944root 11241100x8000000000000000428659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dda4ffaf173149c32021-12-21 10:48:03.944root 11241100x8000000000000000428660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd4dd77d5baacc82021-12-21 10:48:03.945root 11241100x8000000000000000428661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377553bce8a59fdb2021-12-21 10:48:03.945root 11241100x8000000000000000428662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1505d2d7ff6d7ee02021-12-21 10:48:03.945root 11241100x8000000000000000428663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9940880af9c42c8a2021-12-21 10:48:03.945root 11241100x8000000000000000428664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b0fc100e43b8d812021-12-21 10:48:03.945root 11241100x8000000000000000428665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a2b44de369d43c62021-12-21 10:48:04.443root 11241100x8000000000000000428666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43dee54b5f986e572021-12-21 10:48:04.443root 11241100x8000000000000000428667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.765a1d9ca32a8ac42021-12-21 10:48:04.443root 11241100x8000000000000000428668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c094cca99e83e782021-12-21 10:48:04.443root 11241100x8000000000000000428669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b82f7cba2fa25cb2021-12-21 10:48:04.443root 11241100x8000000000000000428670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a70c53a3f119fcd62021-12-21 10:48:04.444root 11241100x8000000000000000428671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9af3df1a87b1e4d2021-12-21 10:48:04.444root 11241100x8000000000000000428672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.906554f6b7a1e8db2021-12-21 10:48:04.444root 11241100x8000000000000000428673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.340a7a0b6dce12832021-12-21 10:48:04.444root 11241100x8000000000000000428674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d79765844f9049f52021-12-21 10:48:04.444root 11241100x8000000000000000428675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dafefc1bf00b18ce2021-12-21 10:48:04.444root 11241100x8000000000000000428676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ac3dc52104b5842021-12-21 10:48:04.444root 11241100x8000000000000000428677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd033747a8d9bf932021-12-21 10:48:04.444root 11241100x8000000000000000428678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c4ea7263a8c1ed2021-12-21 10:48:04.943root 11241100x8000000000000000428679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92440a1cb049dd432021-12-21 10:48:04.943root 11241100x8000000000000000428680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59924985052aed062021-12-21 10:48:04.943root 11241100x8000000000000000428681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d711930bc49cf82021-12-21 10:48:04.943root 11241100x8000000000000000428682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b3e9620e6ea4792021-12-21 10:48:04.943root 11241100x8000000000000000428683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff51cfb593fd8aa32021-12-21 10:48:04.944root 11241100x8000000000000000428684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b416bf7a071ffdee2021-12-21 10:48:04.944root 11241100x8000000000000000428685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01bd0860e29963702021-12-21 10:48:04.944root 11241100x8000000000000000428686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce0ac80940f226292021-12-21 10:48:04.944root 11241100x8000000000000000428687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c627464e91e1e92021-12-21 10:48:04.944root 11241100x8000000000000000428688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65379ec561a9c4292021-12-21 10:48:04.944root 11241100x8000000000000000428689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a324f2b10e2fb8be2021-12-21 10:48:04.944root 11241100x8000000000000000428690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6edcf99c6a7fc74d2021-12-21 10:48:04.944root 354300x8000000000000000428691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:05.118{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47618-false10.0.1.12-8000- 11241100x8000000000000000428692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9524ddf588b55e352021-12-21 10:48:05.443root 11241100x8000000000000000428693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cbc9341d0d3c0082021-12-21 10:48:05.443root 11241100x8000000000000000428694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6cdeb5369c529f62021-12-21 10:48:05.443root 11241100x8000000000000000428695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c52f03e2c657eb1c2021-12-21 10:48:05.443root 11241100x8000000000000000428696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0186e45d278f0b9b2021-12-21 10:48:05.443root 11241100x8000000000000000428697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2bd001eb02f091d2021-12-21 10:48:05.443root 11241100x8000000000000000428698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a65c8b5c4d7032612021-12-21 10:48:05.443root 11241100x8000000000000000428699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df7d6485a1c48ec2021-12-21 10:48:05.443root 11241100x8000000000000000428700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a91f95a5b25a92ed2021-12-21 10:48:05.444root 11241100x8000000000000000428701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd1660b76fec31dd2021-12-21 10:48:05.444root 11241100x8000000000000000428702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c861153d9fdd1432021-12-21 10:48:05.444root 11241100x8000000000000000428703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7e2f911228486d02021-12-21 10:48:05.444root 11241100x8000000000000000428704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2acd17c5950a2e92021-12-21 10:48:05.444root 11241100x8000000000000000428705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11fc5d4ced1892d52021-12-21 10:48:05.444root 11241100x8000000000000000428706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d8243b37aee8a12021-12-21 10:48:05.943root 11241100x8000000000000000428707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e23a97b6b2ca30c82021-12-21 10:48:05.943root 11241100x8000000000000000428708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e58064010dad40c2021-12-21 10:48:05.943root 11241100x8000000000000000428709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2cc3928db34a2f22021-12-21 10:48:05.943root 11241100x8000000000000000428710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd19f3176cfb55e92021-12-21 10:48:05.943root 11241100x8000000000000000428711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11897704b421b6a02021-12-21 10:48:05.944root 11241100x8000000000000000428712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ac27ef4f2b84df2021-12-21 10:48:05.944root 11241100x8000000000000000428713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14014a4a3eebbbb2021-12-21 10:48:05.944root 11241100x8000000000000000428714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55d9761234e04e882021-12-21 10:48:05.944root 11241100x8000000000000000428715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e56769208c7cfb2021-12-21 10:48:05.944root 11241100x8000000000000000428716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8a0c493c9dc22842021-12-21 10:48:05.944root 11241100x8000000000000000428717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05fd26d3033957062021-12-21 10:48:05.944root 11241100x8000000000000000428718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a659ae6fdd868792021-12-21 10:48:05.944root 11241100x8000000000000000428719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab295063ef04de352021-12-21 10:48:05.944root 11241100x8000000000000000428720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:06.341{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 10:48:06.341root 11241100x8000000000000000428721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:06.342{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.957f14b3d310e4722021-12-21 10:48:06.342root 11241100x8000000000000000428722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:06.342{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a3030be1bf3174b2021-12-21 10:48:06.342root 11241100x8000000000000000428723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:06.342{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4754dd41a39ad0df2021-12-21 10:48:06.342root 11241100x8000000000000000428724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:06.342{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ee5824b669dd172021-12-21 10:48:06.342root 11241100x8000000000000000428725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:06.342{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba0e1a3726a7ba2e2021-12-21 10:48:06.342root 11241100x8000000000000000428726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:06.343{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00dfd6bf7fdbfbea2021-12-21 10:48:06.343root 11241100x8000000000000000428727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:06.343{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc9de848bf7042ba2021-12-21 10:48:06.343root 11241100x8000000000000000428728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:06.343{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c2f2c62834266232021-12-21 10:48:06.343root 11241100x8000000000000000428729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:06.343{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd35ccff52bcde62021-12-21 10:48:06.343root 11241100x8000000000000000428730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:06.343{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d8126c0716c5202021-12-21 10:48:06.343root 11241100x8000000000000000428731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:06.343{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3bcdfb8c81489ba2021-12-21 10:48:06.343root 11241100x8000000000000000428732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:06.343{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a8f2e0b4f761db02021-12-21 10:48:06.343root 11241100x8000000000000000428733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:06.343{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a3ad1ade20ebd62021-12-21 10:48:06.343root 11241100x8000000000000000428734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:06.343{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8888fb9d1bc5df0a2021-12-21 10:48:06.343root 11241100x8000000000000000428735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:06.343{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c6aac8d781bc042021-12-21 10:48:06.343root 11241100x8000000000000000428736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a065700470d3562021-12-21 10:48:06.693root 11241100x8000000000000000428737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d79892419310e72021-12-21 10:48:06.693root 11241100x8000000000000000428738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42362dcc426c2b042021-12-21 10:48:06.693root 11241100x8000000000000000428739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a936cbd6e2cd55382021-12-21 10:48:06.693root 11241100x8000000000000000428740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0169c43edc16c5682021-12-21 10:48:06.693root 11241100x8000000000000000428741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c48742783870042021-12-21 10:48:06.693root 11241100x8000000000000000428742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1fba3e6281508662021-12-21 10:48:06.694root 11241100x8000000000000000428743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e35c4ce8fc3cfeee2021-12-21 10:48:06.694root 11241100x8000000000000000428744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a8d266e247c5d5e2021-12-21 10:48:06.694root 11241100x8000000000000000428745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48794f579908aeb32021-12-21 10:48:06.694root 11241100x8000000000000000428746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2643048f9772d4cc2021-12-21 10:48:06.694root 11241100x8000000000000000428747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.273cceee1608172a2021-12-21 10:48:06.694root 11241100x8000000000000000428748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ea7f491b5332e42021-12-21 10:48:06.694root 11241100x8000000000000000428749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.251566f80cd802f52021-12-21 10:48:06.694root 11241100x8000000000000000428750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16dbd6907b74ae882021-12-21 10:48:06.694root 11241100x8000000000000000428751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.683bbdd127367f892021-12-21 10:48:07.193root 11241100x8000000000000000428752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13160752b8fec5452021-12-21 10:48:07.193root 11241100x8000000000000000428753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec6dee69a5c1bf2d2021-12-21 10:48:07.193root 11241100x8000000000000000428754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d475d8735c45cc2021-12-21 10:48:07.193root 11241100x8000000000000000428755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9584f0967906d0ed2021-12-21 10:48:07.193root 11241100x8000000000000000428756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fffbcc17c2f7f5162021-12-21 10:48:07.193root 11241100x8000000000000000428757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aebc14556df271af2021-12-21 10:48:07.193root 11241100x8000000000000000428758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f685f81528414fa2021-12-21 10:48:07.193root 11241100x8000000000000000428759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.981fd023c6e3d2b92021-12-21 10:48:07.194root 11241100x8000000000000000428760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b417519b733127e12021-12-21 10:48:07.194root 11241100x8000000000000000428761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fcc5db8e4ca01682021-12-21 10:48:07.194root 11241100x8000000000000000428762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b77e1703dcbaab8d2021-12-21 10:48:07.194root 11241100x8000000000000000428763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fddf723ea99ff3d92021-12-21 10:48:07.194root 11241100x8000000000000000428764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b8167ba496d62ec2021-12-21 10:48:07.194root 11241100x8000000000000000428765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ab24e89af22ff12021-12-21 10:48:07.194root 11241100x8000000000000000428766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.679369f0d97768922021-12-21 10:48:07.693root 11241100x8000000000000000428767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.902d8d89c7c64a8e2021-12-21 10:48:07.693root 11241100x8000000000000000428768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2828189e92861ec2021-12-21 10:48:07.693root 11241100x8000000000000000428769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4318c33d252b58b32021-12-21 10:48:07.693root 11241100x8000000000000000428770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f1247d68d5324ba2021-12-21 10:48:07.693root 11241100x8000000000000000428771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec5fd4e395d32ad2021-12-21 10:48:07.693root 11241100x8000000000000000428772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78aef4db01284aea2021-12-21 10:48:07.694root 11241100x8000000000000000428773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d63dfff8235dab2021-12-21 10:48:07.694root 11241100x8000000000000000428774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3950df103f1f53362021-12-21 10:48:07.694root 11241100x8000000000000000428775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff7f61f4659198bb2021-12-21 10:48:07.694root 11241100x8000000000000000428776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7a581031914288b2021-12-21 10:48:07.694root 11241100x8000000000000000428777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e18df998627c132021-12-21 10:48:07.695root 11241100x8000000000000000428778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e94bc594b146d72021-12-21 10:48:07.695root 11241100x8000000000000000428779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9043080af5cdc302021-12-21 10:48:07.696root 11241100x8000000000000000428780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1768c8b19da898c12021-12-21 10:48:07.696root 11241100x8000000000000000428781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24f272406913e6a82021-12-21 10:48:08.193root 11241100x8000000000000000428782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6161434c7cf33f2e2021-12-21 10:48:08.193root 11241100x8000000000000000428783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709eda341d350a8b2021-12-21 10:48:08.194root 11241100x8000000000000000428784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f32aaf9d847c625b2021-12-21 10:48:08.194root 11241100x8000000000000000428785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec9e0c05944363de2021-12-21 10:48:08.194root 11241100x8000000000000000428786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e1203b6f267cf312021-12-21 10:48:08.194root 11241100x8000000000000000428787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4838b73f6d5ba0232021-12-21 10:48:08.194root 11241100x8000000000000000428788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8136475c4411fab2021-12-21 10:48:08.194root 11241100x8000000000000000428789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.251e97563ecd358d2021-12-21 10:48:08.194root 11241100x8000000000000000428790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad77efdaf214fb52021-12-21 10:48:08.195root 11241100x8000000000000000428791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9fffaf6be2b95af2021-12-21 10:48:08.195root 11241100x8000000000000000428792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d0482c9428b6d52021-12-21 10:48:08.195root 11241100x8000000000000000428793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.051ac3430b1c9c482021-12-21 10:48:08.195root 11241100x8000000000000000428794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0985a2acba984362021-12-21 10:48:08.195root 11241100x8000000000000000428795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22f33588173778932021-12-21 10:48:08.195root 11241100x8000000000000000428796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c196236f5b5cef5f2021-12-21 10:48:08.693root 11241100x8000000000000000428797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c9097b3651e111f2021-12-21 10:48:08.693root 11241100x8000000000000000428798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf046b4641bad0882021-12-21 10:48:08.693root 11241100x8000000000000000428799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76cb30444bc098ad2021-12-21 10:48:08.693root 11241100x8000000000000000428800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee778027258b51572021-12-21 10:48:08.693root 11241100x8000000000000000428801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e23b150250ad19c2021-12-21 10:48:08.693root 11241100x8000000000000000428802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27943885610835f02021-12-21 10:48:08.694root 11241100x8000000000000000428803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b843c431717c56512021-12-21 10:48:08.694root 11241100x8000000000000000428804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a776270113e4bc2021-12-21 10:48:08.694root 11241100x8000000000000000428805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7321bae475b5bc902021-12-21 10:48:08.694root 11241100x8000000000000000428806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d574b58f16233f3c2021-12-21 10:48:08.694root 11241100x8000000000000000428807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f313df9c44871a2021-12-21 10:48:08.694root 11241100x8000000000000000428808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7030e7f9539ab3392021-12-21 10:48:08.694root 11241100x8000000000000000428809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a21006bf2b84ccb72021-12-21 10:48:08.694root 11241100x8000000000000000428810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f92e758e67259bc42021-12-21 10:48:08.695root 23542300x8000000000000000428811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:09.184{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000428812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:09.185{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.326c5fd9fa86c1602021-12-21 10:48:09.185root 11241100x8000000000000000428813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:09.185{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4664d999842545e22021-12-21 10:48:09.185root 11241100x8000000000000000428814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:09.185{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ab1f72803ee609f2021-12-21 10:48:09.185root 11241100x8000000000000000428815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:09.185{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be58edbcdd134f4b2021-12-21 10:48:09.185root 11241100x8000000000000000428816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:09.185{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c883d9e3de9cfa92021-12-21 10:48:09.185root 11241100x8000000000000000428817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:09.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb2764d45255894e2021-12-21 10:48:09.186root 11241100x8000000000000000428818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:09.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ee17e60cf4df3f2021-12-21 10:48:09.186root 11241100x8000000000000000428819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:09.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.898df7e60c0ae1da2021-12-21 10:48:09.186root 11241100x8000000000000000428820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:09.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b53f1bee169a82d62021-12-21 10:48:09.186root 11241100x8000000000000000428821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:09.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e1e3446b2121332021-12-21 10:48:09.186root 11241100x8000000000000000428822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:09.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e2a68fdaf94aa4e2021-12-21 10:48:09.186root 11241100x8000000000000000428823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:09.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c82a095ebebea52021-12-21 10:48:09.186root 11241100x8000000000000000428824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:09.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a358be32288098c22021-12-21 10:48:09.186root 11241100x8000000000000000428825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:09.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e252cec69583fb812021-12-21 10:48:09.186root 11241100x8000000000000000428826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:09.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e44dd1d665488842021-12-21 10:48:09.186root 11241100x8000000000000000428827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:09.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e17479a32dd7a82021-12-21 10:48:09.186root 11241100x8000000000000000428828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f6298c1b56b9102021-12-21 10:48:09.443root 11241100x8000000000000000428829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6474f7b4e328087f2021-12-21 10:48:09.443root 11241100x8000000000000000428830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a39f1ce65f4ad9ed2021-12-21 10:48:09.443root 11241100x8000000000000000428831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fbe32688a8fdf672021-12-21 10:48:09.443root 11241100x8000000000000000428832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e0966627f570e282021-12-21 10:48:09.443root 11241100x8000000000000000428833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20d686f83609c6532021-12-21 10:48:09.443root 11241100x8000000000000000428834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:09.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35423c893d1a0f602021-12-21 10:48:09.443root 11241100x8000000000000000428835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7102d560a22ed12d2021-12-21 10:48:09.444root 11241100x8000000000000000428836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d14cd9274d3a3122021-12-21 10:48:09.444root 11241100x8000000000000000428837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16a0a9a8e024f9242021-12-21 10:48:09.444root 11241100x8000000000000000428838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b28ef1afcf635372021-12-21 10:48:09.444root 11241100x8000000000000000428839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8127c303324d5c592021-12-21 10:48:09.444root 11241100x8000000000000000428840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a9a87f94eec46232021-12-21 10:48:09.444root 11241100x8000000000000000428841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d204edab4d57e9f2021-12-21 10:48:09.444root 11241100x8000000000000000428842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.634c095777d7639b2021-12-21 10:48:09.444root 11241100x8000000000000000428843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:09.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b34d289f31496622021-12-21 10:48:09.444root 11241100x8000000000000000428844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.204e4ae7e6120ed82021-12-21 10:48:09.943root 11241100x8000000000000000428845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bde5fc94b1fa2e1f2021-12-21 10:48:09.943root 11241100x8000000000000000428846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.818fd12284199b8d2021-12-21 10:48:09.943root 11241100x8000000000000000428847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ec3be99ccf40ace2021-12-21 10:48:09.943root 11241100x8000000000000000428848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a85c07072a0d43e2021-12-21 10:48:09.944root 11241100x8000000000000000428849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d741e535994613cd2021-12-21 10:48:09.944root 11241100x8000000000000000428850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbe862f4309a77762021-12-21 10:48:09.944root 11241100x8000000000000000428851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.157fd137108a67a02021-12-21 10:48:09.944root 11241100x8000000000000000428852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b979de4de6ffcce42021-12-21 10:48:09.944root 11241100x8000000000000000428853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506f4a0a29b6c1cc2021-12-21 10:48:09.944root 11241100x8000000000000000428854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab103ecd1a19fb0b2021-12-21 10:48:09.944root 11241100x8000000000000000428855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deee90f0c3c823cf2021-12-21 10:48:09.944root 11241100x8000000000000000428856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:09.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.319aa85364c7888f2021-12-21 10:48:09.944root 11241100x8000000000000000428857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c2e89216942c90b2021-12-21 10:48:09.945root 11241100x8000000000000000428858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de37f9246e9cab42021-12-21 10:48:09.945root 11241100x8000000000000000428859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:48:09.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79f6f2d9c16e615f2021-12-21 10:48:09.945root